Loading [a11y]/accessibility-menu.js
Are Coherence Protocol States Vulnerable to Information Leakage? | IEEE Conference Publication | IEEE Xplore

Are Coherence Protocol States Vulnerable to Information Leakage?


Abstract:

Most commercial multi-core processors incorporate hardware coherence protocols to support efficient data transfers and updates between their constituent cores. While hard...Show More

Abstract:

Most commercial multi-core processors incorporate hardware coherence protocols to support efficient data transfers and updates between their constituent cores. While hardware coherence protocols provide immense benefits for application performance by removing the burden of software-based coherence, we note that understanding the security vulnerabilities posed by such oft-used, widely-adopted processor features is critical for secure processor designs in the future. In this paper, we demonstrate a new vulnerability exposed by cache coherence protocol states. We present novel insights into how adversaries could cleverly manipulate the coherence states on shared cache blocks, and construct covert timing channels to illegitimately communicate secrets to the spy. We demonstrate 6 different practical scenarios for covert timing channel construction. In contrast to prior works, we assume a broader adversary model where the trojan and spy can either exploit explicitly shared read-only physical pages (e.g., shared library code), or use memory deduplication feature to implicitly force create shared physical pages. We demonstrate how adversaries can manipulate combinations of coherence states and data placement in different caches to construct timing channels. We also explore how adversaries could exploit multiple caches and their associated coherence states to improve transmission bandwidth with symbols encoding multiple bits. Our experimental results on commercial systems show that the peak transmission bandwidths of these covert timing channels can vary between 700 to 1100 Kbits/sec. To the best of our knowledge, our study is the first to highlight the vulnerability of hardware cache coherence protocols to timing channels that can help computer architects to craft effective defenses against exploits on such critical processor features.
Date of Conference: 24-28 February 2018
Date Added to IEEE Xplore: 29 March 2018
ISBN Information:
Electronic ISSN: 2378-203X
Conference Location: Vienna, Austria
References is not available for this document.

I. Introduction

Cyber attacks, that exploit malicious insiders and exfiltrate secret information, are a growing concern for computer users. Covert channels are one such class of insider threats, where a trojan process, that has access to sensitive user-related information (e.g., user's personal data), secretly exfiltrates the data to a spy process even when the underlying system security policy explicitly prohibits any such communication [1]. Also, note that the trojan cannot directly reveal secrets to the outside world (since system security auditors can be easily catch such activity), and has to rely on covert modes of operation to exfiltrate secrets to the spy. In contrast to side channels where a victim process unwittingly exposes sensitive application profile to the spy monitoring its activity, covert channels work by intentional collusion between two malicious processes, namely the trojan and spy.

