Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity

Crane, Stephen; Homescu, Andrei; Brunthaler, Stefan; Larsen, Per; Franz, Michael

doi:10.14722/ndss.2015.23264

Cited by 127 publications

(80 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Work in [129] have highlighted the importance of security when IoT is incorporated in the Industry 4.0. Integrity For maintaining the integrity, works such as [121] discuss how to protect CPS, IoT, or 3D printing against various side channel attacks. Integrity of IoT devices, heterogeneous systems, during industrial processing is crucial.…”

Section: Industrial Processingmentioning

confidence: 99%

“…There have been various efforts to secure the hardware [142][143][144]. Next generation [111] data security [103] for IoT and CPS [117,118] security [119] for secure encryption for augmented reality [120] cloud data [103,105], secure vault for CAD files [104] Integrity Integrity layer for Product verification [112,114], Vendor management [6] Integrity attack -Maintain integrity in cloud data storage [108] trojan detection [113] detection methods [121] augmented reality data integrity [122], integrity assessment of replaced parts [123] Availability High availability cloud [108], High availability server [115], Protocols for access…”

Section: Hardware Security and Manufacturing Supply Chainmentioning

confidence: 99%

See 1 more Smart Citation

Manufacturing Supply Chain and Product Lifecycle Security in the Era of Industry 4.0

et al. 2017

View full text Add to dashboard Cite

The next generation of smart manufacturing systems will incorporate various recent enabling technologies. These technologies will aid in ushering the era of the fourth industrial revolution. They will make the supply chain and the product lifecycle of the manufacturing system efficient, decentralized, and well-connected. However, these technologies have various security issues and, when integrated in the supply chain and the product lifecycle of manufacturing systems, can pose various challenges for maintaining the security requirements such as confidentiality, integrity, and availability. In this paper, we will present the various trends and advances in the security of the supply chain and product lifecycle of the manufacturing system while highlighting the roles played by the major enabling components of Industry 4.0.

show abstract

Section: Industrial Processingmentioning

confidence: 99%

Section: Hardware Security and Manufacturing Supply Chainmentioning

confidence: 99%

Manufacturing Supply Chain and Product Lifecycle Security in the Era of Industry 4.0

et al. 2017

View full text Add to dashboard Cite

show abstract

“…Previous works have already shown methods to attack computational and storage components by exploring features such as cache miss rates [14] [15] or the time required to perform floating point operations [16].…”

Section: Distributed Timing Attack (Dta)mentioning

confidence: 99%

Gossip NoC -- Avoiding Timing Side-Channel Attacks through Traffic Management

Reinbrecht

Susin

Bossuet³

et al. 2016

2016 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)

View full text Add to dashboard Cite

Abstract-The wide use of Multi-processing systems-on-chip (MPSoCs) in embedded systems and the trend to increase the integration between devices have turned these systems vulnerable to attacks. Malicious software executed on compromised IP may become a serious security problem. By snooping the traffic exchanged through the Network-on-chip (NoC), it is possible to infer sensitive information such as secrets keys. NoCs are vulnerable to side channel attacks that exploit traffic interference as timing channels. When multiple IP cores are infected, they can work coordinately to implement a distributed timing attack (DTA). In this work we present for the first time the execution of a DTA and a secure enhanced NoC architecture able to avoid the timing attacks. Results show that our NoC proposal can avoid the DTA with an increase of only 1% in area and 0.8% in power regarding the whole chip design.

show abstract

“…-Diversifying the execution code: One possibility to mitigate cache side-channel attacks is to create different and unique program traces (that perform identical computations) for different executions. This countermeasure, proposed in [24], will prevent the Flush+Reload technique since the specific location of the function that the attacker wants to monitor would be different for different users (and thus, libraries would never be deduplicated).…”

Section: Preventing Cross-vm Code Detectionmentioning

confidence: 99%

Know Thy Neighbor: Crypto Library Detection in Cloud

Irazoqui

İnci

Eisenbarth

et al. 2015

Proceedings on Privacy Enhancing Technologies

View full text Add to dashboard Cite

Software updates and security patches have become a standard method to fix known and recently discovered security vulnerabilities in deployed software. In server applications, outdated cryptographic libraries allow adversaries to exploit weaknesses and launch attacks with significant security results. The proposed technique exploits leakages at the hardware level to first, determine if a specific cryptographic library is running inside (or not) a co-located virtual machine (VM) and second to discover the IP of the co-located target. Nevertheless, one of the main concerns that is slowing the widespread usage of such Infrastructure as a Service (IaaS) technologies are potential security vulnerabilities and privacy risks of cloud computing. Usually, CSPs employ virtual machines (VMs), allowing multiple tenants to share the same computing hardware. While this resource sharing maximizes utilization and hence drastically reduces cost, ensuring isolation of potentially sensitive data between VMs instantiated by different and untrusted tenants can be a challenge. Indeed, the main security principle in the design and implementation of virtual machine managers (VMMs) has been that of process and data isolation achieved through sandboxing. Although logical isolation ensures security at the software level, a malicious tenant might still extract private information due to leakage coming from side channels such as shared hardware resources. In short, hardware sharing create an opening for various side channel attacks developed for non-virtualized environments. These powerful attacks are capable of extracting sensitive information, e.g. passwords and private keys, by profiling the victim process. ignoring leakages of information through subtle side-channels shared by the processes running on the same physical hardware. In non-virtualized environments, a number of effective side-channel attacks were proposed that succeeded in extracting sensitive data by targeting the software layer only.

show abstract

Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity

Cited by 127 publications

References 35 publications

Manufacturing Supply Chain and Product Lifecycle Security in the Era of Industry 4.0

Manufacturing Supply Chain and Product Lifecycle Security in the Era of Industry 4.0

Gossip NoC -- Avoiding Timing Side-Channel Attacks through Traffic Management

Know Thy Neighbor: Crypto Library Detection in Cloud

Contact Info

Product

Resources

About