Secure TLBs

Deng, Sier; Xiong, Wenjie; Szefer, Jakub

doi:10.1145/3307650.3322238

Cited by 21 publications

(20 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For other microarchitectural components, Static-Partition TLB [58] was introduced, which follows the idea of static-partitioning cache and Sanctum to isolate the TLB accesses between the victim and the attacker. Wang et al [210] designed approaches to prevent information leakage via on-chip networks by restricting low-security traffic.…”

Section: Architecture-level Strategiesmentioning

confidence: 99%

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks and Defenses in Cryptography

Lou¹,

Zhang²,

Jiang³

et al. 2021

Preprint

View full text Add to dashboard Cite

Side-channel attacks have become a severe threat to the confidentiality of computer applications and systems. One popular type of such attacks is the microarchitectural attack, where the adversary exploits the hardware features to break the protection enforced by the operating system and steal the secrets from the program. In this paper, we systematize microarchitectural side channels with a focus on attacks and defenses in cryptographic applications. We make three contributions. (1) We survey past research literature to categorize microarchitectural side-channel attacks. Since these are hardware attacks targeting software, we summarize the vulnerable implementations in software, as well as flawed designs in hardware. (2) We identify common strategies to mitigate microarchitectural attacks, from the application, OS and hardware levels. (3) We conduct a large-scale evaluation on popular cryptographic applications in the real world, and analyze the severity, practicality and impact of side-channel vulnerabilities. This survey is expected to inspire side-channel research community to discover new attacks, and more importantly, propose new defense solutions against them.CCS Concepts: • Security and privacy → Side-channel analysis and countermeasures.

show abstract

Section: Architecture-level Strategiesmentioning

confidence: 99%

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks and Defenses in Cryptography

Lou¹,

Zhang²,

Jiang³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…RFillCache [35] selects random victims during cache-line replacement to hide the side effects of cache replacement policies. Secure-TLB [11] adopts a similar randomization replacement strategy to defeat TLBleed attacks [15]. FTM [43] targets cross-core Flush+Reload attacks by delaying the first access to the last-level cache.…”

Section: Related Workmentioning

confidence: 99%

SpecBox: A Label-Based Transparent Speculation Scheme Against Transient Execution Attacks

Tang¹,

Wu²,

Wang³

et al. 2021

Preprint

View full text Add to dashboard Cite

Speculative execution techniques have been a cornerstone of modern processors to improve instruction-level parallelism. However, recent studies showed that this kind of techniques could be exploited by attackers to leak secret data via transient execution attacks, such as Spectre. Many defenses are proposed to address this problem, but they all face various challenges: (1) Tracking data flow in the instruction pipeline could comprehensively address this problem, but it could cause pipeline stalls and incur high performance overhead; (2) Making side effect of speculative execution imperceptible to attackers, but it often needs additional storage components and complicated data movement operations. In this paper, we propose a label-based transparent speculation scheme called SPECBOX. It dynamically partitions the cache system to isolate speculative data and nonspeculative data, which can prevent transient execution from being observed by subsequent execution. Moreover, it uses thread ownership semaphores to prevent speculative data from being accessed across cores. In addition, SPECBOX also enhances the auxiliary components in the cache system against transient execution attacks, such as hardware prefetcher. Our security analysis shows that SPECBOX is secure and the performance evaluation shows that the performance overhead on SPEC CPU 2006 and PARSEC-3.0 benchmarks is small.

show abstract

“…Consequently, we believe that PThammer will be effective in machines that require somewhat longer time for eviction, e.g., due to associative TLB or larger associativity in the LLC. Cache designs that aim to prevent the creation of eviction sets, such as CEASER [43] or ScatterCache [54], or that randomize the TLB [11] can prevent PThammer. To the best of our knowledge, no mainstream processor implements such an approach.…”

Section: Limitationmentioning

confidence: 99%

“…Besides, PThammer is a kind of eviction-based cache and TLB attacks. It exploits the fact that cache and TLB are shared between sensitive data and crafted user data, clearly existing cache and TLB defenses such as Catalyst [34], ScatterCache [55] and Secure TLBs [11] can also mitigate PThammer by partitioning or randomizing either cache or TLB.…”

Section: Limitationmentioning

confidence: 99%

PThammer: Cross-User-Kernel-Boundary Rowhammer through Implicit Accesses

Zhang

Cheng

Liu

et al. 2020

2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO)

View full text Add to dashboard Cite

The rowhammer bug is to frequently access hammer rows to induce bit flips in their adjacent victim rows, allowing an attacker to gain privilege escalation or steal private data. A key requirement of all existing rowhammer attacks is that an attacker must have access to at least part of an exploitable hammer row. We refer to such rowhammer attacks as PeriHammer. The stateof-the-art software-only defenses against PeriHammer attacks is to make the exploitable hammer rows beyond the attacker's access permission.In this paper, we question the necessity of the above requirement and propose a new class of rowhammer attacks, termed as TeleHammer. It is a paradigm shift in rowhammer attacks since it crosses privilege boundary to stealthily rowhammer an inaccessible row by implicit DRAM accesses. Such accesses are achieved by abusing inherent features of modern hardware and/or software. We propose a generic model to rigorously formalize the necessary conditions to initiate TeleHammer and PeriHammer, respectively. Compared to PeriHammer, TeleHammer can defeat the advanced software-only defenses, stealthy in hiding itself and hard to be mitigated.To demonstrate the practicality of TeleHammer and its advantages, we have created a TeleHammer's instance, called PThammer, which leverages the address-translation feature of modern processors. We observe that a memory access from user space can induce a load of a Level-1 page-table entry (L1PTE) from memory and thus hammer the L1PTE once, although L1PTE is not accessible to us. To achieve a high enough hammering frequency, we flush relevant TLB and cache effectively and efficiently. To this end, we demonstrate PThammer on three different test machines and show that it can cross user-kernel boundary and induce the first bit flips in L1PTEs within 15 minutes of double-sided PThammering. PThammer does not require the superpage system setting, and works on Ubuntu Linux. We have exploited PThammer to defeat advanced software-only rowhammer defenses in default system setting.

show abstract

Secure TLBs

Cited by 21 publications

References 17 publications

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks and Defenses in Cryptography

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks and Defenses in Cryptography

SpecBox: A Label-Based Transparent Speculation Scheme Against Transient Execution Attacks

PThammer: Cross-User-Kernel-Boundary Rowhammer through Implicit Accesses

Contact Info

Product

Resources

About