enabling hardware randomization across the cache
play

Enabling Hardware Randomization Across the Cache Hierarchy in - PowerPoint PPT Presentation

Aug 04, 2023 •843 likes •1.17k views

Enabling Hardware Randomization Across the Cache Hierarchy in Linux-Class Processors Max Doblas , Ioannis-Vatistas Kostalabros , Miquel Moret and Carles Hernndez Computer Sciences - Runtime Aware Architecture, Barcelona

  1. Enabling Hardware Randomization Across the Cache Hierarchy in Linux-Class Processors Max Doblas¹ , Ioannis-Vatistas Kostalabros¹ , Miquel Moretó¹ and Carles Hernández² ¹Computer Sciences - Runtime Aware Architecture, Barcelona Supercomputing Center { max.doblas, vatistas.kostalabros, miquel.moreto } @bsc.es ²Department of Computing Engineering, Universitat Politècnica de València carherlu@upv.es 1

  2. Introduction ● Cache-based side channel attacks are a serious concern in many computing domains ● Existing randomizing proposals can not deal with virtual memory ○ The majority of the state-of-the-art is focussing at the LLCs ● Our proposal enables randomizing the whole cache hierarchy of a Linux-capable RISC-V processor 2

  3. Cache Side Channel Attacks 3

  4. Cache Side Channel Attacks 4 sets, 2 way associative cache Prime+Probe Example 1. Calibration V1 A1 A2 Ax Attacker’s Blocks Vx Victim’s Blocks 4

  5. Cache Side Channel Attacks 4 sets, 2 way associative cache Prime+Probe Example 1. Calibration V1 A1 A2 2. Prime (precondition) Ax Attacker’s Blocks Vx Victim’s Blocks 5

  6. Cache Side Channel Attacks 4 sets, 2 way associative cache Prime+Probe Example 1. Calibration A1 V1 A2 2. Prime (precondition) Ax Attacker’s Blocks 3. Wait(execution of the victim) Vx Victim’s Blocks 6

  7. Cache Side Channel Attacks 4 sets, 2 way associative cache Prime+Probe Example 1. Calibration V1 A1 A2 2. Prime (precondition) Ax Attacker’s Blocks 3. Wait(execution of the victim) Vx Victim’s Blocks 4. Probe (detection) 7

  8. State of the art Cache-layout randomization schemes ● Parametric functions that randomize the mapping of a block inside the cache ○ Use a key-value to change the hashing applied to the address ○ At every key change a new calibration has to be performed ○ Protection is provided by modifying the key frequently ● It can be used in single or multiple security domains 8

  9. State of the art ● (a) Some solutions use an Encryption-Decryption scheme ○ Introduces latency -> Potential high impact in cache latency ○ Improves design simplicity by not altering the cache structure 9

  10. State of the art ● (b) Randomization function produces the cache-set’s index ○ Latency can be partially hidden-> feasible for first level caches ○ Needs to increase the Tags to recover block address ○ Extra mechanism is needed to enable the virtual memory 10

  11. Randomization Functions Quality ● Randomization functions need to balance security performance trade-off ● CEASER’s LLBC ○ Inherent linearity deems it useless for SCA thwarting [1] ● Balance time randomized functions examples [2]: a) Hash Function b) Random mopdulo [1] R. Bodduna, V. Ganesan, P. Slpsk, C. Rebeiro, and V. Kamakoti. Brutus: Refuting the security claims of the cache timing randomization coun- termeasure proposed in ceaser. IEEE Computer Architecture Letters, 2020. [2]D. Trilla, C. Hernández, J. Abella, and F. J. Cazorla. Cache side-channel attacks and time-predictability in high-performance critical real-time systems. In DAC, pages 98:1–98:6, 2018. 11

  12. Skewed Caches Addr Addr f(addr) f1(addr) f2(addr) Skewed Traditional Scheme Scheme ● Enhances the security of the cache ○ It is more difficult to calibrate an attack ○ Increases the resources used by multiplying the number of randomization functions. 12

  13. Virtual memory Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT 13

  14. Virtual memory Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Process A: sb X -> 0x0001 Process B: ld 0x1001 -> r1 addr[1:0] addr[1:0] CPU CPU Virtual Virtual Address Address X X 14

  15. Virtual memory Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Proc A: sd X -> 0x0001 f(addr) CPU Virtual Address X 15

