Cache Attacks on ARM
Moritz Lipp Cache Attacks on ARM Master thesis Graz, University Of Technology NOTICE If you want to cite this work based on last-level cache attacks on ARM, please cite the following research paper instead: •L ipp, Moritz ; Gruss, Daniel ; Spreitzer, Raphael ; Maurice, Clementine´ ;Mangard, Stefan: ARMageddon: Cache Attacks on Mobile De- vices. In: 25th USENIX Security Symposium (USENIX Security 16). Austin, TX : USENIX Association, August 2016. – ISBN 978–1–931971– 32–4, 549–564 If you want to cite this work in respect to rowhammer on ARM-based devices, please cite the following publication instead: •V een, Victor van d. ; Fratantonio, Yanick ; Lindorfer, Martina ; Gruss, Daniel ; Maurice, Clementine´ ; Vigna, Giovanni ; Bos, Her- bert ; Razavi, Kaveh ; Giuffrida, Christiano: Drammer : Determinis- tic Rowhammer Attacks on Commodity Mobile Platforms. In: ACM Conference on Computer and Communications Security – CCS, 2016 Contents 1 Introduction 1 1.1 Motivation . .3 1.2 Key Challenges and Results . .4 1.3 Contributions . .5 1.4 Test devices . .6 1.5 Outline . .7 2 Background 9 2.1 CPU caches . .9 2.2 Cache coherence . 18 2.3 Shared memory . 29 2.4 Cache Attacks . 31 2.5 DRAM . 39 3 Attack primitives 43 3.1 Timing Measurements . 43 3.2 Cache Eviction . 47 3.3 Defeating the Cache-Organization . 53 4 Attack Case Studies 57 4.1 High Performance Covert-Channels . 58 4.2 Spying on User input . 62 4.3 Attacks on Cryptographic Algorithms . 69 4.4 Rowhammer on ARM . 75 5 Countermeasures 79 6 Conclusion 81 i List of tables . 83 List of figures . 86 List of acronyms .
[Show full text]