Advertisement

Journal of Cryptographic Engineering

, Volume 8, Issue 1, pp 1–27 | Cite as

A survey of microarchitectural timing attacks and countermeasures on contemporary hardware

  • Qian Ge
  • Yuval Yarom
  • David Cock
  • Gernot Heiser
Regular Paper

Abstract

Microarchitectural timing channels expose hidden hardware states though timing. We survey recent attacks that exploit microarchitectural features in shared hardware, especially as they are relevant for cloud computing. We classify types of attacks according to a taxonomy of the shared resources leveraged for such attacks. Moreover, we take a detailed look at attacks used against shared caches. We survey existing countermeasures. We finally discuss trends in attacks, challenges to combating them, and future directions, especially with respect to hardware support.

Keywords

Microarchitectural timing attacks Cache-based timing attacks Countermeasures Trend in the attacks 

Notes

Acknowledgements

We would like to thank Toby Murray for his comments and feedback.

References

  1. 1.
    Acıiçmez, O.: Yet another microarchitectural attack: exploiting I-cache. In: ACM Computer Security Architecture Workshop (CSAW), Fairfax, VA, US (2007)Google Scholar
  2. 2.
    Acıiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: International Conference on Information and Communications Security (ICICS), pp. 112–121, Raleigh, NC, US (2006)Google Scholar
  3. 3.
    Acıiçmez, O., Koç, Ç.K.: Microarchitectural attacks and countermeasures. In: Cryptographic Engineering, pp. 475–504 (2009)Google Scholar
  4. 4.
    Acıiçmez, O., Gueron, S., Seifert, J.-P.: New branch prediction vulnerabilities in openSSL and necessary software countermeasures. In: 11th IMA International Conference on Cryptography and Coding, pp. 185–203, Cirencester, UK (2007)Google Scholar
  5. 5.
    Acıiçmez, O., Koç, Ç.K., Seifert, J.-P.: Predicting secret keys via branch prediction. In: Proceedings of the 2007 Crytographers’ track at the RSA Conference on Topics in Cryptology, pp. 225–242 (2007)Google Scholar
  6. 6.
    Acıiçmez, O., Koç, Ç.K., Seifert, J.-P.: On the power of simple branch prediction analysis. In: 2nd ACM Symposium on Information, Computer and Communications Security, Singapore (2007)Google Scholar
  7. 7.
    Acıiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: Workshop on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, US (2010)Google Scholar
  8. 8.
    Acıiçmez, O., Schindler, W.: A vulnerability in RSA implementations due to instruction cache analysis and its demonstration on OpenSSL. In: Crytographers’ Track at the RSA Conference on Topics in Cryptology, pp. 256–273, San Francisco, CA, US (2008)Google Scholar
  9. 9.
    Acıiçmez, O., Seifert, J.-P.: Cheap hardware parallelism implies cheap security. In: Fourth International Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 80–91, Vienna, AT (2007)Google Scholar
  10. 10.
    Acıiçmez, O., Schindler, W., Koç, Ç.K.: Cache based remote timing attack on the AES. In: Proceedings of the 2007 Crytographers’ Track at the RSA Conference on Topics in Cryptology, pp. 271–286, San Francisco, CA, US (2007)Google Scholar
  11. 11.
    AlFardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 526–540, San Francisco, CA (2013). doi: 10.1109/SP.2013.42
  12. 12.
    Allan, T., Brumley, B.B., Falkner, K., van de Pol, J., Yarom, Y.: Amplifying side channels through performance degradation. In: Annual Computer Security Applications Conference, Los Angeles, CA, US (2016)Google Scholar
  13. 13.
  14. 14.
    Anderson, D., Trodden, J.: Hypertransport System Architecture. (2003)Google Scholar
  15. 15.
    Anderson, R.J.: Security Engineering: A Guide to Building Depandable Distributed Systems. 2nd edn. (2008)Google Scholar
  16. 16.
    Andrysco, M., Kohlbrenner, D., Mowery, K., Jhala, R., Lerner, S., Shacham, H.: On subnormal floating point and abnormal timing. In: Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, US (2015)Google Scholar
  17. 17.
    Apache. Apache http server benchmarking tool (2013)Google Scholar
  18. 18.
    Arcangeli, A., Eidus, I., Wright, C.: Increasing memory density by using KSM. In: Proceedings of the 2009 Ottawa Linux Symposium, pp. 19–28, Montreal, Quebec, Canada (2009)Google Scholar
  19. 19.
  20. 20.
    ARM. Corelink level 2 cache controller L2C-310 technical reference manual, b. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0246h/DDI0246H_l2c310_r3p3_trm.pdf
  21. 21.
    Askarov, A., Zhang, D., Myers, A.C.: Predictive black-box mitigation of timing channels. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 520–538, Chicago, IL, US (2010)Google Scholar
  22. 22.