  16. Virtual memory Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Proc A: sd X -> 0x0001 Proc B: ld 0x1001 -> r1 f(addr) f(addr) CPU CPU Virtual Virtual Address Address X X Miss 16

  17. Virtual memory Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Coherency protocol Proc A: sd X -> 0x0001 Proc B: ld 0x1001 -> r1 access to addr 0x3001 f(addr) f(addr) f(addr) CPU CPU L2 Virtual Virtual Physical Address Address Address X X X Miss 17

  18. Proposal ● Adds supports the coherence protocol in finding any valid block. ○ Even after a key or a page-table’s translation modification. ● Every cache, keeps track of the valid blocks in the lower level cache. ○ This tracking is done by storing the last random index used by the lower level cache for every valid block. ○ Using this information, the cache probes any block of the lower level cache. 18

  19. Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Proc A: sd X -> 0x0001 Proc B: ld 0x1001 -> r1 f(addr) f(addr) CPU CPU Virtual Virtual Address Address X X Miss 19

  20. Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Coherency protocol Proc A: sd X -> 0x0001 Proc B: ld 0x1001 -> r1 access to addr 0x3001 f(addr) f(addr) f(addr) CPU CPU L2 Virtual Virtual Physical Address Address Address X X X Miss 20

  21. Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Coherency protocol Coherency protocol provides X invalidating addr 0x3001 f(addr) f(addr) L2 L2 Physical X Physical Address Address X rnd_idx updated 21

  22. Example: Shared data Page Table A Page Table B ● Two processes A and B Virtual Addr Physical Addr Virtual Addr Physical Addr ○ Two different Page Tables 0x0000 0x3000 0x1000 0x3000 ○ Shares data on 0x3000 ... ... ... ... ○ First level caches are VIPT Coherency protocol Coherency protocol Proc B: ld 0x1001 -> r1 provides X invalidating addr 0x3004 f(addr) f(addr) f(addr) L2 L2 Physical CPU X Physical Address Virtual X Address Address X rnd_idx updated 22

  23. Example of a Three Level Cache Hierarchy 23

  24. Implementation on a RISC-V Core We have implemented this mechanism in the lowRISC SoC. ● There are two different randomizers on the first level cache . ○ Hash function and Random modulo. ● L2 incorporates the directory which track the L1 Blocks . ● Both caches have been augmented with tag array extensions to handle collisions produced by the randomizers. ● The Coherency protocol has been modified. ○ Able to issue probe requests using the random index stored. 24

  25. Performance Evaluation ● We used the non-floating point benchmarks from the EEMBC suite. ○ 1000 iterations with 1000 different randomized keys. ● The hash function version has a very small impact on performance. ○ Other configurations increase the performance in this benchmarks. 25

  26. Security Evaluation ● NIST STS testing proves uniform set distribution. ● Non-linear randomization function. ○ Thwarts linear cryptanalysis attacks. ● Security vulnerability analysis based on the cost of attack calibration Number of attacker accesses to build eviction set 26

  27. Resources Evaluation FPGA resources utilization for different configurations of the caches ● The HF has a higher cost. ● In the RM case, randomization module consumes very few resources. 27

  28. Conclusions ● Novel randomization mechanism for the whole cache hierarchy. ● Enables the use of virtual and physical addresses. ● Maintains cache coherency. ● Has a small impact on performance and consumed resources. ● We achieved integration into a RISC-V processor capable to boot Linux. ● Achieved increased security against cache-based side-channel attacks. 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer,

S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer,

S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard August 15, 2019 Graz University of Technology What is S CATTER C ACHE ? www.tugraz.at Alternative design for n-way

460 views • 27 slides
1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

1 Classifying cache misses Cache Organization Classifying misses by causes (3Cs) Cache size,

Cache Performance Metrics Cache miss rate: number of cache misses divided by number of accesses Lecture 14: Hardware Approaches for Cache Optimizations Cache hit time: the time between sending address and data returning from cache Cache

608 views • 4 slides
Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu

Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu

Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu Suzaki Kengo Iijima Kuniyasu Suzaki, Kengo Iijima, Toshiki Yagi, Cyrille Artho Research Institute for Secure Systems EuroSec 2012 at Bern, April

283 views • 25 slides
Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency

Web Cache Consistency Web Cache Consistency Web Cache Consistency Web Cache Consistency Requirements of performance, availability, and disconnected operation require us to relax the goal of semantic transparency. - HTTP 1.1 specification

