Connecting the dots: Privacy leakage via write-access patterns to the main memory

John, Tara Merin; Haider, Syed Kamran; Omar, Hamza; Dijk, Marten van

doi:10.1109/hst.2017.7951834

Cited by 5 publications

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attacker could perform access pattern analysis to infer sensitive information from the memory accesses or the MMIO packets [57], [58]. We also consider DMA attacks [59], where an attacker take snapshots of the memory content at a high frequency, and cold boot attacks, where an attacker exploits the memory retention behavior DRAM to extract the content of memory directly. However, we assume that the tightly integrated PIM-enabled memory bank which includes the PIM core, PIM local memory and the access control logic are secure from physical attacks.…”

Section: Threat Model and Assumptionsmentioning

confidence: 99%

PIM-Enclave: Bringing Confidential Computation Inside Memory

Duy¹,

Lee²

2021

Preprint

View full text Add to dashboard Cite

Demand for data-intensive workloads and confidential computing are the prominent research directions shaping the future of cloud computing. Computer architectures are evolving to accommodate the computing of large data better. Protecting the computation of sensitive data is also an imperative yet challenging objective; processor-supported secure enclaves serve as the key element in confidential computing in the cloud. However, side-channel attacks are threatening their security boundaries. The current processor architectures consume a considerable portion of its cycles in moving data. Near data computation is a promising approach that minimizes redundant data movement by placing computation inside storage. In this paper, we present a novel design for Processing-In-Memory (PIM) as a dataintensive workload accelerator for confidential computing. Based on our observation that moving computation closer to memory can achieve efficiency of computation and confidentiality of the processed information simultaneously, we study the advantages of confidential computing inside memory. We then explain our security model and programming model developed for PIMbased computation offloading. We construct our findings into a software-hardware co-design, which we call PIM-Enclave. Our design illustrates the advantages of PIM-based confidential computing acceleration. Our evaluation shows PIM-Enclave can provide a side-channel resistant secure computation offloading and run data-intensive applications with negligible performance overhead compared to baseline PIM model.

show abstract

Section: Threat Model and Assumptionsmentioning

confidence: 99%

PIM-Enclave: Bringing Confidential Computation Inside Memory

Duy¹,

Lee²

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Research has also shown that routers in the on-chip networks expose application traffic traces [23] that leads to information leakage. Furthermore, information can also be leaked via off-chip memory-based timing channels, where the adversary monitors memory latencies of the victim application [48], [49]. Prior works have explored various mitigation mechanisms, such as employing time-multiplexed memory bandwidth reservation [29], or adopting a non-interference memory controller [50].…”

Section: B Protecting Non-speculative Microarchitecture Statementioning

confidence: 99%

IRONHIDE: A Secure Multicore that Efficiently Mitigates Microarchitecture State Attacks for Interactive Applications

Omar

Khan

2020

2020 IEEE International Symposium on High Performance Computer Architecture (HPCA)

Self Cite

View full text Add to dashboard Cite

Microprocessors enable aggressive hardware virtualization by means of which multiple processes temporally execute on the system. These security-critical and ordinary processes interact with each other to assure application progress. However, temporal sharing of hardware resources exposes the processor to various microarchitecture state attacks. State-of-the-art secure processors, such as MI6 adopt Intel's SGX enclave execution model. MI6 architects strong isolation by statically isolating shared memory state, and purging the microarchitecture state of private core, cache, and TLB resources on every enclave entry and exit. The purging overhead significantly impacts performance as the interactivity across the secure and insecure processes increases. This paper proposes IRONHIDE that implements strong isolation in the context of multicores to form spatially isolated secure and insecure clusters of cores. For an interactive application comprising of secure and insecure processes, IRONHIDE pins the secure process(es) to the secure cluster, where they execute and interact with the insecure process(es) without incurring the microarchitecture state purging overheads on every interaction event. IRONHIDE improves performance by 2.1× over the MI6 baseline for a set of user and OS interactive applications. Moreover, IRONHIDE improves performance by 20% over an SGX-like baseline, while also ensuring strong isolation guarantees against microarchitecture state attacks.

show abstract