Cache timing side-channel vulnerability checking with computation tree logic

Deng, Sier; Xiong, Wenjie; Szefer, Jakub

doi:10.1145/3214292.3214294

Cited by 21 publications

(17 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our methodology adopts the exhaustive set of 28 cache attack types proposed by Deng et al in [11]. These attack types are described in Table I, where each type is referenced by a specific ID, i.e., from 1 to 28.…”

Section: A Define Threat and Attack Modelsmentioning

confidence: 99%

“…Several articles address the topic of security verification [9][10][11][12]. In [9], Jha et al presented a verification scheme that targeted the validation of access policies in hardware by different agents.…”

Section: Introductionmentioning

confidence: 99%

“…This technique detects security flaws, however, LSCAs cannot be detected as even the secure flows leak information. Regarding this aspect, Deng et al presented in [11] and [12] novel approaches to model cache attacks. In both papers, the authors modelled some famous attacks and thereafter manually verified the security of different cache solutions.…”

Section: Introductionmentioning

confidence: 99%

“…• A method to analyze the attack models • An algorithm that automatically synthesizes attack models into a table with attacks. • A demonstration of the proposed methodology for the nine cache designs by analyzing their security requirements using an exhaustive set of 28 attack models (LSCA) [11].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Security Verification Template to Assess Cache Architecture Vulnerabilities

Ghasempouri

Raik

Paul

et al. 2020

2020 23rd International Symposium on Design and Diagnostics of Electronic Circuits &Amp; Systems (DDECS)

View full text Add to dashboard Cite

In the recent years, cache based side-channel attacks have become a serious threat for computers. To face this issue, researches have been looking at verifying the security policies. However, these approaches are limited to manual security verification and they typically work for a small subset of the attacks. Hence, an effective verification environment to automatically verify the cache security for all side-channel attacks is still missing. To address this shortcoming, we propose a security verification methodology that formally verifies cache designs against cache side-channel vulnerabilities. Results show that this verification template is a straightforward, automated method in verifying cache invulnerability.

show abstract

Section: A Define Threat and Attack Modelsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Security Verification Template to Assess Cache Architecture Vulnerabilities

Ghasempouri

Raik

Paul

et al. 2020

2020 23rd International Symposium on Design and Diagnostics of Electronic Circuits &Amp; Systems (DDECS)

View full text Add to dashboard Cite

show abstract

“…Although cache monitoring has been widely studied in the context of high performance SoC computation, its use for detecting cache attacks has been almost completely neglected. A limited number of publications have performed offline and online cache monitoring [3][4][5][6][7][8][9][10] for security purposes. Offline monitoring is based on the simulation of possible attack scenarios [3][4][5][6].…”

Section: Introductionmentioning

confidence: 99%

LiD-CAT: A Lightweight Detector for Cache ATtacks

Reinbrecht

Hamdioui

Taouil

et al. 2020

2020 IEEE European Test Symposium (ETS)

View full text Add to dashboard Cite

Cache attacks are one of the most widespread and dangerous threats to embedded computing systems' security. A promising approach to detect such attacks at runtime is to monitor the System-on-Chip (SoC) behavior. However, designing a secure SoC capable of detecting such attacks is very challenging: the monitors should be lightweight in order to avoid excessive power/energy and area costs and the attack behavior should be clearly known upfront. In this work, we present LiD-CAT, a lightweight and flexible hardware detector that is aware of leakage patterns that can be used by attackers to perform cache based attacks. LiD-CAT is a cache wrapper that implements a set of leakage properties derived from cache attacks and cache models using templates. These templates identify suspicious behavior that may lead to cache attacks. LiD-CAT is evaluated using two different cache architectures, one with a secure cache and one without. On each of them, SPEC2000 benchmarks are run together with malicious applications that execute cache attacks (i.e., Evict+Time, Prime+Probe, Flush+Reload and Flush+Flush). Results show that our lightweight detector successfully detects 99.99% of the attacks with less than 1% false-positives, has no timing penalties, and increases the area of a SoC with only 1.6%.

show abstract

A Formal Methodology for Verifying Side-Channel Vulnerabilities in Cache Architectures

Jiang

Zhang

Sanán

et al. 2022

Formal Methods and Software Engineering

View full text Add to dashboard Cite

Security-aware CPU caches have been designed to mitigate side-channel attacks and prevent information leakage. How to validate the effectiveness of these designs remains an unsolved problem. Prior works assess the security of architectures empirically without a formal guarantee, making the evaluation results less convincing. In this paper, we propose a comprehensive methodology based on formal methods for security verification of cache architectures. Specifically, we design an entropy-based noninterference reasoning framework with two unwinding conditions to assess the information leakage of the cache designs. The reasoning framework quantifies the dependency relationships by the mutual information between the distributions of input and output of side channels. Given a cache design, we formalize its behavior specification along with the cache layouts into an abstract state machine, to instantiate the parameterized reasoning framework that discloses any potential vulnerabilities. We use our methodology to assess eight state-of-the-art cache architectures to demonstrate reliability as well as flexibility.

show abstract

Cache timing side-channel vulnerability checking with computation tree logic

Cited by 21 publications

References 32 publications

A Security Verification Template to Assess Cache Architecture Vulnerabilities

A Security Verification Template to Assess Cache Architecture Vulnerabilities

LiD-CAT: A Lightweight Detector for Cache ATtacks

A Formal Methodology for Verifying Side-Channel Vulnerabilities in Cache Architectures

Contact Info

Product

Resources

About