598 views • 13 slides
Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the- Wire By

Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the- Wire By

Cache, Trigger, Impersonate: Enabling Context-Sensitive Honeyclient Analysis On-the- Wire By Teryl Taylor , Kevin Z. Snow, Nathan Otterness and Fabian Monrose University of North Carolina at Chapel Hill Motivation PU Internet Get

686 views • 34 slides
A Hardware Evaluation of Cache Partitioning to Improve Utilization and Energy-Efficiency while

A Hardware Evaluation of Cache Partitioning to Improve Utilization and Energy-Efficiency while

A Hardware Evaluation of Cache Partitioning to Improve Utilization and Energy-Efficiency while Preserving Responsiveness Henry Cook, Miquel Moreto, Sarah Bird, Kanh Dao, David Patterson, Krste Asanovic University of California, Berkeley

540 views • 40 slides
CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded

CACHE-TIMING ATTACKS ON RSA KEY GENERATION Conference on Cryptographic Hardware and Embedded Systems (CHES) 2019 Alejandro Cabrera Aldaya 1 , Cesar Pereida Garca 2 , Luis Manuel Alvarez Tapia 1 , Billy Bob Brumley 2 , {aldaya,

371 views • 21 slides
Randomization Algorithm Theory WS 2012/13 Fabian Kuhn Randomization Randomized Algorithm: An

Randomization Algorithm Theory WS 2012/13 Fabian Kuhn Randomization Randomized Algorithm: An

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn Randomization Randomized Algorithm: An algorithm that uses (or can use) random coin flips in order to make decisions We will see: randomization can be a powerful tool to Make

497 views • 21 slides
Overview Synchronization hardware primitives Cache Coherency Issues Coherence misses

Overview Synchronization hardware primitives Cache Coherency Issues Coherence misses

Overview Synchronization hardware primitives Cache Coherency Issues Coherence misses 5 Chip Multiprocessors (II) Cache coherence and interconnects Directory-based Coherency Protocols Chip Multiprocessors (ACS MPhil)

480 views • 13 slides
Architecting and Programming a Hardware-Incoherent Multiprocessor Cache Hierarchy Wooil Kim,

Architecting and Programming a Hardware-Incoherent Multiprocessor Cache Hierarchy Wooil Kim,

Architecting and Programming a Hardware-Incoherent Multiprocessor Cache Hierarchy Wooil Kim, Sanket Tavarageri, P. Sadayappan, Josep Torrellas University of Illinois at Urbana-Champaign Ohio State University IPDPS 2016. May 2016 Motivation

737 views • 28 slides
L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache,

L09: Cache Name: ID: Question: Direct Mapping Cache Hit Rate Consider a 4-block empty Cache, and all blocks initially marked as not valid , Given the main memory word addresses 0 1 2 3 4 3 4 15, calculate Cache hit rate. Cache Index

654 views • 9 slides
Outline Cache coherence the hardware view 1 2 Synchronization and memory consistency review 3

Outline Cache coherence the hardware view 1 2 Synchronization and memory consistency review 3

Outline Cache coherence the hardware view 1 2 Synchronization and memory consistency review 3 C11 Atomics 4 Avoiding locks 1 / 43 Important memory system properties Coherence concerns accesses to a single memory location - Must obey

858 views • 48 slides
Hardware Modeling 2 Cache Analyses Peter Puschner slides credits: P. Puschner, R. Kirner, B.

Hardware Modeling 2 Cache Analyses Peter Puschner slides credits: P. Puschner, R. Kirner, B.

Hardware Modeling 2 Cache Analyses Peter Puschner slides credits: P. Puschner, R. Kirner, B. Huber VU 2.0 182.101 SS 2015 Recap: Caches in WCET Analysis Purpose :

902 views • 46 slides
Lecture 23: Cache, Memory, Security Todays topics: Caching policies Main memory

Lecture 23: Cache, Memory, Security Todays topics: Caching policies Main memory

Lecture 23: Cache, Memory, Security Todays topics: Caching policies Main memory system Hardware security intro 1 Cache Misses On a write miss, you may either choose to bring the block into the cache (write-allocate) or

460 views • 11 slides
Lecture 24: Cache, Memory, Security Todays topics: Caching policies Main memory

