CATalyst: Defeating last-level cache side channel attacks in cloud computing

Liu, Fangfei; Ge, Qian; Yarom, Yuval; Mckeen, Frank; Rozas, Carlos; Heiser, Gernot; Lee, Ruby B.

doi:10.1109/hpca.2016.7446082

Cited by 277 publications

(159 citation statements)

References 25 publications

Supporting

Mentioning

149

Contrasting

Order By: Relevance

“…However, they only used Admin VM as an agent to conduct security policy. Liu et al [14] proposed CATalyst, a pseudo-locking mechanism that uses CAT to partition the LLC (Last-level Cache) into hybrid hardware-software managed cache. They implemented a proof-of-concept system using Xen and Linux running on a server with Intel processors, and show that LLC side-channel attacks can be defeated.…”

Section: Related Workmentioning

confidence: 99%

An Access Control Model for Preventing Virtual Machine Escape Attack

Zhou

Chen

et al. 2017

Future Internet

View full text Add to dashboard Cite

Abstract:With the rapid development of Internet, the traditional computing environment is making a big migration to the cloud-computing environment. However, cloud computing introduces a set of new security problems. Aiming at the virtual machine (VM) escape attack, we study the traditional attack model and attack scenarios in the cloud-computing environment. In addition, we propose an access control model that can prevent virtual machine escape (PVME) by adapting the BLP (Bell-La Padula) model (an access control model developed by D. Bell and J. LaPadula). Finally, the PVME model has been implemented on full virtualization architecture. The experimental results show that the PVME module can effectively prevent virtual machine escape while only incurring 4% to 8% time overhead.

show abstract

Section: Related Workmentioning

confidence: 99%

An Access Control Model for Preventing Virtual Machine Escape Attack

Zhou

Chen

et al. 2017

Future Internet

View full text Add to dashboard Cite

show abstract

“…One popular mitigation technique is isolating security sensitive code execution. This is done by allocating private resources to security sensitive applications [6], [16], [24]. In [16], [24] hardware and software mechanisms are used to partition caches into private regions to mitigate cache-based timing side-channel attacks.…”

Section: Why Attenuating Timing Leakage Is Notmentioning

confidence: 99%

Øzone: Efficient execution with zero timing leakage for modern microarchitectures

Aweke

Austin

2017

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

View full text Add to dashboard Cite

Abstract-Time variation during program execution can leak sensitive information. Time variations due to program control flow and hardware resource contention have been used to steal encryption keys in cipher implementations such as AES and RSA. A number of approaches to mitigate timing-based side-channel attacks have been proposed including cache partitioning, controlflow obfuscation and injecting timing noise into the outputs of code. While these techniques make timing-based side-channel attacks more difficult, they do not eliminate the risks. Prior techniques are either too specific or too expensive, and all leave remnants of the original timing side channel for later attackers to attempt to exploit.In this work, we show that the state-of-the-art techniques in timing side-channel protection, which limit timing leakage but do not eliminate it, still have significant vulnerabilities to timing-based side-channel attacks. To provide a means for total protection from timing-based side-channel attacks, we develop Ozone, the first zero timing leakage execution resource for a modern microarchitecture. Code in Ozone execute under a special hardware thread that gains exclusive access to a single core's resources for a fixed (and limited) number of cycles during which it cannot be interrupted. Memory access under Ozone thread execution is limited to a fixed size uncached scratchpad memory, and all Ozone threads begin execution with a known fixed microarchitectural state. We evaluate Ozone using a number of security sensitive kernels that have previously been targets of timing side-channel attacks, and show that Ozone eliminates timing leakage with minimal performance overhead. I. INTRODUCTIONPerhaps the most fruitful hardware security vulnerability has been timing-based side-channel attacks. A timing-based sidechannel attack 1 is one in which the time it takes to perform specific operations reveals information about secrets within the system. There are three characteristics of modern systems that enable timing-based side-channel attacks: 1. Variable-latency operations: In an effort to improve the performance of a system, common operations are made to take less time to execute than uncommon ones; thus, it becomes possible to infer the constituency of instructions a program executes simply by examining its latency. Furthermore, control flow, speculation, caches, and a variety of other system features render execution latencies that are a function of the program's code and data, thereby creating opportunities to learn about such things. Kocher used this characteristic to attack RSA authentication [11], after noting that early RSA implentations performed different amounts of work for "0" and "1" key bits. 2. Resource sharing: To keep costs in check, functional and storage resources in a modern microarchitecture are shared concurrently among threads and processes; thus, it becomes possible for an attacker program to create contention on these resources and examine, by virtue of its own performance, the extent to which the sha...

