s catter c ache thwarting cache attacks via cache set
play

S CATTER C ACHE : Thwarting Cache Attacks via Cache Set - PowerPoint PPT Presentation

S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard August 15, 2019 Graz University of Technology What is S CATTER C ACHE ? www.tugraz.at Alternative design for n-way


  1. S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard August 15, 2019 Graz University of Technology

  2. What is S CATTER C ACHE ? www.tugraz.at • Alternative design for n-way set associative caches • Designed as countermeasures against cache attacks • Breaks the fixed link between addresses and cache sets • Increases the number of possible cache sets • IDs to change the mapping between security domains → Exploitation of side channel information is much harder • Reuses established concepts • Skewed caches [Sez93] • Low latency cryptography (e.g., QARMA-64 [Ava17]) • Still similar to existing cache designs (usability, hardware) Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 1

  3. Motivation and Background

  4. CPU Cache www.tugraz.at DRAM access, slow s s s s s s s s i i i i m m m m t t t s s s e e e e e e e u u u q q q h h h h c c c c e e e R R R a a a a C C C C printf("%d", i); printf("%d", i); printf("%d", i); printf("%d", i); printf("%d", i); Response Response Response i i i printf("%d", i); printf("%d", i); printf("%d", i); printf("%d", i); printf("%d", i); t t i i h h e e h h c c a a C C No DRAM access, much faster Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 2

  5. Memory Access Latency www.tugraz.at Cache Hits Cache Misses · 10 6 3 Number of Accesses 2 1 0 50 100 150 200 250 300 350 400 Latency [Cycles] generated using the CTA calibration tool [GSM15] on my i5-4200U laptop Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 3

  6. Regular 2-way Set Associative Cache www.tugraz.at Memory Address Cache Way 1 Tag Way 1 Data n bits b bits Tag Data Way 2 Tag Way 2 Data 2 n cache sets f Cache Index =? Tag =? Data Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 4

  7. Prime+Probe www.tugraz.at Attacker Victim Cache Address Space Address Space loads data fast access slow access loads data Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 5

  8. Why should we care? www.tugraz.at • Cache attacks are powerful and break isolation boundaries • Many attacking techniques • F LUSH +R ELOAD , E VICT +R ELOAD , F LUSH +F LUSH • P RIME +P ROBE , E VICT +T IME • Numerous attack scenarios • Extracting cryptographic keys • Keyloggers • Breaking of ASLR • Collection of private information • Often used building block for further microarchitectural attacks Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 6

  9. S CATTER C ACHE

  10. S CATTER C ACHE - Idea www.tugraz.at Set 0 Set 1 Set 2 Set 3 Addr. A Addr. B @DAC [Tri+18], @MICRO [Qur18] Addr. A Domain X Addr. A Domain Y Addr. B Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 7

  11. How can we build such a S CATTER C ACHE ?

  12. S CATTER C ACHE - Naive Concept www.tugraz.at • Index Derivation Function (IDF) SDID tag index ofgset takes an address and returns a cache line address cache set IDF key • Depends on hardware key and idx 0 idx 2 idx 1 idx 3 idx 0-3 optional Security Domain ID (SDID) • → Unique combination of cache � n ways · 2 bindices + n ways − 1 � possible cache sets lines for each address n ways − Potential index collisions 512 KiB (32 B lines), n ways = 8 , b indices = 11 − One n ways multi-port memory → 2 96 . 7 sets Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 8

  13. S CATTER C ACHE - Concept www.tugraz.at We want something that is closer to a traditional cache! instead of this: let’s do this: way 0 way 1 way 2 way 3 key way 0 way 1 way 2 way 3 ofgset SDID set[idx-2] idx 1 ofgset set[idx-1] idx 0 index IDF index cache line idx 2 set[idx+1] addr. tag tag idx 3 set[idx+2] Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 9

  14. S CATTER C ACHE - Concept www.tugraz.at key way 0 way 1 way 2 way 3 SDID idx 1 ofgset • Skewed cache [Sez93] ( i.e. , idx 0 traditional cache with additional IDF index addressing logic) and an IDF idx 2 cache line addr. tag • Similar to building larger caches idx 3 from smaller cache slices 2 b indices · n ways possible cache sets • We use random replacement policy (for now) 512 KiB (32 B lines), n ways = 8 , b indices = 11 → 2 88 sets Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 10

