• Abstract and Figures
• Public Full-text

AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Marc GreenW, Leandro Rodrigues-LimaF, Andreas ZanklF, Gorka IrazoquiW, Johann HeyszlF, and Thomas EisenbarthW August 18th 2017 – USENIX Security Symposium The Big Picture Cache Attacks AutoLock ————————- ————————- Transition of attacks: −! Dedicated countermeasures desktop & server ! mobile are still necessary for protection Vulnerabililty and risk assessment −! Eviction-based attacks are are important, but challenging harder than previously believed Limited understanding of −! Undocumented performance commercial microarchitectures feature of inclusive caches on ARM AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 2 Cache Basics AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 3 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 4 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 5 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 6 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 7 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 8 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 9 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 10 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 11 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 12 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 13 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 14 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 15 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 16 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 17 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 18 Cache Attacks AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 19 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 20 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 21 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 22 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 23 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 24 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 25 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 26 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 27 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 28 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 29 Cache Attacks Cross-core Eviction 1.0 without eviction with eviction 0.8 0.6 0.4 Normalized frequency 0.2 0.0 400 600 800 1000 1200 1400 Clock cycles Qualcomm Krait 450 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 30 Cache Attacks Literature Method Task Reference Evict + Time Eviction [OST06] Prime + Probe Eviction [OST06] Evict + Reload Eviction [GSM15] Evict + Prefetch Eviction [GMF+16] Flush + Reload Flush [YF14] Flush + Prefetch Flush [GMF+16] Flush + Flush Flush [GMWM16] AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 31 Cache Attacks ARM Processors Flush on ARM Eviction on ARM Easy, fast, and robust Complex, slow, and error-prone Only from ARMv8 onwards All ARM architectures: v6, v7, v8 No guaranteed userspace access Userspace privileges are sufficient Limited number of devices Larger number of devices AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 32 AutoLock AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 33 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 34 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 35 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 36 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 37 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 38 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 39 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 40 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 41 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 42 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 43 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 44 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 45 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 46 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 47 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 48 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 49 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 50 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 51 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 52 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 53 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 54 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 55 AutoLock Definition A patented and undocumented performance feature of inclusive cache levels that transparently prevents the eviction of cache lines, if they are contained in higher cache levels. Automatic + Lockdown = “AutoLock” AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 56 Implications of AutoLock AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 57 Implications Impact in Theory Method Task Same-core Cross-core Evict + Time Eviction 37 Prime + Probe Eviction 37 Evict + Reload Eviction 37 Evict + Prefetch Eviction 37 Flush + * Flush 3 3 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al.

Load more

  70

Copy Link