Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity

22nd Annual Network and Distributed System Security Symposium, NDSS 2015

Volumn , Issue , 2015, Pages

  Crane, Stephen ^a   Homescu, Andrei ^a   Brunthaler, Stefan ^a   Larsen, Per ^a   Franz, Michael ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

PUBLIC KEY CRYPTOGRAPHY;

CONTROL-FLOW; DIVERSITY TECHNIQUES; DYNAMIC SOFTWARES; EXECUTION PATHS; INPUT PROGRAMS; PROBABILISTICS; PROGRAM EXECUTION; PROGRAM FRAGMENTS; SIDE-CHANNEL ATTACKS; SOFTWARE DIVERSITY;

SIDE CHANNEL ATTACK;

EID: 85180402958     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.14722/ndss.2015.23264     Document Type: Conference Paper

References (41)

1. F. Cohen, “Operating system protection through program evolution, ” Computers and Security, vol. 12, no. 6, pp. 565-584, Oct. 1993.
2. S. Forrest, A. Somayaji, and D. Ackley, “Building diverse computer systems, ” in Proceedings of the 6th Workshop on Hot Topics in Operating Systems (HOTOS'97), 1997, pp. 67-72.
3. V. Pappas, M. Polychronakis, and A. D. Keromytis, “Smashing the gadgets: Hindering return-oriented programming using in-place code randomization, ” in Proceedings of the 33rd IEEE Symposium on Security and Privacy (S&P'12), 2012, pp. 601-615.
4. J. Hiser, A. Nguyen-Tuong, M. Co, M. Hall, and J. W. Davidson, “ILR: Where'd my gadgets go?” in Proceedings of the 33rd IEEE Symposium on Security and Privacy (S&P'12), 2012, pp. 571-585.
5. R. Wartell, V. Mohan, K. W. Hamlen, and Z. Lin, “Binary stirring: self-randomizing instruction addresses of legacy x86 binary code, ” in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS'12). ACM, 2012, pp. 157-168.
6. C. Giuffrida, A. Kuijsten, and A. S. Tanenbaum, “Enhanced operating system security through efficient and fine-grained address space randomization, ” in Proceedings of the 21st USENIX Security Symposium, 2012, pp. 475-490.
7. B. Coppens, B. De Sutter, and J. Maebe, “Feedback-driven binary code diversification, ” ACM Transactions on Architecture and Code Optimization, vol. 9, no. 4, pp. 24:1-24:26, Jan. 2013.
8. C. S. Collberg, S. Martin, J. Myers, and J. Nagra, “Distributed application tamper detection via continuous software updates, ” in Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC'12), 2012, pp. 319-328.
9. G. Novark and E. D. Berger, “Dieharder: securing the heap, ” in Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS'10). ACM, 2010, pp. 573-584.
10. E. Shioji, Y. Kawakoya, M. Iwamura, and T. Hariu, “Code shredding: byte-granular randomization of program layout for detecting code-reuse attacks, ” in Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC'12), 2012, pp. 309-318.
11. A. Homescu, S. Brunthaler, P. Larsen, and M. Franz, “librando: Transparent code randomization for just-in-time compilers, ” in Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS'13). ACM, 2013, pp. 993-1004.
12. B. Anckaert, M. Jakubowski, R. Venkatesan, and K. D. Bosschere, “Run-time randomization to mitigate tampering, ” in Proceedings of the 2nd International Workshop on Security (IWSEC'07), 2007, pp. 153-168.
13. E. Tromer, D. A. Osvik, and A. Shamir, “Efficient cache attacks on AES, and countermeasures, ” Journal of Cryptology, vol. 23, no. 1, pp. 37-71, Jan. 2010.
14. Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart, “Cross-VM side channels and their use to extract private keys, ” in Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS'12). ACM, 2012, pp. 305-316.
15. A. Homescu, S. Neisius, P. Larsen, S. Brunthaler, and M. Franz, “Profile-guided automatic software diversity, ” in Proceedings of the 11th IEEE/ACM International Symposium on Code Generation and Optimization (CGO'13), 2013, pp. 1-11.
16. D. Gullasch, E. Bangerter, and S. Krenn, “Cache games - bringing access-based cache attacks on AES to practice, ” in Proceedings of the 32nd IEEE Symposium on Security and Privacy (S&P'11), 2011, pp. 490-505.
17. Y. Yarom and K. Falkner, “Flush+reload: a high resolution, low noise, L3 cache side-channel attack, ” Cryptology ePrint Archive, Report 2013/448, 2013.
18. T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds, ” in Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS'09). ACM, 2009, pp. 199-212.
19. M. Saito and M. Matsumoto, “SIMD-Oriented fast mersenne twister: a 128-bit pseudorandom number generator, ” in Monte Carlo and Quasi-Monte Carlo Methods 2006, A. Keller, S. Heinrich, and H. Niederreiter, Eds. Springer Berlin Heidelberg, Jan. 2008, pp. 607-622.
