Evaluating coherence-exploiting hardware Trojan

Increasing complexity of integrated circuits and IP-based hardware designs have created the risk of hardware Trojans. This paper introduces a new type of threat, a coherence-exploiting hardware Trojan. This Trojan can be maliciously implanted in master components in a system, and continuously injects memory transactions onto the main interconnect. The injected traffic forces the eviction of cache lines, taking advantage of cache coherence protocols. This type of Trojans insidiously slows down the system performance, incurring Denial-of-Service (DoS) attack. We used a Xilinx Zynq-7000 device to implement the Trojan and evaluate its severity. Experiments revealed that the system performance can be severely degraded as much as 258% with the Trojan. A countermeasure to annihilate the Trojan attack is proposed in detail. We also found that AXI version 3.0 supports a seemingly irrelevant invalidation protocol through ACP, opening a door for the potential Trojan attack.

[1]  Yuanyuan Zhou,et al.  Designing and Implementing Malicious Hardware , 2008, LEET.

[2]  Wolfgang E. Nagel,et al.  Comparing cache architectures and coherency protocols on x86-64 multicore SMP systems , 2009, 2009 42nd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[3]  Stefan Mangard,et al.  ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.

[4]  Yiorgos Makris,et al.  Experiences in Hardware Trojan design and implementation , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[5]  Mark Mohammad Tehranipoor,et al.  Detecting malicious inclusions in secure hardware: Challenges and solutions , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[6]  Luca Benini,et al.  Energy and performance exploration of accelerator coherency port using Xilinx ZYNQ , 2013 .

[7]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[8]  Sally Adee,et al.  The Hunt For The Kill Switch , 2008, IEEE Spectrum.

[9]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[10]  Aamer Jaleel,et al.  Achieving Non-Inclusive Cache Performance with Inclusive Caches: Temporal Locality Aware (TLA) Cache Management Policies , 2010, 2010 43rd Annual IEEE/ACM International Symposium on Microarchitecture.

[11]  Billy Bob Brumley,et al.  Amplifying side channels through performance degradation , 2016, ACSAC.