CacheZoom: How SGX Amplifies The Power of Cache Attacks

Moghimi, Ahmad; Irazoqui, Gorka; Eisenbarth, Thomas

doi:10.48550/arxiv.1703.06986

Cited by 5 publications

(18 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Despite the applicability of LLC attacks, attacks on coreprivate resources such as L1 cache are as important [23,35]. Attacks on SGX in a system level adversarial scenario are notable examples [20,36]. There are other shared resources, which can be utilized to construct timing channels [37].…”

Section: Related Workmentioning

confidence: 99%

“…Cache attacks can be exploited by adversaries where they share system cache memory with benign users. In scenarios where the adversary can colocate with a victim on the same core, she can attack core-private resources such as L1 cache, e.g., OS adversaries [20,36]. In cloud environment, virtualization platforms allow sharing of logical processors to different VMs; however, attacks on the shared LLC have a higher impact, since LLC is shared across all the cores.…”

Section: Cache Attacksmentioning

confidence: 99%

“…Both implementations have optimizations to hinder cache attacks. In fact, the AES implementation features a constant cache profile and can thus be considered resistant to most microarchitectural attacks including cache attacks and high-resolution attacks as described in [20]. MemJam can still extract the keys from both implementations due to the intra cache-line spatial resolution as depicted in Figure 5.…”

Section: Write-after-read (War)mentioning

confidence: 99%

“…Combining small tables with cache state normalization, i.e., loading all table entries into cache before each operation, defeats cache attacks in asynchronous mode, where the adversary is only able to perform one observation per operation. More advanced side channels such as exploitation of the thread scheduler [19], cache attack on interrupted execution of Intel Software Guard eXtension (SGX) [20], performance degradation [21] and leakage of other microarchitectural resources [22,23] remind us the importance of constant-time software implementations. One way to achieve constant-time memory behavior, is the adoption of small tables in combination with accessing all cache lines on each lookup [7].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations

Moghimi¹,

Eisenbarth²,

Sunar³

2018

Int J Parallel Prog

Self Cite

View full text Add to dashboard Cite

Cache attacks exploit memory access patterns of cryptographic implementations. Constant-Time implementation techniques have become an indispensable tool in fighting cache timing attacks. These techniques engineer the memory accesses of cryptographic operations to follow a uniform key independent pattern. However, the constant-time behavior is dependent on the underlying architecture, which can be highly complex and often incorporates unpublished features. CacheBleed attack targets cache bank conflicts and thereby invalidates the assumption that microarchitectural side-channel adversaries can only observe memory with cache line granularity. In this work, we propose MemJam, a side-channel attack that exploits false dependency of memory read-after-write and provides a high quality intra cache level timing channel. As a proof of concept, we demonstrate the first key recovery attacks on a constant-time implementation of AES, and a SM4 implementation with cache protection in the current Intel Integrated Performance Primitives (Intel IPP) cryptographic library. Further, we demonstrate the first intra cache level timing attack on SGX by reproducing the AES key recovery results on an enclave that performs encryption using the aforementioned constant-time implementation of AES. Our results show that we can not only use this side channel to efficiently attack memory dependent cryptographic operations but also to bypass proposed protections. Compared to CacheBleed, which is limited to older processor generations, MemJam is the first intra cache level attack applicable to all major Intel processors including the latest generations that support the SGX extension.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Cache Attacksmentioning

confidence: 99%

Section: Write-after-read (War)mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations

Moghimi¹,

Eisenbarth²,

Sunar³

2018

Int J Parallel Prog

Self Cite

View full text Add to dashboard Cite

show abstract

“…As it has been shown recently, enclaves leak information through the last-level cache, even to unprivileged user space applications, as they share the last-level cache with regular user space applications [6,28,54,64]. SGX enclaves provide a communication interface using so-called ecalls and ocalls, similar to the syscall interface.…”

Section: Evaluation Of 𝒫1 On Trusted Execution Environmentsmentioning

confidence: 99%

Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features

Schwarz

Gruss

Lipp

et al. 2018

Proceedings of the 2018 on Asia Conference on Computer and Communications Security

View full text Add to dashboard Cite

Double-fetch bugs are a special type of race condition, where an unprivileged execution thread is able to change a memory location between the time-of-check and time-of-use of a privileged execution thread. If an unprivileged attacker changes the value at the right time, the privileged operation becomes inconsistent, leading to a change in control flow, and thus an escalation of privileges for the attacker. More severely, such double-fetch bugs can be introduced by the compiler, entirely invisible on the source-code level.We propose novel techniques to efficiently detect, exploit, and eliminate double-fetch bugs. We demonstrate the first combination of state-of-the-art cache attacks with kernel-fuzzing techniques to allow fully automated identification of double fetches. We demonstrate the first fully automated reliable detection and exploitation of double-fetch bugs, making manual analysis as in previous work superfluous. We show that cache-based triggers outperform stateof-the-art exploitation techniques significantly, leading to an exploitation success rate of up to 97 %. Our modified fuzzer automatically detects double fetches and automatically narrows down this candidate set for double-fetch bugs to the exploitable ones. We present the first generic technique based on hardware transactional memory, to eliminate double-fetch bugs in a fully automated and transparent manner. We extend defensive programming techniques by retrofitting arbitrary code with automated double-fetch prevention, both in trusted execution environments as well as in syscalls, with a performance overhead below 1 %. CCS CONCEPTS• Security and privacy → Operating systems security;

show abstract

Leaky Cauldron on the Dark Land

Wang

Chen

Pan

et al. 2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

194

View full text Add to dashboard Cite

Side-channel risks of Intel SGX have recently attracted great attention. Under the spotlight is the newly discovered page-fault attack, in which an OS-level adversary induces page faults to observe the page-level access patterns of a protected process running in an SGX enclave. With almost all proposed defense focusing on this attack, little is known about whether such efforts indeed raise the bar for the adversary, whether a simple variation of the attack renders all protection ineffective, not to mention an in-depth understanding of other attack surfaces in the SGX system. In the paper, we report the first step toward systematic analyses of side-channel threats that SGX faces, focusing on the risks associated with its memory management. Our research identifies 8 potential attack vectors, ranging from TLB to DRAM modules. More importantly, we highlight the common misunderstandings about SGX memory side channels, demonstrating that high frequent AEXs can be avoided when recovering EdDSA secret key through a new page channel and fine-grained monitoring of enclave programs (at the level of 64B) can be done through combining both cache and cross-enclave DRAM channels. Our findings reveal the gap between the ongoing security research on SGX and its side-channel weaknesses, redefine the side-channel threat model for secure enclaves, and can provoke a discussion on when to use such a system and how to use it securely.

show abstract

CacheZoom: How SGX Amplifies The Power of Cache Attacks

Cited by 5 publications

References 0 publications

MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations

MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations

Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features

Leaky Cauldron on the Dark Land

Contact Info

Product

Resources

About