20. C. Lattner and V. Adve, “LLVM: A compilation framework for lifelong program analysis & transformation, ” in Proceedings of the 2nd IEEE/ACM International Symposium on Code Generation and Optimization (CGO'04), 2004, pp. 75-87.
21. J. Irwin, D. Page, and N. Smart, “Instruction stream mutation for non-deterministic processors, ” in Proceedings of the 13th IEEE International Conference on Application-Specific Systems, Architectures and Processors (ASAP'02), 2002, pp. 286-295.
22. J. A. Ambrose, R. G. Ragel, and S. Parameswaran, “RIJID: random code injection to mask power analysis based side channel attacks, ” in Proceedings of the 44th Design Automation Conference (DAC'07). ACM, 2007, pp. 489-492.
23. G. Doychev, D. Feld, B. Köpf, L. Mauborgne, and J. Reineke, “Cacheaudit: A tool for the static analysis of cache side channels, ” in Proceedings of the 22nd USENIX Security Symposium, 2013, pp. 431-446.
24. P. C. Kocher, “Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems, ” in Advances in Cryptology (CRYPTO'96), ser. Lecture Notes in Computer Science, N. Koblitz, Ed. Springer Berlin Heidelberg, Jan. 1996, no. 1109, pp. 104-113.
25. P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis, ” in Advances in Cryptology (CRYPTO'99), ser. Lecture Notes in Computer Science, M. Wiener, Ed. Springer Berlin Heidelberg, Jan. 1999, no. 1666, pp. 388-397.
26. D. Genkin, A. Shamir, and E. Tromer, “RSA key extraction via low-bandwidth acoustic cryptanalysis, ” in Advances in Cryptology (CRYPTO'14), ser. Lecture Notes in Computer Science, J. A. Garay and R. Gennaro, Eds. Springer Berlin Heidelberg, Jan. 2014.
27. D. Page, “Theoretical use of cache memory as a cryptanalytic side-channel, ” Cryptology ePrint Archive, Report 2002/169, 2002.
28. Y. Tsunoo, T. Saito, T. Suzaki, M. Shigeri, and H. Miyauchi, “Cryptanalysis of DES implemented on computers with cache, ” in Cryptographic Hardware and Embedded Systems (CHES'03), ser. Lecture Notes in Computer Science, C. D. Walter, Ç. K. Koç, and C. Paar, Eds. Springer Berlin Heidelberg, Jan. 2003, no. 2779, pp. 62-76.
29. D. J. Bernstein, “Cache-timing attacks on AES, ” Preprint, 2005.
30. D. A. Osvik, A. Shamir, and E. Tromer, “Cache attacks and countermeasures: The case of AES, ” in Topics in Cryptology (CT-RSA'06), ser. Lecture Notes in Computer Science, D. Pointcheval, Ed. Springer Berlin Heidelberg, Jan. 2006, no. 3860, pp. 1-20.
31. R. Hund, C. Willems, and T. Holz, “Practical timing side channel attacks against kernel space ASLR, ” in Proceedings of the 34th IEEE Symposium on Security and Privacy (S&P'13), 2013.
32. D. Page, “Partitioned cache architecture as a side-channel defence mechanism, ” Cryptology ePrint Archive, Report 2005/280, 2005.
33. Z. Wang and R. B. Lee, “New cache designs for thwarting software cache-based side channel attacks, ” in Proceedings of the 34th International Symposium on Computer Architecture (ISCA'07). ACM, 2007, pp. 494-505.
34. S. Gueron, “Intel advanced encryption standard (AES) instructions set, ” Intel White Paper, 2010.
35. D. Page, “Defending against cache-based side-channel attacks, ” Information Security Technical Report, vol. 8, no. 1, pp. 30-44, 2003.
36. E. Brickell, G. Graunke, M. Neve, and J.-P. Seifert, “Software mitigations to hedge AES against cache-based software side channel vulnerabilities.” Cryptology ePrint Archive, Report 2006/052, 2006.
37. J. V. Cleemput, B. Coppens, and B. De Sutter, “Compiler mitigations for time attacks on modern x86 processors, ” ACM Transactions on Architecture and Code Optimization, vol. 8, no. 4, pp. 23:1-23:20, Jan. 2012.
38. Y. Zhang and M. K. Reiter, “Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud, ” in Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS'13). ACM, 2013, pp. 827-838.
39. P. Larsen, A. Homescu, S. Brunthaler, and M. Franz, “SoK: automated software diversity, ” in Proceedings of the 35th IEEE Symposium on Security and Privacy (S&P'14), 2014, pp. 276-291.
40. C. Collberg, C. Thomborson, and D. Low, “A taxonomy of obfuscating transformations, ” Department of Computer Science, University of Auckland, New Zealand, Tech. Rep. 148, 1997.
41. C. S. Collberg, C. D. Thomborson, and D. Low, “Manufacturing cheap, resilient, and stealthy opaque constructs, ” in Proceedings of the 25th ACM Symposium on Principles of Programming Languages (POPL'98), 1998, pp. 184-196.