A Security Verification Template to Assess Cache Architecture Vulnerabilities

In the recent years, cache based side-channel attacks have become a serious threat for computers. To face this issue, researches have been looking at verifying the security policies. However, these approaches are limited to manual security verification and they typically work for a small subset of the attacks. Hence, an effective verification environment to automatically verify the cache security for all side-channel attacks is still missing. To address this shortcoming, we propose a security verification methodology that formally verifies cache designs against cache side-channel vulnerabilities. Results show that this verification template is a straightforward, automated method in verifying cache invulnerability.

[1]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[2]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.

[3]  Jakub Szefer,et al.  Analysis of Secure Caches Using a Three-Step Model for Timing-Based Attacks , 2019, Journal of Hardware and Systems Security.

[4]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[5]  Srinivas Devadas,et al.  DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[6]  Goran Doychev,et al.  Rigorous analysis of software countermeasures against cache attacks , 2017, PLDI.

[7]  Jaan Raik,et al.  From RTL Liveness Assertions to Cost-Effective Hardware Checkers , 2018, 2018 Conference on Design of Circuits and Integrated Systems (DCIS).

[8]  Ninghui Li,et al.  Towards Formal Verification of Role-Based Access Control Policies , 2008, IEEE Transactions on Dependable and Secure Computing.

[9]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[10]  Yao Wang,et al.  A Hardware Design Language for Timing-Sensitive Information-Flow Security , 2015, ASPLOS.

[11]  John Harrison,et al.  Formal Verification , 2011, Software and Systems Safety - Specification and Verification.

[12]  Jim Handy,et al.  The cache memory book , 1993 .

[13]  Onur Aciiçmez,et al.  Trace-Driven Cache Attacks on AES , 2006, IACR Cryptol. ePrint Arch..

[14]  Danfeng Zhang,et al.  Language-based control and mitigation of timing channels , 2012, PLDI.

[15]  Graziano Pravadelli,et al.  Automatic Generation and Qualification of Assertions on Control Signals: A Time Window-Based Approach , 2015, VLSI-SoC.

[16]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[17]  Hiroshi Miyauchi,et al.  Cryptanalysis of DES Implemented on Computers with Cache , 2003, CHES.

[18]  Andrew Ferraiuolo,et al.  SecDCP: Secure dynamic cache partitioning for efficient timing channel protection , 2016, 2016 53nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[19]  Josep Torrellas,et al.  Secure hierarchy-aware cache replacement policy (SHARP): Defending against cache-based side channel attacks , 2017, 2017 ACM/IEEE 44th Annual International Symposium on Computer Architecture (ISCA).

[20]  Fabien A. P. Petitcolas,et al.  Kerckhoffs' Principle , 2011, Encyclopedia of Cryptography and Security.

[21]  Philippe Schnoebelen,et al.  Systems and Software Verification, Model-Checking Techniques and Tools , 2001 .

[22]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[23]  Jakub Szefer,et al.  Cache timing side-channel vulnerability checking with computation tree logic , 2018, HASP@ISCA.

[24]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[25]  Pramod Subramanyan,et al.  Formal verification of taint-propagation security properties in a commercial SoC design , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[26]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[27]  Ruby B. Lee,et al.  New cache designs for thwarting software cache-based side channel attacks , 2007, ISCA '07.

[28]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[29]  Nael B. Abu-Ghazaleh,et al.  Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks , 2012, TACO.

[30]  Thomas Eisenbarth,et al.  Undermining User Privacy on Mobile Devices Using AI , 2018, AsiaCCS.

[31]  Ruby B. Lee,et al.  Architecture for protecting critical secrets in microprocessors , 2005, 32nd International Symposium on Computer Architecture (ISCA'05).

[32]  Andrey Bogdanov,et al.  Differential Cache-Collision Timing Attacks on AES with Applications to Embedded CPUs , 2010, CT-RSA.

[33]  Per Bjesse What is formal verification? , 2005, SIGD.

[34]  Herbert Bos,et al.  RIDL: Rogue In-Flight Data Load , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[35]  Chester Rebeiro,et al.  An Enhanced Differential Cache Attack on CLEFIA for Large Cache Lines , 2011, INDOCRYPT.

[36]  Frank Piessens,et al.  Fallout: Reading Kernel Writes From User Space , 2019, ArXiv.