StealthMem: System-level protection against cache-based side channel attacks in the cloud

Proceedings of the 21st USENIX Security Symposium

Volumn , Issue , 2012, Pages 189-204

  Kim, Taesoo ^a   Peinado, Marcus ^b   Mainar Ruiz, Gloria ^b  

^a MASSACHUSETTS INSTITUTE OF TECHNOLOGY   (United States)

^b MICROSOFT RESEARCH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

APPLICATION PROGRAMS; BENCHMARKING; CACHE MEMORY; LOCKS (FASTENERS); MEMORY ARCHITECTURE;

ARCHITECTURAL PROPERTIES; COMMODITY HARDWARE; CONFIDENTIAL DATA; MEMORY ACCESS PATTERNS; MITIGATION METHODS; PHYSICAL RESOURCES; PROTECTION MECHANISMS; SET ASSOCIATIVE CACHE;

SIDE CHANNEL ATTACK;

EID: 85073538603     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (45)

1. Data Encryption Standard (DES). In FIPS PUB 46, Federal Information Processing Standards Publication (1977).
2. Advanced Encryption Standard (AES). In FIPS PUB 197, Federal Information Processing Standards Publication (2001).
3. ACIIÇMEZ, O., AND ÇETIN KAYA KOÇ. Trace-driven cache attacks on AES. Cryptology ePrint Archive, Report 2006/138, 2006.
4. ACIIÇMEZ, O., SCHINDLER, W., AND ÇETIN K. KOÇ. Cache based remote timing attack on the AES. In Topics in Cryptology – CT-RSA 2007, The Cryptographers’ Track at the RSA Conference 2007 (2007), Springer-Verlag, pp. 271–286.
5. AMAZON, INC. Amazon Elastic Compute Cloud (EC2). http://aws.amazon.com/ec2, 2012.
6. AMD, INC. AMD64 Architecture Programmer’s Manual. No. 24594. December 2011.
7. AVIRAM, A., HU, S., FORD, B., AND GUMMADI, R. Determinating timing channels in compute clouds. In Proceedings of the 2010 ACM Cloud Computing Security Workshop (2010), pp. 103–108.
8. BERNSTEIN, D. J. Cache-timing attacks on AES. Available at: http://cr.yp.to/antiforgery/cachetiming-20050414. pdf, 2005.
9. BONNEAU, J., AND MIRONOV, I. Cache-collision timing attacks against AES. In Proceedings of the 8th International Workshop on Cryptographic Hardware and Embedded Systems (2006), pp. 201–215.
10. BRICKELL, E., GRAUNKE, G., NEVE, M., AND SEIFERT, J.P. Software mitigations to hedge AES against cache-based software side channel vulnerabilities. IACR ePrint Archive, Report 2006/052, 2006.
11. COPPENS, B., VERBAUWHEDE, I., BOSSCHERE, K. D., AND SUTTER, B. D. Practical mitigations for timing-based side-channel attacks on modern x86 processors. In Proceedings of the 2009 IEEE Symposium on Security and Privacy (2009), pp. 45–60.
12. DOMNITSER, L., JALEEL, A., LOEW, J., ABU-GHAZALEH, N., AND PONOMAREV, D. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks. ACM Transactions on Architecture and Code Optimization 8, 4 (Jan. 2012), 35:1–35:21.
13. ERLINGSSON, Ú., AND ABADI, M. Operating system protection against side-channel attacks that exploit memory latency. Tech. Rep. MSR-TR-2007-117, Microsoft Research, August 2007.
14. GULLASCH, D., BANGERTER, E., AND KRENN, S. Cache Games – bringing access-based cache attacks on AES to practice. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (May 2011), pp. 490 –505.
15. HU, W. M. Reducing timing channels with fuzzy time. In Proceedings of the 1991 IEEE Symposium on Security and Privacy (1991), pp. 8–20.
16. R 64 and IA-32 Architectures Software Developer’s Manual. No. 253669-033US. December 2009.
17. INTEL, INC. Advanced Encryption Standard (AES) Instructions Set. http://software.intel.com/file/24917, 2010.
18. ION, I., SACHDEVA, N., KUMARAGURU, P., AND ČAPKUN, S. Home is safer than the cloud! Privacy concerns for consumer cloud storage. In Proceedings of the Seventh Symposium on Usable Privacy and Security (2011), pp. 13:1–13:20.
19. JALEEL, A. Memory characterization of workloads using instrumentation-driven simulation – a pin-based memory characterization of the SPEC CPU2000 and SPEC CPU2006 benchmark suites. Tech. rep., VSSAD, 2007.
20. JANSEN, W., AND GRANCE, T. Guidelines on security and privacy in public cloud computing. NIST Special Publication 800-144, December 2011.