    Aviram, A., Hu, S., Ford, B., Gummadi, R.: Determinating timing channels in compute clouds. In: ACM Workshop on Cloud Computing Security, pp. 103–108, Chicago, IL, US (2010)Google Scholar
  23. 23.
    Aviram, A., Weng, S.-C., Hu, S., Ford, B.: Efficient system-enforced deterministic parallelism. In: Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, pp. 1–16, Vancouver, BC (2010)Google Scholar
  24. 24.
    Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh aah..., just a little bit”: a small amount of side channel can go a long way. In: Workshop on Cryptographic Hardware and Embedded Systems, pp. 75–92, Busan, KR (2014)Google Scholar
  25. 25.
    Bernstein, D.J.: Cache-timing attacks on AES (2005). Preprint available at http://cr.yp.to/papers.html#cachetiming
  26. 26.
    Bernstein, D.J., Schwabe, P.: A word of warning. In: Workshop on Cryptographic Hardware and Embedded Systems’13 Rump Session (2013)Google Scholar
  27. 27.
    Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Proceedings of the 2nd Conference on Cryptology and Information Security in Latin America (LATINCRYPT), pp. 159–176, Santiago, CL (2012)Google Scholar
  28. 28.
    Bershad, B.N., Lee, D., Romer, T.H., Bradley Chen, J.: Avoiding conflict misses dynamically in large direct-mapped caches. In: Proceedings of the 6th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 158–170 (1994)Google Scholar
  29. 29.
    Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC, US (2003)Google Scholar
  30. 30.
    Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. In: Workshop on Cryptographic Hardware and Embedded Systems, Yokohama, JP (2006)Google Scholar
  31. 31.
    Braun, B.A., Jana, S., Boneh, D.: Robust and efficient elimination of cache and timing side channels. arXiv preprint arXiv:1506.00189 (2015)
  32. 32.
    Brickell, E.: Technologies to improve platform security. In: Workshop on Cryptographic Hardware and Embedded Systems’11 Invited Talk (2011). http://www.iacr.org/workshops/ches/ches2011/presentations/Invited%201/CHES2011_Invited_1.pdf
  33. 33.
    Brickell, E., Graunke, G., Neve, M., Seifert, J.-P.: Software mitigations to hedge AES against cache-based software side channel vulnerabilities. IACR Cryptology ePrint Archive 2006, 52 (2006)Google Scholar
  34. 34.
    Brickell, E., Graunke, G., Seifert, J.-P.: Mitigating cache/timing based side-channels in AES and RSA software implementations. In: RSA Conference 2006 Session DEV-203 (2006)Google Scholar
  35. 35.
    Brumley, B.B., Hakala, R.M.: Cache-timing template attacks. In: Proceedings of the 15th Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT), pp. 667–684, Tokyo, JP (2009). doi: 10.1007/978-3-642-10366-7_39
  36. 36.
    Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th USENIX Security Symposium, pp. 1–14, Washington, DC, US (2003). doi: 10.1016/j.comnet.2005.01.010
  37. 37.
    Bulygin, Y.: CPU side-channels vs. virtualization malware: the good, the bad or the ugly. In: ToorCon: Seattle, Seattle, WA, US (2008)Google Scholar
  38. 38.
    Cardenas, C., Boppana, R.V.: Detection and mitigation of performance attacks in multi-tenant cloud computing. In: 1st International IBM Cloud Academy Conference, Research Triangle Park, NC, US (2012)Google Scholar
  39. 39.
    Chiappetta, M., Savas, E., Yilmaz, C.: Real time detection of cache-based side-channel attacks using Hardware Performance Counters. IACR Cryptology ePrint Archive, Report 2015/1034 (2015)Google Scholar
  40. 40.
    Cock, D.: Practical probability: applying pGCL to lattice scheduling. In: Proceedings of the 4th International Conference on Interactive Theorem Proving, pp. 1–16, Rennes, France (2013). doi: 10.1007/978-3-642-39634-2_23
  41. 41.
    Cock, D., Ge, Q., Murray, T., Heiser, G.: The last mile: an empirical study of some timing channels on seL4. In: ACM Conference on Computer and Communications Security, pp. 570–581, Scottsdale, AZ, USA (2014)Google Scholar
  42. 42.
    Colp, P.J., Zhang, J., Gleeson, J., Suneja, S., de Lara, E., Raj, H., Saroiu, S., Wolman, A.: Protecting data on smartphones and tablets from memory attacks. In: International Conference on Architectural Support for Programming Languages and Operating Systems, Istambul, TK (2015)Google Scholar
  43. 43.
    Coppens, B.: Ingrid Verbauwhede, Koen De Bosschere, and Bjorn De Sutter. Practical mitigations for timing-based side-channel attacks on modern x86 processors. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 45–60, Oakland, CA, US (2009)Google Scholar
  44. 44.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19, 236–242 (1976). doi: 10.1145/360051.360056 MathSciNetCrossRefzbMATHGoogle Scholar
  45. 45.
