CacheZoom: How SGX Amplifies the Power of Cache Attacks

Abstract: arXiv:1703.06986v2 [cs.CR]

“…Despite the applicability of LLC attacks, attacks on coreprivate resources such as L1 cache are as important [23,35]. Attacks on SGX in a system level adversarial scenario are notable examples [20,36]. There are other shared resources, which can be utilized to construct timing channels [37].…”

“…Cache attacks can be exploited by adversaries where they share system cache memory with benign users. In scenarios where the adversary can colocate with a victim on the same core, she can attack core-private resources such as L1 cache, e.g., OS adversaries [20,36]. In cloud environment, virtualization platforms allow sharing of logical processors to different VMs; however, attacks on the shared LLC have a higher impact, since LLC is shared across all the cores.…”

“…Both implementations have optimizations to hinder cache attacks. In fact, the AES implementation features a constant cache profile and can thus be considered resistant to most microarchitectural attacks including cache attacks and high-resolution attacks as described in [20]. MemJam can still extract the keys from both implementations due to the intra cache-line spatial resolution as depicted in Figure 5.…”

“…Having said that, SGX must remain secure in the presence of malicious OS, thus modification of OS resources for facilitation of side-channel attacks is relevant and within the considered threat model. Previous works demonstrate high resolution attacks with 4 kB page [59,60] and 64 B cache line granularity [20,61]. Intel declared microarchitectural leakages out of scope for SGX, thus pushing the burden of writing leakage free constant-time code onto enclave developers.…”

“…Combining small tables with cache state normalization, i.e., loading all table entries into cache before each operation, defeats cache attacks in asynchronous mode, where the adversary is only able to perform one observation per operation. More advanced side channels such as exploitation of the thread scheduler [19], cache attack on interrupted execution of Intel Software Guard eXtension (SGX) [20], performance degradation [21] and leakage of other microarchitectural resources [22,23] remind us the importance of constant-time software implementations. One way to achieve constant-time memory behavior, is the adoption of small tables in combination with accessing all cache lines on each lookup [7].…”

MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations

“…Despite the applicability of LLC attacks, attacks on coreprivate resources such as L1 cache are as important [23,35]. Attacks on SGX in a system level adversarial scenario are notable examples [20,36]. There are other shared resources, which can be utilized to construct timing channels [37].…”

“…Cache attacks can be exploited by adversaries where they share system cache memory with benign users. In scenarios where the adversary can colocate with a victim on the same core, she can attack core-private resources such as L1 cache, e.g., OS adversaries [20,36]. In cloud environment, virtualization platforms allow sharing of logical processors to different VMs; however, attacks on the shared LLC have a higher impact, since LLC is shared across all the cores.…”

“…Both implementations have optimizations to hinder cache attacks. In fact, the AES implementation features a constant cache profile and can thus be considered resistant to most microarchitectural attacks including cache attacks and high-resolution attacks as described in [20]. MemJam can still extract the keys from both implementations due to the intra cache-line spatial resolution as depicted in Figure 5.…”

“…Having said that, SGX must remain secure in the presence of malicious OS, thus modification of OS resources for facilitation of side-channel attacks is relevant and within the considered threat model. Previous works demonstrate high resolution attacks with 4 kB page [59,60] and 64 B cache line granularity [20,61]. Intel declared microarchitectural leakages out of scope for SGX, thus pushing the burden of writing leakage free constant-time code onto enclave developers.…”

“…Combining small tables with cache state normalization, i.e., loading all table entries into cache before each operation, defeats cache attacks in asynchronous mode, where the adversary is only able to perform one observation per operation. More advanced side channels such as exploitation of the thread scheduler [19], cache attack on interrupted execution of Intel Software Guard eXtension (SGX) [20], performance degradation [21] and leakage of other microarchitectural resources [22,23] remind us the importance of constant-time software implementations. One way to achieve constant-time memory behavior, is the adoption of small tables in combination with accessing all cache lines on each lookup [7].…”

MemJam: A False Dependency Attack Against Constant-Time Crypto Implementations

Virtualization Technologies and Cloud Security: Advantages, Issues, and Perspectives

ZLiTE: Lightweight Clients for Shielded Zcash Transactions Using Trusted Execution