  15. S CATTER C ACHE - Selecting the IDF www.tugraz.at • Inputs: cache line address, SDID, key • Outputs: n ways indices with b indices bits • Reuse concepts and existing cryptographic primitives • SCv1: hashing variant • Block ciphers (e.g., PRINCE [Bor+12]) • Tweakable block ciphers (e.g., QARMA [Ava17]) • Permutation-based primitives (e.g., Keccak- p [Ber+11]) • SCv2: permutation variant • Prevents birthday-bound index collisions • No off-the-shelf primitives Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 11

  16. System Integration

  17. S CATTER C ACHE - System Integration www.tugraz.at • S CATTER C ACHE as last level cache • Hardware managed key • Randomly generated at boot time • Rekeying with full cache flush • Potential for iterative rekeying → concurrently developed CEASER-S @ISCA [Qur19] • SDID management via page table (indirection) • x86: Page Attribute Tables (PATs) • ARM: Memory Attribute Indirection Register (MAIRs) Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 12

  18. S CATTER C ACHE - Software Support www.tugraz.at • S CATTER C ACHE requires no software support, default SDID = 0 • But - OS support enables page-wise security domains → shared read-only pages can be private in the cache! • OS can define domains as needed (pages, processes, containers, VMs, . . . ) • Software-based page “rekeying” by changing the SDID Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 13

  19. Security and Evaluation

  20. Applicable Cache Attacks www.tugraz.at • Unshared memory has no shared (physical) addresses → No F LUSH +R ELOAD , E VICT +R ELOAD , F LUSH +F LUSH → Specialized P RIME +P ROBE is possible • Shared, read-only memory → Like unshared memory given OS support → Otherwise, eviction-based attacks are hindered • Shared, writable memory can’t be separated → Eviction-based attacks are hindered Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 14

  21. S CATTER C ACHE - P RIME +P ROBE www.tugraz.at • No end-to-end attack yet → Simplified setting: perfect control, single access, no noise → Investigate the building blocks in simulation and analytically • Finding congruent addresses ( n ways = 8 , b indices = 11) • Full collisions are unlikely → use partial collisions • Approach in the paper: ≈ 2 25 profiled victim accesses • Generalized by Purnal and Verbauwhede [PV19]: ≈ 2 10 • Evicting one set with 99 % needs 275 addresses • Two P RIME +P ROBE variants ( n ways = 8 , b indices = 12) • 99 % confidence: 35 to 152 victim accesses (repetitions) • Between 9870 and 1216 congruent addresses • Investigate the effect of noise (coupon collector problem) Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 15

  22. S CATTER C ACHE - Performance www.tugraz.at • Micro benchmarks using the gem5 full system simulator (ARM) • Poky Linux from Yocto 2.5 (kernel version 4.14.67) • GAP , MiBench, lmbench, scimark2 • SPEC CPU 2017 on custom cache simulator • Cache hit rate always at or above levels of set-associative cache with random replacement • Typically 2 % − 4 % below LRU on micro benchmarks, 0 % − 2 % for SPEC Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 16

  23. Conclusion www.tugraz.at • S CATTER C ACHE builds upon skewed caches and low latency cryptographic primitives • Breaks the fixed link between addresses and cache sets • Removes the rigid assignment of cache lines to sets • Enables software control over the cache congruencies via SDIDs • Comparable performance to contemporary caches • Harder to attack even in very strong attack models • Attacks are probabilistic and demand new approaches • Still, more analysis is required in more realistic models to determine if and how often rekeying is needed Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 17

  24. Acknowledgements - We want to thank ... www.tugraz.at • the anonymous USENIX reviewers. • our shepherd Yossi Oren. • Antoon Purnal and Ingrid Verbauwhede from KU Leuven for their analysis. • Our funding partners: • European Research Council (ERC) Horizon 2020 grant agreement No 681402 • Intel Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard — Graz University of Technology 18

  25. S CATTER C ACHE : Thwarting Cache Attacks via Cache Set Randomization Werner, Unterluggauer, Giner, Schwarz, Gruss, Mangard August 15, 2019 Graz University of Technology

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend


More recommend