    DoD. Trusted Computer System Evaluation Criteria. Department of Defence (1986). DoD 5200.28-STDGoogle Scholar
  46. 46.
    Domnister, L., Jaleel, A., Loew, J., Abu-Ghazaleh, N., Ponomarev, D.: Non-monopolizable caches: low-complexity mitigation of cache side channel attacks. ACM Trans. Archit. Code Optim. 8(4) (2012)Google Scholar
  47. 47.
    DotCloud. DotClod developer cloud platform. https://www.dotcloud.com/
  48. 48.
    Doychev, G., Köpf, B., Mauborgne, L., Reineke, J.: CacheAudit: a tool for the static analysis of cache side channels. ACM Trans. Inf. Syst. Secur. 18(1), 4 (2015)CrossRefGoogle Scholar
  49. 49.
    Dunlap, G.W., King, S.T., Cinar, S., Basrai, M.A., Chen, P.M.: Revirt: enabling intrusion analysis through virtual-machine logging and replay. In: Proceedings of the 5th USENIX Symposium on Operating Systems Design and Implementation, Boston, MA, US (2002)Google Scholar
  50. 50.
    Dunlap, G.W. III: Execution replay for intrusion analysis. PhD thesis, University of Michigan (2006)Google Scholar
  51. 51.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Advances in Cryptology, Santa Barbara, CA, US (1985)Google Scholar
  52. 52.
    Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR. In: Proceedings of the 49th ACM/IEE International Symposium on Microarchitecture, Taipei, Taiwan (2016)Google Scholar
  53. 53.
    Fiorin, L., Palermo, G., Silvano, C.: A security monitoring service for NoCs. In: Proceedings of the 6th International Conference on Hardware/Software Codesign and System Synthesis, pp. 197–202, Atlanta, GA, USA (2008)Google Scholar
  54. 54.
    Fog, A.: The microarchitecture of Intel, AMD and VIA CPUs: an optimization guide for assembly programmers and compiler makers. http://www.agner.org/optimize/microarchitecture.pdf (2016)
  55. 55.
    Ford, B.: Plugging side-channel leaks with timing information flow control. In: Proceedings of the 4th USENIX Workschop on Hot Topics in Cloud Computing, pp. 1–5, Boston, MA, USA (2012)Google Scholar
  56. 56.
    Gallais, J.-F., Kizhvatov, I., Tunstall, M.: Improved trace-driven cache-collision attacks against embedded AES implementations. In: Workshop on Information Security Applications, pp. 243–257, Jeju Islang, KR (2010)Google Scholar
  57. 57.
    García, C.P., Brumley, B.B., Yarom, Y.: Make sure DSA signing exponentiations really are constant-time. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, Vienna, Austria (2016)Google Scholar
  58. 58.
    Garfinkel, T., Adams, K., Warfield, A., Franklin, J.: Compatibility is not transparency: VMM detection myths and realities. In: Workshop on Hot Topics in Operating Systems, San Diego, CA, US (2007)Google Scholar
  59. 59.
    Godfrey, M.: On the prevention of cache-based side-channel attacks in a cloud environment. Master’s thesis, Queen’s University, Ontario, CA (2013)Google Scholar
  60. 60.
    Godfrey, M., Zulkernine, M.: A server-side solution to cache-based side-channel attacks in the cloud. In: Proceedings of the 6th IEEE International Conference on Cloud Computing, Santa Clara, CA, US (2013)Google Scholar
  61. 61.
    Goguen, J., Meseguer, J.: Security policies and security models. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 11–20, Oakland, California, USA (1982)Google Scholar
  62. 62.
    Grunwald, D., Ghiasi, S.: Microarchitectural denial of service: insuring microarchitectural fairness. In: Proceedings of the 35th ACM/IEE International Symposium on Microarchitecture, pp. 409–418, Istanbul, TR (2002)Google Scholar
  63. 63.
    Gruss, D., Spreitzer, R., Mangard, S.: Cache template attacks: automating attacks on inclusive last-level caches. In: Proceedings of the 24th USENIX Security Symposium, pp. 897–912, Washington, DC, US (2015)Google Scholar
  64. 64.
    Gruss, D., Maurice, C., Fogh, A., Lipp, M., Mangard, S.: Prefetch side-channel attacks: bypassing SMAP and kernel ASLR. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, Vienna, Austria (2016)Google Scholar
  65. 65.
    Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+Flush: a fast and stealthy cache attack. In: Proceedings of the 13th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, San Sebastián, Spain (2016)Google Scholar
  66. 66.
    Gueron, S.: Intels new AES instructions for enhanced performance and security. In: Fast Software Encryption, pp. 51–66. Springer (2009)Google Scholar
  67. 67.
    Gueron, S.: Intel advanced encryption standard (AES) instructions set (2010). https://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set
  68. 68.
