Information Trust Institute

Back to Listing

TSS Seminar: Secure Hierarchy-Aware Replacement Policy (SHARP): Defending Against Cache-Based Side Channel Attacks

Event Type
Information Trust Institute
Coordinated Science Lab Auditorium (B02)
Jan 31, 2017   4:00 pm  
Mengjia Yan, University of Illinois at Urbana-Champaign

Abstract: Side channel attacks are increasingly becoming an ominous threat in  today's digitized world. As side channel attacks rely on exploiting  security vulnerabilities in hardware instead of bugs directly within  software, they are notoriously difficult to prevent. In this work,  we focus on cross-core cache-based side channel attacks, where an  attacker on one core steals secret information by probing a processor's  cache while the program of interest is running on another core. These  attacks have been gaining popularity. Attacks currently exist for major  processor vendors and have implementations for many applications in the  mobile, desktop, and cloud domains. Presently, all proposed solutions  have the drawback of either requiring code to be modified or being unable  to dynamically share the entire cache between different programs. 

In this paper we propose a new secure hierarchy-aware replacement policy  (SHARP), which is an efficient approach to defend against all existing  cache-based side channel attacks. SHARP leverages the insight that modern  last-level cache eviction policies are vulnerable to cache-based side  channel attacks. This is because modern cache replacement policies only  consider temporal usage information about cache lines, and are oblivious to  which core an eviction-causing access comes from. In SHARP, we monitor the  presence of the last-level cache ways in higher level caches and take this  into account in our replacement policy algorithm. In addition, we slightly  modify the permissions of the clflush instruction in userspace to disable  attacks using this instruction. SHARP works for all existing applications  without requiring any code modifications. 

link for robots only