A survey of microarchitectural timing attacks and countermeasures on contemporary hardware

Ge, Qian; Yarom, Yuval; Cock, David; Heiser, Gernot

doi:10.1007/s13389-016-0141-6

Cited by 302 publications

(285 citation statements)

References 113 publications

Supporting

Mentioning

284

Contrasting

Order By: Relevance

“…All SCAs rely on some side channel information leakage, so SCA countermeasures aim at either hiding this leakage or at minimizing this leakage so that it contains very small or no useful information to mount an attack (making the leakage trace, data independent) [41]. The most widely used countermeasure, primarily applicable on microarchitecture attacks, is making the security operation time delay constant or random, regardless of the microarchitecture elements that are used or the implemented code it is executed [42]. However, developing constant-time execution code is not always easy since optimizations introduced by the compiler must be bypassed.…”

Section: Side Channel Analysis Attack Countermeasuresmentioning

confidence: 99%

“…Among the existing solutions (fitted in the above-mentioned categories) there exist techniques to eliminate timing side channels by introducing virtual time and black-box mitigation techniques [42]. Also, time partitioning can be used through regular Cache Flushing, Lattice Scheduling, Memory Controller Partitioning, structuring Execution Leases and performing Kernel address space isolation.…”

Section: Side Channel Analysis Attack Countermeasuresmentioning

confidence: 99%

See 1 more Smart Citation

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

2017

View full text Add to dashboard Cite

Cyber-Physical system devices nowadays constitute a mixture of Information Technology (IT) and Operational Technology (OT) systems that are meant to operate harmonically under a security critical framework. As security IT countermeasures are gradually been installed in many embedded system nodes, thus securing them from many well-know cyber attacks there is a lurking danger that is still overlooked. Apart from the software vulnerabilities that typical malicious programs use, there are some very interesting hardware vulnerabilities that can be exploited in order to mount devastating software or hardware attacks (typically undetected by software countermeasures) capable of fully compromising any embedded system device. Real-time microarchitecture attacks such as the cache side-channel attacks are such case but also the newly discovered Rowhammer fault injection attack that can be mounted even remotely to gain full access to a device DRAM (Dynamic Random Access Memory). Under the light of the above dangers that are focused on the device hardware structure, in this paper, an overview of this attack field is provided including attacks, threat directives and countermeasures. The goal of this paper is not to exhaustively overview attacks and countermeasures but rather to survey the various, possible, existing attack directions and highlight the security risks that they can pose to security critical embedded systems as well as indicate their strength on compromising the Quality of Service (QoS) such systems are designed to provide.

show abstract

Section: Side Channel Analysis Attack Countermeasuresmentioning

confidence: 99%

Section: Side Channel Analysis Attack Countermeasuresmentioning

confidence: 99%

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

2017

View full text Add to dashboard Cite

show abstract

“…Detailed surveys on microarchitectural timing attacks in general [8], [2] and cache timing attacks in particular [11] can be found in the literature. [5] includes a systematic evaluation of transient execution attacks.…”

Section: Related Workmentioning

confidence: 99%

Detecting Time-Fragmented Cache Attacks Against AES Using Performance Monitoring Counters

Prada

Igual

Olcoz

2019

Communications in Computer and Information Science

View full text Add to dashboard Cite

Cache timing attacks use shared caches in multi-core processors as side channels to extract information from victim processes. These attacks are particularly dangerous in cloud infrastructures, in which the deployed countermeasures cause collateral effects in terms of performance loss and increase in energy consumption. We propose to monitor the victim process using an independent monitoring (detector) process, that continuously measures selected Performance Monitoring Counters (PMC) to detect the presence of an attack. Ad-hoc countermeasures can be applied only when such a risky situation arises. In our case, the victim process is the AES encryption algorithm and the attack is performed by means of random encryption requests. We demonstrate that PMCs are a feasible tool to detect the attack and that sampling PMCs at high frequencies is worse than sampling at lower frequencies in terms of detection capabilities, particularly when the attack is fragmented in time to try to be hidden from detection.

show abstract

“…This isolation property is supposed to be one of the security properties of cloud computing systems. However, within the last decade, academicians and practitioners have discovered that this isolation is not impenetrable [1][2][3][4]. One well-known technique to break this isolation feature is a cache-based side channel attack (CSCa).…”

Section: Introductionmentioning

confidence: 99%

Leveraging KVM Events to Detect Cache-Based Side Channel Attacks in a Virtualization Environment

Paundu

Fall

Miyamoto

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Cache-based side channel attack (CSCa) techniques in virtualization systems are becoming more advanced, while defense methods against them are still perceived as nonpractical. The most recent CSCa variant called Flush + Flush has showed that the current detection methods can be easily bypassed. Within this work, we introduce a novel monitoring approach to detect CSCa operations inside a virtualization environment. We utilize the Kernel Virtual Machine (KVM) event data in the kernel and process this data using a machine learning technique to identify any CSCa operation in the guest Virtual Machine (VM). We evaluate our approach using Receiver Operating Characteristic (ROC) diagram of multiple attack and benign operation scenarios. Our method successfully separate the CSCa datasets from the non-CSCa datasets, on both trained and nontrained data scenarios. The successful classification also include the Flush + Flush attack scenario. We are also able to explain the classification results by extracting the set of most important features that separate both classes using their Fisher scores and show that our monitoring approach can work to detect CSCa in general. Finally, we evaluate the overhead impact of our CSCa monitoring method and show that it has a negligible computation overhead on the host and the guest VM.

show abstract

A survey of microarchitectural timing attacks and countermeasures on contemporary hardware

Cited by 302 publications

References 113 publications

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks

Detecting Time-Fragmented Cache Attacks Against AES Using Performance Monitoring Counters

Leveraging KVM Events to Detect Cache-Based Side Channel Attacks in a Virtualization Environment

Contact Info

Product

Resources

About