    Gueron, S.: Efficient software implementations of modular exponentiation. J. Cryptogr. Eng. 2(1), 31–43 (2012)MathSciNetCrossRefGoogle Scholar
  69. 69.
    Gueron, S., Kounavis, M.: Efficient implementation of the Galois Counter Mode using a carry-less multiplier and a fast reduction algorithm. Inf. Process. Lett. 110(14–15), 549–553 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  70. 70.
    Gueron, S., Kounavis, M.E.: Intel carry-less multiplication instruction and its usage for computing the GCM mode. Intel White Paper 323640-001 Revision 2.0 (2010)Google Scholar
  71. 71.
    Gullasch, D., Bangerter, E., Krenn, S.: Cache games—bringing access-based cache attacks on AES to practice. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 490–505, Oakland, CA, US (2011)Google Scholar
  72. 72.
    Hu, W.-M.: Reducing timing channels with fuzzy time. In: Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 8–20, Oakland, CA, US (1991)Google Scholar
  73. 73.
    Hu, W.-M.: Lattice scheduling and covert channels. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 52–61, Oakland, CA, US (1992)Google Scholar
  74. 74.
    Hund, R., Willems, C., Holz, T.: Practical timing side channel attacks against kernel space ASLR. In: IEEE Symposium on Security and Privacy, pp. 191–205, San Francisco, CA (2013)Google Scholar
  75. 75.
    Inam, R., Mahmud, N., Behnam, M., Nolte, T., Sjödin, M.: The multi-resource server for predictable execution on multi-core platforms. In: IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pp. 1–10, Berlin, DE (2014)Google Scholar
  76. 76.
    Inci, M.S., Gulmezoglu, B., Irazoqui, G., Eisenbarth, T., Sunar, B.: Cache attacks enable bulk key recovery on the cloud. In: Workshop on Cryptographic Hardware and Embedded Systems (2016)Google Scholar
  77. 77.
    Intel 64 & IA-32 AORM. Intel 64 and IA-32 Architectures Optimization Reference Manual. Intel Corporation (2012)Google Scholar
  78. 78.
    Intel 64 & IA-32 ASDM. Intel 64 and IA-32 Architectures Software Developer’s Manual Volume 3B: System Programming Guide, Part 2. Intel Corporation (2014)Google Scholar
  79. 79.
    Intel 64 & IA-32 ASDM. Intel 64 and IA-32 Architecture Software Developer’s Manual Volume 1: Basic Architecture. Intel Corporation (2015) http://www.intel.com.au/content/www/au/en/architecture-and-technology/64-ia-32-architectures-software-developer-vol-1-manual.html
  80. 80.
    Intel CAT: Improving Real-Time Performance by Utilizing Cache Allocation Technology. Intel Corporation (2015)Google Scholar
  81. 81.
    Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! a fast, cross-VM attack on AES. Symposium on Research in Attacks. Intrusions and Defenses (RAID), pp. 299–319, Gothenburg, Sweden (2014)Google Scholar
  82. 82.
    Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Fine grain cross-VM attacks on Xen and VMware. In: Proceedings of the 4th IEEE International Conference on Big Data and Cloud Computing, Sydney, Australia (2014)Google Scholar
  83. 83.
    Irazoqui, G., Eisenbarth, T., Sunar, B.: S$A: a shared cache attack that works across cores and defies VM sandboxing—and its application to AES. In: IEEE Symposium on Security and Privacy, San Jose, CA, US (2015)Google Scholar
  84. 84.
    Irazoqui, G., Eisenbarth, T., Sunar, B.: Systematic reverse engineering of cache slice selection in Intel processors. In: Euromicro Conference on Digital System Design, Funchal, Madeira, Portugal (2015)Google Scholar
  85. 85.
    Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Lucky 13 strikes back. In: Asia Conference on Computer and Communication Security (ASIA CCS), pp. 85–96, Singapore (2015)Google Scholar
  86. 86.
    Irazoqui, G., Eisenbarth, T., Sunar, B.: Cross processor cache attacks. In: Asia Conference on Computer and Communication Security (ASIA CCS), pp. 353–364, Xi’an, CN (2016)Google Scholar
  87. 87.
    Jang, Y., Lee, S., Kim, T.: Breaking kernel address space layout randomization with intel TSX. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, Vienna, Austria (2016)Google Scholar
  88. 88.
    Kaiser, R., Wagner, S.: Evolution of the PikeOS microkernel. In: International Workshop on Microkernels for Embedded Systems, pp. 50–57, Sydney, AU (2007)Google Scholar
  89. 89.
    Kayaalp, M., Abu-Ghazaleh, N., Ponomarev, D., Jaleel, A.: A high-resolution side-channel attack on last-level cache. In: Proceedings of the 53rd Design Automation Conference (DAC), Austin, TX, US (2016)Google Scholar
  90. 90.
    Kemerlis, V.P., Polychronakis, M., Keromytis, A.D.: ret2dir: rethinking kernel isolation. In: Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, US (2014)Google Scholar
  91. 91.
