Cache Side Channel Attack: Exploitability and Countermeasures

Presented at Black Hat Asia 2017, March 31, 2017, 2:15 p.m. (60 minutes).

<span>Cache attacks have proven to be a big concern for security code designers because they are able to recover a wide range of information, ranging from cryptographic keys to user privacy-related information. These attacks take advantage of the fact that two processes are utilizing the same hardware resource, thus leveraging unexpected leakages that can be exploited by a malicious user. More specifically, Last Level Cache (LLC) attacks make use of the fact that the LLC is shared across cores, thus being able to steal information from users located in different cores. These attacks have been shown to be applicable in a wide variety of scenarios, going from IaaS clouds to web browsing exploitation with embedded javascript code. </span><br><br><span>This presentation describes three most dangerous cache attacks follow, i.e., Flush + Reload, Evict + Reload and Prime + Probe. Indeed their characteristics also determine their applicability; while Flush + Reload and Evict + Reload requires memory deduplication to succeed (i.e. shared memory between processes), Prime + Probe does not need special requirements to succeed. We evaluate the different examples of everyday usage software that can be targeted by this kind of attacks to violate our privacy. Further, this presentation expands on the scenarios in which each of the attacks succeed - including but not limited to, IaaS and PaaS co-located VMs/processes, web browsing javascript attacks, smartphone inter-application attacks, and trusted execution environment attacks.</span><br><br><span>Finally, this presentation explores the mitigation of such attacks: at the software level (writing secret independent execution flow), at the OS/hypervisor level (Utilizing LLC isolation through mechanisms like page sharing) and at the system level (e.g., locking certain portions of the LLC or behavior detection).</span>

Presenters:

  • Gorka Irazoqui - Security Researcher, Worcester Polytechnic Institute
    Gorka Irazoqui received his BSC (2011) and MSC (2013) in telecommunications from Tecnun Universidad de Navarra, in Spain. He will start his 4th year as a PhD student at Worcester Polytechnic Institute in Massachusetts under the supervision of Thomas Eisenbarth. His research topics are microarchitectural side-channel attacks and countermeasures in the cloud. He spent the summer of 2016 doing an internship at Intel.
  • Xiaofei Guo - Security Researcher, Cisco Tetration Analytics
    Xiaofei Guo works as a Technical Lead at Cisco Tetration Analytics where he builds products to secure data centers. Before joining Tetration, Xiaofei worked at both Intel Security Center of Excellence and Qualcomm Product Security Initiative. In these previous positions, he has worked on security challenges in mobile and IoT platform security, infrastructure security, and application security. He has previously presented at Blackhat. He received a PhD from New York University. Besides security research, he is passionate about building innovative security product.

Links:

Similar Presentations: