Autolock: Why Cache Attacks on ARM Are Harder Than You Think

AutoLock: Why Cache Attacks on ARM Are Harder Than You Think Marc GreenW, Leandro Rodrigues-LimaF, Andreas ZanklF, Gorka IrazoquiW, Johann HeyszlF, and Thomas EisenbarthW August 18th 2017 – USENIX Security Symposium The Big Picture Cache Attacks AutoLock ————————- ————————- Transition of attacks: −! Dedicated countermeasures desktop & server ! mobile are still necessary for protection Vulnerabililty and risk assessment −! Eviction-based attacks are are important, but challenging harder than previously believed Limited understanding of −! Undocumented performance commercial microarchitectures feature of inclusive caches on ARM AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 2 Cache Basics AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 3 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 4 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 5 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 6 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 7 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 8 Cache Basics Hierarchy AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 9 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 10 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 11 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 12 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 13 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 14 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 15 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 16 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 17 Cache Basics Inclusiveness AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 18 Cache Attacks AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 19 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 20 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 21 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 22 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 23 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 24 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 25 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 26 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 27 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 28 Cache Attacks Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 29 Cache Attacks Cross-core Eviction 1.0 without eviction with eviction 0.8 0.6 0.4 Normalized frequency 0.2 0.0 400 600 800 1000 1200 1400 Clock cycles Qualcomm Krait 450 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 30 Cache Attacks Literature Method Task Reference Evict + Time Eviction [OST06] Prime + Probe Eviction [OST06] Evict + Reload Eviction [GSM15] Evict + Prefetch Eviction [GMF+16] Flush + Reload Flush [YF14] Flush + Prefetch Flush [GMF+16] Flush + Flush Flush [GMWM16] AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 31 Cache Attacks ARM Processors Flush on ARM Eviction on ARM Easy, fast, and robust Complex, slow, and error-prone Only from ARMv8 onwards All ARM architectures: v6, v7, v8 No guaranteed userspace access Userspace privileges are sufﬁcient Limited number of devices Larger number of devices AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 32 AutoLock AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 33 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 34 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 35 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 36 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 37 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 38 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 39 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 40 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 41 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 42 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 43 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 44 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 45 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 46 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 47 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 48 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 49 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 50 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 51 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 52 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 53 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 54 AutoLock Cross-core Eviction AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 55 AutoLock Deﬁnition A patented and undocumented performance feature of inclusive cache levels that transparently prevents the eviction of cache lines, if they are contained in higher cache levels. Automatic + Lockdown = “AutoLock” AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 56 Implications of AutoLock AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al. j USENIX Security 2017 j 57 Implications Impact in Theory Method Task Same-core Cross-core Evict + Time Eviction 37 Prime + Probe Eviction 37 Evict + Reload Eviction 37 Evict + Prefetch Eviction 37 Flush + * Flush 3 3 AutoLock: Why Cache Attacks on ARM Are Harder Than You Think j Green et al.

Autolock: Why Cache Attacks on ARM Are Harder Than You Think

Details

Download

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

Support