    Page placement algorithms for large real-indexed caches: Kessler, R.E., Hill, Mark D. ACM Trans. Comput. Syst. 10, 338–359 (1992)CrossRefGoogle Scholar
  92. 92.
    Kim, T., Peinado, M., Mainar-Ruiz, G.: StealthMem: system-level protection against cache-based side channel attacks in the cloud. In: Proceedings of the 21st USENIX Security Symposium, pp. 189–204, Bellevue, WA, US (2012)Google Scholar
  93. 93.
    Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: formal verification of an OS kernel. In: ACM Symposium on Operating Systems Principles, pp. 207–220, Big Sky, MT, USA (2009)Google Scholar
  94. 94.
    Klein, G., Andronick, J., Elphinstone, K., Murray, T., Sewell, T., Kolanski, R., Heiser, G.: Comprehensive formal verification of an OS microkernel. ACM Trans. Comput. Syst. 32(1), 2:1–2:70 (2014). doi: 10.1145/2560537
  95. 95.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: International Cryptology Conference—CRYPTO, Lecture Notes in Computer Science, Vol. 1666, pp. 388–397 (1999). doi: 10.1007/3-540-48405-1_25
  96. 96.
    Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptogr. Eng. 1, 5–27 (2011)CrossRefGoogle Scholar
  97. 97.
    Kong, J., Acıiçmez, O., Seifert, J.-P., Zhou, H.: Hardware-software integrated approaches to defend against software cache-based side channel attacks. In: Proceedings of the 15th IEEE Symposium on High-Performance Computer Architecture, Raleigh, NC, US (2009)Google Scholar
  98. 98.
    Köpf, B., Dürmuth, M.: A provably secure and efficient countermeasure against timing attacks. In: Proceedings of the 22nd IEEE Computer Security Foundations Symposium, New York, NY, US (2009)Google Scholar
  99. 99.
    Köpf, B., Mauborgne, L., Ochoa, M.: Automatic quantification of cache side-channels. In: Proceedings of the 24th International Conference on Computer Aided Verification, pp. 564–580 (2012)Google Scholar
  100. 100.
    Lampson, B.W.: A note on the confinement problem. Commun. ACM 16, 613–615 (1973). doi: 10.1145/362375.362389 CrossRefGoogle Scholar
  101. 101.
    Langley, A.: ctgrind (2010). https://github.com/agl/ctgrind
  102. 102.
    Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis and transformation. In: International Symposium on Code Generation and Optimization, pp. 75–86, Palo Alto, CA, US (2004)Google Scholar
  103. 103.
    Li, P., Gao, D., Reiter, M.K.: Mitigating access-driven timing channels in clouds using StopWatch. In: Proceedings of the 43rd International Conference on Dependable Systems and Networks (DSN), pp. 1–12, Budapest, HU (2013)Google Scholar
  104. 104.
    Liedtke, J., Härtig, H., Hohmuth, M.: OS-controlled cache predictability for real-time systems. In: IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), Montreal, CA (1997). doi: 10.1109/RTTAS.1997.601360
  105. 105.
    Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S.: ARMageddon: cache attacks on mobile devices. In: Proceedings of the 25th USENIX Security Symposium, pp. 549–564, Austin, TX, US (2016)Google Scholar
  106. 106.
    Liu, F., Lee, R.B.: Random fill cache architecture. In: Proceedings of the 47th ACM/IEE International Symposium on Microarchitecture, Cambridge, UK (2014)Google Scholar
  107. 107.
    Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: IEEE Symposium on Security and Privacy, pp. 605–622, San Jose, CA, US (2015)Google Scholar
  108. 108.
    Liu, F., Ge, Q., Yarom, Y., Mckeen, F., Rozas, C., Heiser, G., Lee, R.B.: CATalyst: defeating last-level cache side channel attacks in cloud computing. In: IEEE Symposium on High-Performance Computer Architecture, pp. 406–418, Barcelona, Spain (2016)Google Scholar
  109. 109.
    Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: revealing the secrets of smart cards. Vol. 31 (2008)Google Scholar
  110. 110.
    Marshall, A., Howard, M., Bugher, G., Harden, B.: Security best practices for developing windows azure applications. Microsoft Corp, Brian (2010)Google Scholar
  111. 111.
    Martin, R., Demme, J., Sethumadhavan, S.: TimeWarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. In: Proceedings of the 39th International Symposium on Computer Architecture, pp. 118–129, Portland, OR, US (2012). doi: 10.1145/2366231.2337173
  112. 112.
    Maurice, C., Le Scouarnec, N., Neumann, C., Heen, O., Francillon, A.: Reverse engineering Intel last-level cache complex addressing using performance counters. In: Symposium on Research in Attacks, Intrusions and Defenses (RAID), Kyoto, Japan (2015)Google Scholar
  113. 113.