Lecture 24: Cache, Memory, Security Todays topics: Caching policies Main memory

Lecture 24: Cache, Memory, Security Todays topics: Caching policies Main memory system Hardware security intro 1 Cache Misses On a write miss, you may either choose to bring the block into the cache (write-allocate) or

146 views • 10 slides
Apps with Hardware: Enabling Run-time Architectural Customization in Smart Phones Michael

Apps with Hardware: Enabling Run-time Architectural Customization in Smart Phones Michael

Apps with Hardware: Enabling Run-time Architectural Customization in Smart Phones Michael Coughlin, Ali Ismail, and Eric Keller, University of Colorado, Boulder https://www.usenix.org/conference/atc16/technical-sessions/presentation/coughlin This

402 views • 15 slides
1 Basic use of caches Levels in the memory hierarchy When fetching an instruction, first

1 Basic use of caches Levels in the memory hierarchy When fetching an instruction, first

Memory Hierarchy Goal of a memory hierarchy Memory: hierarchy of components of various speeds and Keep close to the ALU the information that will be needed capacities now and in the near future Memory closest to ALU is fastest but

56 views • 5 slides
Caches Nima Honarmand Spring 2016 :: CSE 502 Computer Architecture Motivation 10000

Caches Nima Honarmand Spring 2016 :: CSE 502 Computer Architecture Motivation 10000

Spring 2016 :: CSE 502 Computer Architecture Caches Nima Honarmand Spring 2016 :: CSE 502 Computer Architecture Motivation 10000 Performance 1000 Processor 100 10 Memory 1 1985 1990 1995 2000 2005 2010 Want memory to

723 views • 36 slides
UCSB CS240A, Winter 2016 1 Motivation Most applications in a single processor runs at only

UCSB CS240A, Winter 2016 1 Motivation Most applications in a single processor runs at only

Caches and Memory Hierarchy: Review UCSB CS240A, Winter 2016 1 Motivation Most applications in a single processor runs at only 10- 20% of the processor peak Most of the single processor performance loss is in the memory system

612 views • 23 slides
Memory Hierarchy: Caching CSE 141, S2'06 Jeff Brown The memory subsystem Computer Control

Memory Hierarchy: Caching CSE 141, S2'06 Jeff Brown The memory subsystem Computer Control

Memory Hierarchy: Caching CSE 141, S2'06 Jeff Brown The memory subsystem Computer Control Input Memory Output Datapath CSE 141, S2'06 Jeff Brown Memory Locality Memory hierarchies take advantage of memory locality . Memory

337 views • 33 slides
Memory Hierarchy Instructor: Jun Yang 1 11/19/2009 Motivation Processor-DRAM Memory Gap

Memory Hierarchy Instructor: Jun Yang 1 11/19/2009 Motivation Processor-DRAM Memory Gap

Memory Hierarchy Instructor: Jun Yang 1 11/19/2009 Motivation Processor-DRAM Memory Gap (latency) Proc 1000 CPU 60%/yr. Moores Law (2X/1.5yr) Performance 100 Processor-Memory Performance Gap: (grows 50% / year) 10 DRAM

862 views • 36 slides
CS137: Things weve seen Electronic Design Automation Add two N-bit numbers in O(log(N))

CS137: Things weve seen Electronic Design Automation Add two N-bit numbers in O(log(N))

CS137: Things weve seen Electronic Design Automation Add two N-bit numbers in O(log(N)) time on O(N) processors (gates) Sort N elements in O(log(N)) time on O(N) processors Day 13: February 8, 2006 Evaluate an FSM on N inputs in

283 views • 5 slides
A Case for Clumsy Packet Processors Arindam Mallik and Gokhan Memik Electrical and Computer

A Case for Clumsy Packet Processors Arindam Mallik and Gokhan Memik Electrical and Computer

A Case for Clumsy Packet Processors Arindam Mallik and Gokhan Memik Electrical and Computer Engineering Dept. Northwestern University Overview Faults Correctness is overrated What if the higher levels take care of it? Processor

709 views • 26 slides
Basic cache memory Computer Architecture J. Daniel Garca Snchez (coordinator) David

Basic cache memory Computer Architecture J. Daniel Garca Snchez (coordinator) David

Basic cache memory Basic cache memory Computer Architecture J. Daniel Garca Snchez (coordinator) David Expsito Singh Francisco Javier Garca Blas ARCOS Group Computer Science and Engineering Department University Carlos III of Madrid

512 views • 38 slides

More recommend