Connecting the Dots: Privacy Leakage via Write-Access Patterns to the Main Memory

John, Tara Merin; Haider, Syed Kamran; Omar, Hamza; Dijk, Marten van

doi:10.1109/tdsc.2017.2779780

Cited by 6 publications

(5 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Such operations may inadvertently create recognizable patterns in the eyes of the passive adversary. Research has shown that by only observing the memory change over time, attackers can recover sensitive information about the unencrypted data [60]. C4: Memory splicing and replaying attacks.…”

Section: Challengesmentioning

confidence: 99%

SE-PIM: In-Memory Acceleration of Data-Intensive Confidential Computing

Duy

Lee

2023

IEEE Trans. Cloud Comput.

View full text Add to dashboard Cite

Demand for data-intensive workloads and confidential computing are the prominent research directions shaping the future of cloud computing. Computer architectures are evolving to accommodate the computing of large data. Meanwhile, a plethora of works has explored protecting the confidentiality of the in-cloud computation in the context of hardware-based secure enclaves. However, the approach has faced challenges in achieving efficient large data computation. In this paper, we present a novel design, called SE-PIM, that retrofits Processing-In-Memory (PIM) as a data-intensive confidential computing accelerator. PIM-accelerated computation renders large data computation highly efficient by minimizing data movement. Based on our observation that moving computation closer to memory can achieve efficiency of computation and confidentiality of the processed information simultaneously, we study the advantages of confidential computing inside memory. We construct our findings into a software-hardware co-design called SE-PIM. Our design illustrates the advantages of PIM-based confidential computing acceleration. We study the challenges in adapting PIM in confidential computing and propose a set of imperative changes, as well as a programming model that can utilize them. Our evaluation shows SE-PIM can provide a side-channel resistant secure computation offloading and run data-intensive applications with negligible performance overhead compared to the baseline PIM model.

show abstract

Section: Challengesmentioning

confidence: 99%

SE-PIM: In-Memory Acceleration of Data-Intensive Confidential Computing

Duy

Lee

2023

IEEE Trans. Cloud Comput.

View full text Add to dashboard Cite

show abstract

“…Ref. [19] demonstrates privacy leakage from the main memory using the Montgomery's ladder technique to send a 128-byte message with a 64-byte secret exponent, where the PCILeech can obtain all the secret bits.…”

Section: Dma Attackmentioning

confidence: 99%

A Delay-Based Machine Learning Model for DMA Attack Mitigation

et al. 2021

View full text Add to dashboard Cite

Direct Memory Access (DMA) is a state-of-the-art technique to optimize the speed of memory access and to efficiently use processing power during data transfers between the main system and a peripheral device. However, this advanced feature opens security vulnerabilities of access compromise and to manipulate the main memory of the victim host machine. The paper outlines a lightweight process that creates resilience against DMA attacks minimal modification to the configuration of the DMA protocol. The proposed scheme performs device identification of the trusted PCIe devices that have DMA capabilities and constructs a database of profiling time to authenticate the trusted devices before they can access the system. The results show that the proposed scheme generates a unique identifier for trusted devices and authenticates the devices. Furthermore, a machine learning–based real-time authentication scheme is proposed that enables runtime authentication and share the results of the time required for training and respective accuracy.

show abstract

“…Research has also shown that routers in the on-chip networks expose application traffic traces [23] that leads to information leakage. Furthermore, information can also be leaked via off-chip memory-based timing channels, where the adversary monitors memory latencies of the victim application [48], [49]. Prior works have explored various mitigation mechanisms, such as employing time-multiplexed memory bandwidth reservation [29], or adopting a non-interference memory controller [50].…”

Section: B Protecting Non-speculative Microarchitecture Statementioning

confidence: 99%

IRONHIDE: A Secure Multicore that Efficiently Mitigates Microarchitecture State Attacks for Interactive Applications

Omar

Khan

2020

2020 IEEE International Symposium on High Performance Computer Architecture (HPCA)

Self Cite

View full text Add to dashboard Cite

Microprocessors enable aggressive hardware virtualization by means of which multiple processes temporally execute on the system. These security-critical and ordinary processes interact with each other to assure application progress. However, temporal sharing of hardware resources exposes the processor to various microarchitecture state attacks. State-of-the-art secure processors, such as MI6 adopt Intel's SGX enclave execution model. MI6 architects strong isolation by statically isolating shared memory state, and purging the microarchitecture state of private core, cache, and TLB resources on every enclave entry and exit. The purging overhead significantly impacts performance as the interactivity across the secure and insecure processes increases. This paper proposes IRONHIDE that implements strong isolation in the context of multicores to form spatially isolated secure and insecure clusters of cores. For an interactive application comprising of secure and insecure processes, IRONHIDE pins the secure process(es) to the secure cluster, where they execute and interact with the insecure process(es) without incurring the microarchitecture state purging overheads on every interaction event. IRONHIDE improves performance by 2.1× over the MI6 baseline for a set of user and OS interactive applications. Moreover, IRONHIDE improves performance by 20% over an SGX-like baseline, while also ensuring strong isolation guarantees against microarchitecture state attacks.

show abstract

Connecting the Dots: Privacy Leakage via Write-Access Patterns to the Main Memory

Cited by 6 publications

References 19 publications

SE-PIM: In-Memory Acceleration of Data-Intensive Confidential Computing

SE-PIM: In-Memory Acceleration of Data-Intensive Confidential Computing

A Delay-Based Machine Learning Model for DMA Attack Mitigation

IRONHIDE: A Secure Multicore that Efficiently Mitigates Microarchitecture State Attacks for Interactive Applications

Contact Info

Product

Resources

About