    Maurice, C., Neumann, C., Heen, O., Francillon, A.: C5: cross-cores cache covert channel. In: Proceedings of the 12th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, Milano, Italy (2015)Google Scholar
  114. 114.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)MathSciNetCrossRefGoogle Scholar
  115. 115.
    Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  116. 116.
    Moon, S.-J., Sekar, V., Reiter, M.K.: Nomad: mitigating arbitrary cloud side channels via provider-assisted migration. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, pp. 1595–1606, Denver, CO, US (2015)Google Scholar
  117. 117.
    Moscibroda, T., Mutlu, O.: Memory performance attacks: denial of memory service in multi-core systems. In: Proceedings of the 16th USENIX Security Symposium, Boston, MA, US (2007)Google Scholar
  118. 118.
    Murray, T., Matichuk, D., Brassil, M., Gammie, P., Bourke, T., Seefried, S., Lewis, C., Gao, X., Klein, G.: seL4: from general purpose to a proof of information flow enforcement. In: IEEE Symposium on Security and Privacy, pp. 415–429, San Francisco, CA (2013). doi: 10.1109/SP.2013.35
  119. 119.
    Neve, M.: Cache-based vulnerabilities and SPAM analysis. PhD thesis, Université catholique de Louvain, Louvain-la-Neuve, Belgium (2006)Google Scholar
  120. 120.
    Neve, M., Seifert, J.-P.: Advances on access-driven cache attacks on AES. In: 13th International Workshop on Selected Areas in Cryptography, Montreal, CA (2006)Google Scholar
  121. 121.
    Neve, M., Seifert, J.-P.: Advances on access-driven cache attacks on AES. In: Selected Areas in Cryptography, pp. 147–162, Montreal, CA (2006)Google Scholar
  122. 122.
  123. 123.
    Oren, Y., Kemerlis, V.P., Sethumadhavan, S., Keromytis, A.D.: The spy in the sandbox: practical cache attacks in JavaScript and their implications. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, pp. 1406–1418, Denver, CO, US (2015)Google Scholar
  124. 124.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. (2005) http://www.cs.tau.ac.il/~tromer/papers/cache.pdf
  125. 125.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Proceedings of the 2006 Crytographers’ track at the RSA Conference on Topics in Cryptology (2006)Google Scholar
  126. 126.
    Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. IACR Cryptology ePrint Archive, Report 2002/169 (2002)Google Scholar
  127. 127.
    Page, D.: Defending against cache-based side-channel attacks. Inf. Secur. Tech. Rep. 8(1), 30–44 (2003)CrossRefGoogle Scholar
  128. 128.
    Page, D.: Partitioned cache architecture as a side-channel defence mechanism. IACR Cryptol. ePrint Arch. 2005, 280 (2005)Google Scholar
  129. 129.
    Percival, C.: Cache missing for fun and profit. In: BSDCan 2005, Ottawa, CA (2005)Google Scholar
  130. 130.
    Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting DRAM addressing for cross-CPU attacks. In: Proceedings of the 25th USENIX Security Symposium, Austin, TX, US (2016)Google Scholar
  131. 131.
    Rane, A., Lin, C., Tiwari, M.: Secure, precise, and fast floating-point operations on x86 processors. In: Proceedings of the 25th USENIX Security Symposium, Austin, TX, US (2016)Google Scholar
  132. 132.
    Richter, A., Herber, C., Rauchfuss, H., Wild, T., Herkersdorf, A.: Performance isolation exposure in virtualized platforms with PCI passthrough I/O sharing. In: Architecture of Computing Systems, pp. 171–182 (2014)Google Scholar
  133. 133.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212, Chicago, IL, US (2009)Google Scholar
  134. 134.
    Schaefer, M., Gold, B., Linde, R., Scheid, J.: Program confinement in KVM/370. In: Proceedings of the annual ACM Conference, pp. 404–410 (1977)Google Scholar
  135. 135.
    Schramm, K., Leander, G., Felke, P., Paar, C.: A collision-attack on AES. In: Workshop on Cryptographic Hardware and Embedded Systems, pp. 163–175, Boston, MA, US (2004)Google Scholar
  136. 136.
    Shi, J., Song, X., Chen, H., Zang, B.: Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In: International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 194–199, HK (2011)Google Scholar
  137. 137.
    Silva, B.R., Aranha, D., Pereira, F.M.Q.: Uma técnica de análise estática para detecção de canais laterais baseados em tempo. In: Brazilian Symposium on Information and Computational Systems Security, pp. 16–29, Florianópolis, SC, BR (2015)Google Scholar
  138. 138.
    Song, W.-J., Kim, J., Lee, J.-W., Abts, D.: Security vulnerability in processor-interconnect router design. In: Proceedings of the 21st ACM Conference on Computer and Communications Security, Scottsdale, AZ, US (2014)Google Scholar
  139. 139.