21. KIM, S., CHANDRA, D., AND SOLIHIN, Y. Fair cache sharing and partitioning in a chip multiprocessor architecture. In Proceedings of the 13th International Conference on Parallel Architectures and Compilation Techniques (2004), pp. 111–122.
22. KOCHER, P. C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Advances in Cryptology (1996), pp. 104–113.
23. KONG, J., ACIIÇMEZ, O., SEIFERT, J.-P., AND ZHOU, H. Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 2nd ACM Workshop on Computer Security Architectures (2008), pp. 25–34.
24. KONG, J., ACIIÇMEZ, O., SEIFERT, J.-P., AND ZHOU, H. Hardware-software integrated approaches to defend against software cache-based side channel attacks. In Proceedings of the 15th International Conference on High Performance Computer Architecture (2009), pp. 393–404.
25. MANGALINDAN, J. Is user data safe in the cloud? http://tech.fortune.cnn.com/2010/09/24/ is-user-data-safe-in-the-cloud, September 2010.
26. MICROSOFT, INC. Microsoft Azure Services Platform. http://www.microsoft.com/azure/.
27. MOSCIBRODA, T., AND MUTLU, O. Memory performance attacks: denial of memory service in multi-core systems. In Proceedings of the 16th USENIX Security Symposium (2007), pp. 257–274.
28. MÜLLER, T., DEWALD, A., AND FREILING, F. C. AESSE: a cold-boot resistant implementation of AES. In Proceedings of the Third European Workshop on System Security (2010), pp. 42–47.
29. NEVE, M., AND SEIFERT, J.-P. Advances on access-driven cache attacks on AES. In Selected Areas in Cryptography, vol. 4356. 2007, pp. 147–162.
30. OSVIK, D. A., SHAMIR, A., AND TROMER, E. Cache attacks and countermeasures: the case of AES. In Topics in Cryptology - CT-RSA 2006, The Cryptographers Track at the RSA Conference 2006 (2005), pp. 1–20.
31. PAGE, D. Theoretical use of cache memory as a cryptanalytic side-channel. Tech. Rep. CSTR-02-003, Department of Computer Science, University of Bristol, June 2002.
32. PERCIVAL, C. Cache missing for fun and profit. In BSDCan 2005 (Ottawa, 2005).
33. RAJ, H., NATHUJI, R., SINGH, A., AND ENGLAND, P. Resource management for isolation enhanced cloud services. In Proceedings of the 2009 ACM Cloud Computing Security Workshop (2009), pp. 77–84.
34. RISTENPART, T., TROMER, E., SHACHAM, H., AND SAVAGE, S. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security (2009), pp. 199–212.
35. SCHNEIER, B. The Blowfish encryption algorithm. http://www.schneier.com/blowfish.html.
36. SCHNEIER, B. The Blowfish source code. http://www.schneier.com/blowfish-download.html.
37. (SPEC), S. P. E. C. The SPEC CPU 2006 Benchmark Suite. http://www.specbench.org.
38. SUZAKI, K., IIJIMA, K., YAGI, T., AND ARTHO, C. Memory deduplication as a threat to the guest OS. In Proceedings of the Fourth European Workshop on System Security (EUROSEC’11) (2011), pp. 1:1–1:6.
39. TROMER, E., OSVIK, D. A., AND SHAMIR, A. Efficient cache attacks on AES, and countermeasures. Journal of Cryptology 23, 2 (2010), 37–71.
40. TSUNOO, Y., SAITO, T., SUZAKI, T., AND SHIGERI, M. Cryptanalysis of DES implemented on computers with cache. In Proceedings of the 2003 Cryptographic Hardware and Embedded Systems (2003), pp. 62–76.
41. WANG, Z., AND LEE, R. B. Covert and side channels due to processor architecture. In Proceedings of the 22nd Annual Computer Security Applications Conference (December 2006), pp. 473 –482.
42. WANG, Z., AND LEE, R. B. New cache designs for thwarting software cache-based side channel attacks. In Proceedings of the 34th International Symposium on Computer Architecture (2007), pp. 494–505.
43. WANG, Z., AND LEE, R. B. A novel cache architecture with enhanced performance and security. In Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture (2008), pp. 83–93.
44. XU, Y., BAILEY, M., JAHANIAN, F., JOSHI, K., HILTUNEN, M., AND SCHLICHTING, R. An exploration of L2 cache covert channels in virtualized environments. In Proceedings of the 2011 ACM Cloud Computing Security Workshop (2011), pp. 29–40.
45. ZHANG, Y., JUELS, A., OPREA, A., AND REITER, M. K. Home-Alone: Co-residency detection in the cloud via side-channel analysis. In Proceedings of the 2011 IEEE Symposium on Security and Privacy (2011), pp. 313–328.