KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

CacheSCDefender: VMM-based Comprehensive Framework against Cache-based Side-channel Attacks

  • Yang, Chao (National Digital Switching System Engineering & Technological Research Center) ;
  • Guo, Yunfei (National Digital Switching System Engineering & Technological Research Center) ;
  • Hu, Hongchao (National Digital Switching System Engineering & Technological Research Center) ;
  • Liu, Wenyan (National Digital Switching System Engineering & Technological Research Center)
  • Received : 2017.07.06
  • Accepted : 2018.07.15
  • Published : 2018.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Cache-based side-channel attacks have achieved more attention along with the development of cloud computing technologies. However, current host-based mitigation methods either provide bad compatibility with current cloud infrastructure, or turn out too application-specific. Besides, they are defending blindly without any knowledge of on-going attacks. In this work, we present CacheSCDefender, a framework that provides a (Virtual Machine Monitor) VMM-based comprehensive defense framework against all levels of cache attacks. In designing CacheSCDefender, we make three key contributions: (1) an attack-aware framework combining our novel dynamic remapping and traditional cache cleansing, which provides a comprehensive defense against all three cases of cache attacks that we identify in this paper; (2) a new defense method called dynamic remapping which is a developed version of random permutation and is able to deal with two cases of cache attacks; (3) formalization and quantification of security improvement and performance overhead of our defense, which can be applicable to other defense methods. We show that CacheSCDefender is practical for deployment in normal virtualized environment, while providing favorable security guarantee for virtual machines.