    Stefan, D., Buiras, P., Yang, E.Z., Levy, A., Terei, D., Russo, A., Mazières, D.: Eliminating cache-based timing attacks with instruction-based scheduling. In: Proceedings of the 18th European Symposium On Research in Computer Security, pp. 718–735, Egham, UK (2013). doi: 10.1007/978-3-642-40203-6_40
  140. 140.
    Tan, Y., Wei, J., Guo, W.: The micro-architectural support countermeasures against the branch prediction analysis attack. In: Proceedings of the 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, China (2014)Google Scholar
  141. 141.
    Tiwari, M., Li, X., Wassel, H.M., Chong, F.T., Sherwood, T.: Execution leases: a hardware-supported mechanism for enforcing strong non-interference. In: Proceedings of the 42nd ACM/IEE International Symposium on Microarchitecture, New York, NY, US (2009)Google Scholar
  142. 142.
    Tiwari, M., Oberg, J.K., Li, X., Valamehr, J., Levin, T., Hardekopf, B., Kastner, R., Chong, F.T., Sherwood, T.: Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security. In: Proceedings of the 38th International Symposium on Computer Architecture, San Jose, CA, US (2011)Google Scholar
  143. 143.
    Tromer, Eran: Osvik, Dag Arne, Shamir, Adi: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)MathSciNetCrossRefGoogle Scholar
  144. 144.
    Tsunoo, Y., Tsujihara, E., Minematsu, K., Hiyauchi, H.: Cryptanalysis of block ciphers implemented on computers with cache. In: International Symposium on Information Theory and Its Applications, Xi’an, CN (2002)Google Scholar
  145. 145.
    Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: Workshop on Cryptographic Hardware and Embedded Systems, pp. 62–76, Cologne, DE (2003)Google Scholar
  146. 146.
  147. 147.
    van de Pol, J., Smart, N.P., Yarom, Y.: Just a little bit more. In: Proceedings of the 2015 Crytographers’ track at the RSA Conference on Topics in Cryptology, pp. 3–21, San Francisco, CA, USA (2015)Google Scholar
  148. 148.
    Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., Swift, M.M.: Resource-freeing attacks: improve your cloud performance (at your neighbor’s expense). In: Proceedings of the 19th ACM Conference on Computer and Communications Security, Raleigh, NC, US (2012)Google Scholar
  149. 149.
    Varadarajan, V., Ristenpart, T., Swift, M.: Scheduler-based defenses against cross-VM side-channels. In: Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, US (2014)Google Scholar
  150. 150.
    Vateva-Gurova, T., Suri, N., Mendelson, A.: The impact of hypervisor scheduling on compromising virtualized environments. In: IEEE International Conference on Computer and Information Technology, pp. 1910–1917 (2015)Google Scholar
  151. 151.
    Vattikonda, B.C., Das, S., Shacham, H.: Eliminating fine grained timers in Xen. In: ACM Workshop on Cloud Computing Security, pp. 41–46, Chicago, IL, ACM (2011)Google Scholar
  152. 152.
    VMware Inc. Security considerations and disallowing inter-virtual machine transparent page sharing. VMware Knowledge Base 2080735 (2014). http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2080735
  153. 153.
    VMware Knowledge Base. Security considerations and disallowing inter-virtual machine transparent page sharing. VMware Knowledge Base 2080735. (2014) http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2080735
  154. 154.
    Waldspurger, C.A.: Memory resource management in VMware ESX server. In: Proceedings of the 5th USENIX Symposium on Operating Systems Design and Implementation, Boston, MA, US (2002)Google Scholar
  155. 155.
    Wang, Y., Suh, G.E.: Efficient timing channel protection for on-chip networks. In: Proceedings of the 6th ACM/IEEE International Symposium on Networks on Chip, pp. 142–151, Lyngby, Denmark (2012)Google Scholar
  156. 156.
    Wang, Y., Ferraiuolo, A., Suh, G.E.: Timing channel protection for a shared memory controller. In: Proceedings of the 20th IEEE Symposium on High-Performance Computer Architecture, Orlando, FL, US (2014)Google Scholar
  157. 157.
    Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: 22nd Annual Computer Security Applications Conference, Miami Beach, FL, US (2006)Google Scholar
  158. 158.
    Wang, Z., Lee, R.B.: New cache designs for thwarting software cache-based side channel attacks. In: Proceedings of the 34th International Symposium on Computer Architecture, San Diego, CA, US (2007)Google Scholar
  159. 159.
    Wassel, H.M.G., Gao, Y., Oberg, J.K., Huffmire, T., Kastner, R., Chong, F.T., Sherwood, T.: SurfNoC: a low latency and provably non-interfering approach to secure networks-on-chip. In: Proceedings of the 40th International Symposium on Computer Architecture, pp. 583–594 (2013)Google Scholar
  160. 160.
    Weiß, M., Heinz, B., Stumpf, F.: A cache timing attack on AES in virtualization environments. In: Financial Cryptography and Data Security, Bonaire, Dutch Caribbean (2012)Google Scholar
  161. 161.
