2019 IEEE Symposium on Security and Privacy (SP) 2019
DOI: 10.1109/sp.2019.00004
|View full text |Cite
|
Sign up to set email alerts
|

Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World

Abstract: Although clouds have strong virtual memory isolation guarantees, cache attacks stemming from shared caches have proved to be a large security problem. However, despite the past effectiveness of cache attacks, their viability has recently been called into question on modern systems, due to trends in cache hierarchy design moving away from inclusive cache hierarchies.In this paper, we reverse engineer the structure of the directory in a sliced, non-inclusive cache hierarchy, and prove that the directory can be u… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
60
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
5
4
1

Relationship

0
10

Authors

Journals

citations
Cited by 131 publications
(69 citation statements)
references
References 41 publications
0
60
0
Order By: Relevance
“…We believe it is possible to achieve a similar reduction in the number of samples required to succeed in these processors. It was also recently demonstrated that non-inclusive caches are also vulnerable to cache attacks [57]. As a result, our approach is feasible for non-inclusive caches.…”
Section: Attack Durationmentioning
confidence: 73%
“…We believe it is possible to achieve a similar reduction in the number of samples required to succeed in these processors. It was also recently demonstrated that non-inclusive caches are also vulnerable to cache attacks [57]. As a result, our approach is feasible for non-inclusive caches.…”
Section: Attack Durationmentioning
confidence: 73%
“…Current benchmarks do not consider timing-based attacks of other levels in cache hierarchy besides L1, but it should be straightforward to extend to the other levels. We do not consider directory-related attacks [51] or attacks based on replacement policy [48], but it should be possible to model these by adding more states to the model (and still keep an only total of three steps). This work does not cover TLB attacks [15,21], but there is already a theoretical model for TLBs [12], and similar benchmarks can be developed for TLB attacks (possibly merge with our benchmarks).…”
Section: Assumptions and Threat Modelmentioning
confidence: 99%
“…There have been solutions for both ARM and x86 that primarily leverage the cache coherency protocol among different last-level caches. For example, it was recently shown that the latest noninclusive last-level cache employed by x86 CPUs can also be attacked [46]. Several researchers demonstrate the possibility of performing cache side-channel attacks on ARM.…”
Section: Related Workmentioning
confidence: 99%