PhantomCache: Obfuscating Cache Conflicts with Localized Randomization

Tan, Qinhan; Zeng, Zhipeng; Bu, Kai; Ren, Kui

doi:10.14722/ndss.2020.24086

Cited by 35 publications

(36 citation statements)

References 26 publications

(94 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our work provides a baseline to compare future secure caches and their analysis. Future work should investigate how our techniques can be applied to concurrent work [46]. This paper also shows the importance of cryptanalytic resistance of the core randomization mapping.…”

Section: B Future Workmentioning

confidence: 91%

Systematic Analysis of Randomization-based Protected Cache Architectures

Purnal

Giner

Gruss

et al. 2021

2021 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Recent secure cache designs aim to mitigate sidechannel attacks by randomizing the mapping from memory addresses to cache sets. As vendors investigate deployment of these caches, it is crucial to understand their actual security.In this paper, we consolidate existing randomization-based secure caches into a generic cache model. We then comprehensively analyze the security of existing designs, including CEASER-S and SCATTERCACHE, by mapping them to instances of this model. We tailor cache attacks for randomized caches using a novel PRIME+PRUNE+PROBE technique, and optimize it using burst accesses, bootstrapping, and multi-step profiling. PRIME+ PRUNE+PROBE constructs probabilistic but reliable eviction sets, enabling attacks previously assumed to be computationally infeasible. We also simulate an end-to-end attack, leaking secrets from a vulnerable AES implementation. Finally, a case study of CEASER-S reveals that cryptographic weaknesses in the randomization algorithm can lead to a complete security subversion.Our systematic analysis yields more realistic and comparable security levels for randomized caches. As we quantify how design parameters influence the security level, our work leads to important conclusions for future work on secure cache designs.

show abstract

Section: B Future Workmentioning

confidence: 91%

Systematic Analysis of Randomization-based Protected Cache Architectures

Purnal

Giner

Gruss

et al. 2021

2021 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…One of the most recent approaches PhantomCache [27] is a pure architectural solution and uses a localized randomization technique to bound the randomized mapping to a limited number of cache sets. The randomization technique used in PhantomCache allows an address to be mapped to multiple locations within a single cache bank.…”

Section: Problem Descriptionmentioning

confidence: 99%

“…However, the security goals we pursue with our design define important aspects of the concept and hence, we now define the attacker model. Our threat model is similar to previous work in this field [26], [27]: we consider a strong adversary model, i.e., a noise-free scenario, where the attacker is able to perfectly distinguish between a cache hit and a cache miss for any memory address. As in real-world attacks, the attacker has no insights on the internal state of the cache except those leaked by the timing differences of memory accesses.…”

Section: Threat Modelmentioning

confidence: 99%

“…We hold on to the traditional set-associative design and introduce a variant of the skewing approach which was originally proposed in 1993 [41]. As studied in recent years, randomized skewing makes finding conflicting addresses much more challenging for an attacker, see [26], [27]. In combination with the time-based eviction, finding eviction sets becomes even harder as motivated in Section VI.…”

Section: A Clepsydracache In a Nutshellmentioning

confidence: 99%

“…We show, that CLEPSYDRACACHE offers strong security properties and minimizes the information an attacker can learn about conflicting addresses. In contrast to other concepts that solely focus on index randomization (see [26], [27]) CLEPSYDRACACHE hides cache conflicts from an attacker and due to the randomness of the TTL, attacks measuring the execution time of a program experience large noise distortions. We also analyze the security of CLEPSY-DRACACHE against attackers using a minimal eviction set or the clflush instruction from the x86 instruction set.…”

Section: E Cache Coherencementioning

confidence: 99%

See 2 more Smart Citations

ClepsydraCache -- Preventing Cache Attacks with Time-Based Evictions

Thoma¹,

Niesler²,

Funke³

et al. 2021

Preprint

View full text Add to dashboard Cite

Both the shift towards attacks on the microarchitectural CPU level and the ongoing transition towards cloud computing and shared VM hosts have increasingly drawn attention towards cache attacks. In these fields of application, cache sidechannels lay the cornerstone that is leveraged by attackers to exfiltrate secret information from the CPU microarchitecture.We build upon the observation that current cache side-channel attacks mostly exploit the architectural visibility of conflicting cache addresses. With CLEPSYDRACACHE, we break away this foundation by unraveling the linkage between cache evictions and accesses to conflicting addresses. Our solution takes a new approach that assigns each cache entry a random time-to-live to reduce the amount of cache conflicts. By making those conflicts unobservable to an attacker, CLEPSYDRACACHE efficiently protects against attacks like PRIME+PROBE and FLUSH+RELOAD. Furthermore, our solution is applicable to large last-level caches which are the most common targets for cache attacks. We implement CLEPSYDRACACHE using the Gem5 simulator and provide a proof-of-concept hardware design and simulation using 65-nm CMOS technology. CLEPSYDRACACHE matches the performance of traditional cache architectures while improving the system security against cache attacks.

show abstract