    Weiß, M., Weggenmann, B., August, M., Sigl, G.: On cache timing attacks considering multi-core aspects in virtualized embedded systems. In: Proceedings of the 6th International Conference on Trustworthy Systems, Beijing, China (2014)Google Scholar
  162. 162.
    Woo, D.H., Lee, H.-H.: Analyzing performance vulnerability due to resource denial of service attack on chip multiprocessors. In: Workshop on Chip Multiprocessor Memory Systems and Interconnects, Phoenix, AZ, US (2007)Google Scholar
  163. 163.
    Wray, J.C.: An analysis of covert timing channels. In: Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 2–7, Oakland, CA, US (1991)Google Scholar
  164. 164.
    Wu, W., Zhai, E., Jackowitz, D., Wolinsky, D.I., Gu, L., Ford, B.: Warding off timing attacks in Deterland. arXiv preprint arXiv:1504.07070 (2015)
  165. 165.
    Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: Proceedings of the 21st USENIX Security Symposium, Bellevue, WA, US (2012)Google Scholar
  166. 166.
  167. 167.
    Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: ACM Workshop on Cloud Computing Security, pp. 29–40 (2011)Google Scholar
  168. 168.
    Yarom, Y., Benger, N.: Recovering OpenSSL ECDSA nonces using the Flush+Reload cache side-channel attack. IACR Cryptology ePrint Archive, Report 2014/140 (2014)Google Scholar
  169. 169.
    Yarom, Y., Falkner, K.: Flush+Reload: a high resolution, low noise, L3 cache side-channel attack. In: Proceedings of the 23rd USENIX Security Symposium, pp. 719–732, San Diego, CA, US (2014)Google Scholar
  170. 170.
    Yarom, Y., Ge, Q., Liu, F., Lee, R.B., Heiser, G.: Mapping the Intel last-level cache (2015). http://eprint.iacr.org/
  171. 171.
    Yarom, Y., Genkin, D., Heninger, N.: CacheBleed: a timing attack on OpenSSL constant time RSA. In: Conference on Cryptographic Hardware and Embedded Systems 2016 (CHES 2016), Santa Barbara, CA, US (2016)Google Scholar
  172. 172.
    Yoder, K.: POWER7+ accelerated encryption and random number generation for Linux (2013)Google Scholar
  173. 173.
    Yun, H., Yao, G., Pellizzoni, R., Caccamo, M., Sha, L.: MemGuard: memory bandwidth reservation system for efficient performance isolation in multi-core platforms. In: IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pp. 55–64, Philadelphia, PA, US (2013)Google Scholar
  174. 174.
    Zhang, D., Askarov, A., Myers, A.C.: Predictive mitigation of timing channels in interactive systems. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 563–574, Chicago, IL, US (2011)Google Scholar
  175. 175.
    Zhang, D., Askarov, A., Myers, A.C.: Language-based control and mitigation of timing channels. In: Proceedings of the 2012 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 99–110, Beijing, CN (2012)Google Scholar
  176. 176.
    Zhang, R., Su, X., Wang, J., Wang, C., Liu, W., Rynson, W.H.L.: On mitigating the risk of cross-VM covert channels in a public cloud. IEEE Trans. Parallel Distrib. Syst. 26, 2327–2339 (2014)CrossRefGoogle Scholar
  177. 177.
    Zhang, T., Zhang, Y., Lee, R.B.: Memory DoS attacks in multi-tenant clouds: Severity and mitigation. arXiv preprint arXiv:1603.03404v2 (2016)
  178. 178.
    Zhang, T., Zhang, Y., Lee, R.B: Cloudradar: a real-time side-channel attack detection system in clouds. In: Proceedings of the 19th Symposium on Research in Attacks, Intrusions and Defenses (RAID), Telecom SudParis, France (2016)Google Scholar
  179. 179.
    Zhang, Y., Reiter, M.: Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: Proceedings of the 20th ACM Conference on Computer and Communications Security, pp. 827–838, Berlin, DE (2013)Google Scholar
  180. 180.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 19th ACM Conference on Computer and Communications Security, pp. 305–316, Raleigh, NC, US (2012)Google Scholar
  181. 181.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-Tenant side-channel attacks in PaaS clouds. In: Proceedings of the 21st ACM Conference on Computer and Communications Security, Scottsdale, AZ, US (2014)Google Scholar
  182. 182.
    Zhou, Z., Reiter, M.K., Zhang, Y.: A software approach to defeating side channels in last-level caches. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, Vienna, Austria (2016)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Qian Ge
    • 1
  • Yuval Yarom
    • 2
  • David Cock
    • 1
    • 3
  • Gernot Heiser
    • 1
  1. 1.Data61, CSIRO and UNSWSydneyAustralia
  2. 2.Data61, CSIRO and The University of AdelaideAdelaideAustralia
  3. 3.Systems Group, Department of Computer ScienceETH ZürichZurichSwitzerland

Personalised recommendations