Keywords

References

  1. Amazon EC2.
  2. Microsoft Azure.
  3. Rackspace.
  4. Tromer E, Osvik D A, Shamir A., "Efficient Cache Attacks on AES, and Countermeasures[J]," Journal of Cryptology, 23(1):37-71, 2010. https://doi.org/10.1007/s00145-009-9049-y
  5. Bernstein D J., "Cache-timing attacks on AES[J]," Vlsi Design IEEE Computer Society, 51(2):218-221, 2005.
  6. Irazoqui G, Eisenbarth T, Sunar B, "S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES[C]," in Proc. of IEEE Symposium on Security & Privacy. IEEE, p. 591-604, 2015.
  7. Yarom Y, Falkner K, "Flush+Reload: a high resolution, low noise, L3 cache side-channel attack[C]," in Proc. of 23rd USENIX Security Symposium (USENIX Security 14), p.719-732, 2014.
  8. Liu F, Yarom Y, Ge Q, Heiser G, Lee R B, "Last-level cache side-channel attacks are practical[C]," in Proc. of IEEE Symposium on Security and Privacy, p. 605-622, 2015.
  9. Wang Z, Lee R B, "A novel cache architecture with enhanced performance and security[C]," in Proc. of 2008 41st IEEE/ACM International Symposium on Microarchitecture. IEEE, p. 83-93, 2008.
  10. Wang Z, Lee R B, "New cache designs for thwarting software cache-based side channel attacks[J]," ACM Sigarch Computer Architecture News, 35(2):494-505, 2007. https://doi.org/10.1145/1273440.1250723
  11. Zhang Y, Reiter M K, "Duppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud[C]," in Proc. of ACM Sigsac Conference on Computer & Communications Security. p. 827-838, 2013.
  12. Kim, Taesoo, Peinado, Marcus, Mainar-Ruiz, Gloria, "STEALTHMEM: system-level protection against cache-based side channel attacks in the cloud[C]," in Proc. of USENIX Conference on Security Symposium. USENIX Association, p. 352-353, 2012.
  13. Carlet C, Guilley S, "Complementary Dual Codes for Counter-Measures to Side-Channel Attacks[M]," Coding Theory and Applications. Springer International Publishing, 97-105, 2015.
  14. Blomer J, Guajardo J, Krummel V, "Provably Secure Masking of AES[C]," in Proc. of International Conference on Selected Areas in Cryptography. Springer-Verlag, p. 69-83, 2004.
  15. Crane S, Homescu A, Brunthaler S, et al, "Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity[C]," in Proc. of NDSS Symposium, 2015.
  16. Vattikonda B C, Das S, Shacham H, "Eliminating fine grained timers in Xen[C]," in Proc. of ACM Workshop on Cloud Computing Security Workshop. ACM, p. 41-46, 2011.
  17. Varadarajan V, Ristenpart T, Swift M, "Scheduler-based defenses against cross-VM side-channels[C]," in Proc. of USENIX Conference on Security Symposium. USENIX Association, 2014.
  18. Shi J, Song X, Chen H, et al, "Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring[C]," in Proc. of IEEE/IFIP, International Conference on Dependable Systems and Networks Workshops. IEEE Computer Society, p. 194-199, 2011.
  19. Raj H, Nathuji R, Singh A, et al, "Resource management for isolation enhanced cloud services.[C]," in Proc. of ACM Cloud Computing Security Workshop, CCSW 2009, Chicago, Il, USA, p. 77-84, 2009.
  20. Li P, Gao D, Reiter M K, "StopWatch: A Cloud Architecture for Timing Channel Mitigation[J]," ACM Transactions on Information & System Security, 17(2):1-28, 2014.
  21. Hu W M, "Lattice Scheduling and Covert Channels[C]," in Proc. of Research in Security and Privacy, 1992. Proceedings. 1992 IEEE Computer Society Symposium on. IEEE Xplore, p. 52-61, 1992.
  22. Kong J, Aciicmez O, Seifert J P, et al, "Hardware-software integrated approaches to defend against software cache-based side channel attacks[J]," p. 393-404, 2009.
  23. Blomer J, Krummel V, "Analysis of Countermeasures Against Access Driven Cache Attacks on AES[M]," Selected Areas in Cryptography. Springer Berlin Heidelberg, p. 96-109, 2007.
  24. Moon S J, Sekar V, Reiter M K, "Nomad:Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration[C]," p. 1595-1606, 2015.
  25. Payer M, "HexPADS: A Platform to Detect "Stealth" Attacks[M]," Engineering Secure Software and Systems. 2016.
  26. Coppens B, Verbauwhede I, De Bosschere K, et al, "Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors[J]," 73(7):45-60, 2009.
  27. AIDA64.
  28. Xen Project.
  29. Newsome J, Song D, "Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software[J]," Chinese Journal of Engineering Mathematics, 29(5):720-724, 2005.
  30. Ainapure, B. S., Shah, D., & Rao, A. A, "Understanding Perception of Cache-Based Side-Channel Attack on Cloud Environment," Progress in Intelligent Computing Techniques: Theory, Practice, and Applications, Springer, Singapore, pp. 9-21, 2018.
  31. Anwar, S., Inayat, Z., Zolkipli, M. F., Zain, J. M., Gani, A., Anuar, N. B., ... & Chang, V, "Cross-VM Cache-based Side Channel Attacks and Proposed Prevention Mechanisms: A survey," Journal of Network and Computer Applications, vol. 93, p. 259-279, 2017 https://doi.org/10.1016/j.jnca.2017.06.001
  32. Disselkoen C, Kohlbrenner D, Porter L, et al, "Prime+ abort: A timer-free high-precision l3 cache attack using intel TSX[C]," in Proc. of 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC, p. 51-67, 2017.
  33. Garcia C P, Brumley B B, "Constant-Time Callees with Variable-Time Callers[J]," IACR Cryptology ePrint Archive, 2016: 1195, 2016.
  34. Green M, Rodrigues-Lima L, Zankl A, et al, "AutoLock: Why Cache Attacks on ARM Are Harder Than You Think[C]," in Proc. of 26th USENIX Security Symposium, 2017.
  35. Schwarz M, Lipp M, Gruss D, et al, "KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks[C]," NDSS, 2018.
  36. Gruss D, Lettner J, Schuster F, et al, "Strong and efficient cache side-channel protection using hardware transactional memory[C]," in Proc. of USENIX Security Symposium, 2017.
  37. Meng W, Tischhauser E W, Wang Q, et al, Ieee Access, 6: 10179-10188, 2018. https://doi.org/10.1109/ACCESS.2018.2799854
  38. Lin Q, Yan H, Huang Z, et al, "An ID-based linearly homomorphic signature scheme and its application in blockchain[J]," IEEE Access, 6: 20632-20640, 2018. https://doi.org/10.1109/ACCESS.2018.2809426
  39. Jiang F, Fu Y, Gupta B B, et al, "Deep Learning based Multi-channel intelligent attack detection for Data Security[J]," IEEE Transactions on Sustainable Computing, 2018.
  40. "Handbook of research on modern cryptographic solutions for computer and cyber security[M]," IGI Global, 2016.