show abstract

“…We expect that vCAT could be applied here as well, while also providing cache isolation among tasks, a property that cannot be achieved by existing CAT-based solutions such as [18].…”

Section: Related Workmentioning

confidence: 99%

“…We reserved cache partitions 0-7 (CBM bitmask 0×000FF) to CPU1 and partitions 8-15 (CBM bitmask 0×0FF00) to CPU2. We flushed the entire cache initially, and mitigated potential interference to CPU1 and CPU2 by moving all system services to the remaining cores and assigning to them the remaining partitions (partitions [16][17][18][19]. We created a periodic task that sequentially accesses a 4MB array.…”

Section: Cache Lookup Controlmentioning

confidence: 99%

vCAT: Dynamic Cache Management Using CAT Virtualization

Thi²,

Phan

et al. 2017

2017 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS)

View full text Add to dashboard Cite

This paper presents vCAT, a novel design for dynamic shared cache management on multicore virtualization platforms based on Intel's Cache Allocation Technology (CAT). Our design achieves strong isolation at both task and VM levels through cache partition virtualization, which works in a similar way as memory virtualization, but has challenges that are unique to cache and CAT. To demonstrate the feasibility and benefits of our design, we provide a prototype implementation of vCAT, and we present an extensive set of microbenchmarks and performance evaluation results on the PARSEC benchmarks and synthetic workloads, for both static and dynamic allocations. The evaluation results show that (i) vCAT can be implemented with minimal overhead, (ii) it can be used to mitigate shared cache interference, which could have caused task WCET increased by up to 7.2 x, (iii) static management in vCAT can increase system utilization by up to 7 x compared to a system without cache management; and (iv) dynamic management substantially outperforms static management in terms of schedulable utilization (increase by up to 3 x in our multi-mode example use case). Abstract-This paper presents vCAT, a novel design for dynamic shared cache management on multicore virtualization platforms based on Intel's Cache Allocation Technology (CAT). Our design achieves strong isolation at both task and VM levels through cache partition virtualization, which works in a similar way as memory virtualization, but has challenges that are unique to cache and CAT. To demonstrate the feasibility and benefits of our design, we provide a prototype implementation of vCAT, and we present an extensive set of microbenchmarks and performance evaluation results on the PARSEC benchmarks and synthetic workloads, for both static and dynamic allocations. The evaluation results show that (i) vCAT can be implemented with minimal overhead, (ii) it can be used to mitigate shared cache interference, which could have caused task WCET increased by up to 7.2×, (iii) static management in vCAT can increase system utilization by up to 7× compared to a system without cache management; and (iv) dynamic management substantially outperforms static management in terms of schedulable utilization (increase by up to 3× in our multi-mode example use case). Disciplines Computer Engineering | Computer Sciences

show abstract

CATalyst: Defeating last-level cache side channel attacks in cloud computing

Cited by 277 publications

References 25 publications

An Access Control Model for Preventing Virtual Machine Escape Attack

An Access Control Model for Preventing Virtual Machine Escape Attack

Øzone: Efficient execution with zero timing leakage for modern microarchitectures

vCAT: Dynamic Cache Management Using CAT Virtualization

Contact Info

Product

Resources

About