Design and Verification of Secure Cache Wrapper Against Access-Driven Side-Channel Attacks

2019 22nd Euromicro Conference on Digital System Design (DSD) Pub Date : 2019-08-01 DOI:10.1109/DSD.2019.00108

Behrad Niazmand, Siavoosh Payandeh Azad, G. Jervan, Martha Johanna Sepúlveda

{"title":"Design and Verification of Secure Cache Wrapper Against Access-Driven Side-Channel Attacks","authors":"Behrad Niazmand, Siavoosh Payandeh Azad, G. Jervan, Martha Johanna Sepúlveda","doi":"10.1109/DSD.2019.00108","DOIUrl":null,"url":null,"abstract":"While caches are shared resources used to speedup the execution of applications, including the execution of cryptographic applications, their use can expose the system to attacks. Access-driven is one of the most popular cache attacks. They have been demonstrated in different hardware platforms, from servers to smart phones, which even were operating in virtualized environments. Designing hardware solutions to protect against access-driven attacks is still a challenge. Moreover, the security verification of such solutions still needs further exploration. This paper presents two main contributions. First, we propose a generic hardware wrapper able to protect caches against accessdriven cache attacks, based on an address translation policy to obfuscate the cache accesses. Second, we use an extended version of a previously proposed formal method to verify the security of cache against such attacks, by means of properties. Experimental results show the effectiveness of our hardware wrapper against access-driven cache attacks along with formal proof, while incurring an average area overhead below 2% and a negligible critical path overhead.","PeriodicalId":217233,"journal":{"name":"2019 22nd Euromicro Conference on Digital System Design (DSD)","volume":"5 3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 22nd Euromicro Conference on Digital System Design (DSD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSD.2019.00108","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

While caches are shared resources used to speedup the execution of applications, including the execution of cryptographic applications, their use can expose the system to attacks. Access-driven is one of the most popular cache attacks. They have been demonstrated in different hardware platforms, from servers to smart phones, which even were operating in virtualized environments. Designing hardware solutions to protect against access-driven attacks is still a challenge. Moreover, the security verification of such solutions still needs further exploration. This paper presents two main contributions. First, we propose a generic hardware wrapper able to protect caches against accessdriven cache attacks, based on an address translation policy to obfuscate the cache accesses. Second, we use an extended version of a previously proposed formal method to verify the security of cache against such attacks, by means of properties. Experimental results show the effectiveness of our hardware wrapper against access-driven cache attacks along with formal proof, while incurring an average area overhead below 2% and a negligible critical path overhead.

查看原文本刊更多论文

针对访问驱动的侧信道攻击的安全缓存包装器设计与验证

虽然缓存是用于加速应用程序(包括加密应用程序)执行的共享资源，但使用它们可能会使系统暴露于攻击之下。访问驱动是最流行的缓存攻击之一。它们已经在不同的硬件平台上进行了演示，从服务器到智能手机，甚至在虚拟环境中运行。设计硬件解决方案来防止访问驱动的攻击仍然是一个挑战。此外，这些解决方案的安全性验证还需要进一步探索。本文提出了两个主要贡献。首先，我们提出了一个通用的硬件包装器，能够保护缓存免受访问驱动的缓存攻击，基于地址转换策略来混淆缓存访问。其次，我们使用先前提出的形式化方法的扩展版本，通过属性来验证缓存对此类攻击的安全性。实验结果表明，我们的硬件包装器在对抗访问驱动的缓存攻击以及正式证明方面是有效的，同时产生的平均面积开销低于2%，关键路径开销可以忽略不计。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 22nd Euromicro Conference on Digital System Design (DSD)

自引率

0.00%

发文量