Select All
1.
Department of Defense Standard, Trusted Computer System Evaluation Criteria. US Department of Defense, 1983.
2.
A. Chen, W. B. Moore, H. Xiao, A. Haeberlen, L. T. X. Phan, M. Sherr, and W. Zhou, “Detecting covert timing channels with time-deterministic replay,” in USENIX Symposium on Operating Systems Design and Implementation, pp. 541–554, 2014.
3.
Y. Yarom and K. Falkner, “Flush+ reload: a high resolution, low noise, L3 cache side-channel attack,” in USENIX Security Symposium, pp. 719–732, 2014.
4.
G. Irazoqui, T. Eisenbarth, and B. Sunar, “Cross processor cache attacks,” in Proceedings of Asia Conference on Computer and Communications Security, pp. 353–364, ACM, 2016.
5.
M. M. Martin, M. D. Hill, and D. J. Sorin, “Why on-chip cache coherence is here to stay,” Communications of the ACM, vol. 55, no. 7, pp. 78–89, 2012.
6.
Intel QuickPath Architecture,” 2012. http://www.intel.com/pressroom/archive/reference/whitepaper_QuickPath.pdf.
7.
P. Conway, N. Kalyanasundharam, G. Donley, K. Lepak, and B. Hughes, “Cache hierarchy and memory subsystem of the AMD Opteron processor,” IEEE Micro, vol. 30, no. 2, pp. 16–29, 2010.
8.
P. Conway and B. Hughes, “The AMD Opteron northbridge architecture,” IEEE Micro, vol. 27, no. 2, pp. 10–21, 2007.
9.
C. A. Waldspurger, “Memory resource management in VMware ESX server,” ACM SIGOPS Operating Systems Review, vol. 36, no. SI, pp. 181–194, 2002.
10.
A. Barresi, K. Razavi, M. Payer, and T. R. Gross, “CAIN: silently breaking ASLR in the cloud,” in USENIX Workshop on Offensive Technologies, 2015.
11.
Using Intel VTune Amplifier,” 2013. https://goo.gl/E9Fp2m.
12.
F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee, “Last-level cache side-channel attacks are practical,” in Proceedings of Symposium on Security and Privacy, pp. 605–622, IEEE, 2015.
13.
R. Gallager, “Low-density parity-check codes,” IRE Transactions on Information Theory, vol. 8, no. 1, pp. 21–28, 1962.
14.
kcbench. ” https://linux.die.net/man/1/kcbench.
15.
D. J. Sorin, M. D. Hill, and D. A. Wood, “A primer on memory consistency and cache coherence,” Synthesis Lectures on Computer Architecture, vol. 6, no. 3, pp. 1–212, 2011.
16.
D. Hackenberg, D. Molka, and W. E. Nagel, “Comparing cache architectures and coherency protocols on x86-64 multicore SMP systems,” in Proceedings of International Symposium on Microarchitecture, pp. 413–422, ACM, 2009.
17.
D. Molka, D. Hackenberg, R. Schöne, and W. E. Nagel, “Cache Coherence Protocol and Memory Performance of the Intel Haswell-Ep Architecture,” in Proceedings of International Conference on Parallel Processing, pp. 739–748, IEEE, 2015.
18.
D. Gruss, R. Spreitzer, and S. Mangard, “Cache template attacks: Automating attacks on inclusive last-level caches,” in USENIX Security Symposium, pp. 897–912, 2015.
19.
Y. Xu, M. Bailey, F. Jahanian, K. Joshi, M. Hiltunen, and R. Schlichting, “An exploration of L2 cache covert channels in virtualized environments,” in Proceedings of Workshop on Cloud Computing Security, pp. 29–40, ACM, 2011.
20.
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds,” in Proceedings of Conference on Computer and Communications Security, pp. 199–212, ACM, 2009.
21.
F. Yao, G. Venkataramani, and M. Doroslovacki, “Covert timing channels exploiting non-uniform memory access based architectures,” in Proceedings of Great Lakes Symposium on VLSI, pp. 155–160, ACM, 2017.
22.
O. Aciicmez and J.-P. Seifert, “Cheap hardware parallelism implies cheap security,” in Proceedings of Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 80–91, IEEE, 2007.
23.
D. Evtyushkin and D. Ponomarev, “Covert channels through random number generator: Mechanisms, capacity estimation and mitigations,” in Proceedings of Conference on Computer and Communications Security, pp. 843–857, ACM, 2016.
24.
Z. Wu, Z. Xu, and H. Wang, “Whispers in the hyper-space: high-speed covert channel attacks in the cloud,” in USENIX Security Symposium, pp. 159–173, 2012.
25.
M. Alagappan, J. J. Rajendran, M. Doroslovacki, and G. Venkataramani, “DFS covert channels on multi-core platforms,” in Proceedings of International Conference on Very Large Scale Integration, IEEE, 2017.
26.
O. Aciiçmez, C. K. Koç, and J.-P. Seifert, “On the power of simple branch prediction analysis,” in Proceedings of Symposium on Information, Computer and Communications Security, pp. 312–320, ACM, 2007.
27.
D. Evtyushkin, D. Ponomarev, and N. Abu-Ghazaleh, “Understanding and mitigating covert channels through branch predictors,” ACM Transactions on Architecture and Code Optimization, vol. 13, no. 1, p. 10, 2016.
28.
Z. H. Jiang, Y. Fei, and D. Kaeli, “A complete key recovery timing attack on a GPU,” in Proceeding of International Symposium on High Performance Computer Architecture, pp. 394–405, IEEE, 2016.
29.
J. Demme, R. Martin, A. Waksman, and S. Sethumadhavan, “Side-channel vulnerability factor: a metric for measuring information leakage,” ACM SIGARCH Computer Architecture News, vol. 40, no. 3, pp. 106–117, 2012.
30.
Z. Wang and R. B. Lee, “New cache designs for thwarting software cache-based side channel attacks,” ACM SIGARCH Computer Architecture News, vol. 35, no. 2, pp. 494–505, 2007.

Contact IEEE to Subscribe

References

References is not available for this document.