Cache Side Channel Attacks on Modern ProcessorsGuo, Yanan (2024) Cache Side Channel Attacks on Modern Processors. Doctoral Dissertation, University of Pittsburgh. (Unpublished) This is the latest version of this item.
AbstractModern CPUs feature many microarchitectural structures shared among users. Although such resource sharing offers performance benefits, it also creates opportunities for side channel attacks. Attackers capable of manipulating microarchitectural states can bring these structures into specific states, and then monitor any unintended state changes induced by the victim. Cache timing covert channels and side channel attacks, or cache attacks for short, are extremely potent. Attackers can exploit changes in cache states to leak sensitive information from another user. For performance and efficiency purposes, modern CPUs often include instructions and designs that allow users to directly influence cache states. This inadvertently makes it easier for attackers to manipulate these states, potentially resulting in new and more efficient cache attacks. This dissertation analyzes how these instructions and designs can be exploited for powerful cache attacks and develops mitigation strategies against these attacks. First, we reverse engineer the prefetch-for-write instruction (PREFETCHW) on Intel CPUs and uncover a severe vulnerability on them. Based on this vulnerability, we develop two new cache attacks. These attacks significantly outperform arguably the most prevalent cache attack, Flush+Reload, in both bandwidth and temporal resolution. Second, we study the non-temporal prefetch instruction (PREFETCHNTA) on Intel processors and uncover its unique behavior within the cache hierarchy. This behavior enables a fast route to trigger cache conflicts. We demonstrate that applying this instruction in conflict-based cache attacks can significantly improve the attack performance. Third, the CPU uncore has been a frequent target for side channel attacks, as it is shared among all users. Many studies suggest using uncore resource partitioning as a countermeasure, given that most uncore attacks stem from resource contention. However, we show that such partitioning is not foolproof. Specifically, we reverse engineer the details of the uncore frequency scaling technique on Intel processors and discover that this technique creates a robust side channel that cannot be stopped by traditional defense designs based on partitioning. Finally, we study the potential countermeasures against these new attacks and propose defense mechanisms to mitigate each of these attacks with minimal impact on performance. Share
Details
Available Versions of this Item
MetricsMonthly Views for the past 3 yearsPlum AnalyticsActions (login required)
|
![[feed]](/images/feed-icon-32x32.png){kind=icon}