Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy最新文献

{"title":"Exploring the performance implications of memory safety primitives in many-core processors executing multi-threaded workloads","authors":"Masab Ahmad, Syed Kamran Haider, Farrukh Hijaz, Marten van Dijk, O. Khan","doi":"10.1145/2768566.2768572","DOIUrl":"https://doi.org/10.1145/2768566.2768572","url":null,"abstract":"Security is a vital consideration for today's processor architectures, both at the software and hardware layers. However, security schemes are known to incur significant performance overheads. For example, buffer overflow protection schemes perform software checks for bounds on program data structures, and incur performance overheads that are up to several orders of magnitude. To mitigate these overheads, prior works focus on either changing the security scheme itself, or selectively apply the security scheme to minimize program vulnerabilities. Most of these works also focus primarily on single core processors, with no prior work done in the context of multicore processors. In this paper, we show how increasing thread counts can help hide the latency overheads of security schemes. We also analyze the architectural implications in the context of multucores, and the insights and challenges associated with applying these security schemes on mutithreaded workloads.","PeriodicalId":332892,"journal":{"name":"Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130422562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards a practical solution to detect code reuse attacks on ARM mobile devices","authors":"Yongje Lee, Ingoo Heo, Dongil Hwang, Kyungmin Kim, Y. Paek","doi":"10.1145/2768566.2768569","DOIUrl":"https://doi.org/10.1145/2768566.2768569","url":null,"abstract":"In recent years, there is a growing need to protect security and privacy of the data against various attacks on software running on smart mobile devices. The attackers mostly attempt to acquire privileges to control system behaviors as they want. As of today, the code reuse attack (CRA) is known as one of the most sophisticated techniques that can be exploited in such attempts. The attackers launch CRAs to perform arbitrary computation by reusing and chaining existing code fragments, called gadgets. Prior solutions to CRAs are engineered either in software or hardware. However, both of them have their own weaknesses. Software solutions suffer from huge performance overhead because they occupy computing resources of the host CPU. On the other hand, existing hardware solutions all require invasive modifications to the CPU internal architecture. This is contradictory to the conventional application processor (AP) design principle which is to integrate off-the-shelf commodity CPU cores and other special-purpose hardware modules together to form a system. In this paper, we propose a more practical hardware solution which conforms to such design convention, thus being amenable for immediate deployment to modern mobile devices that use APs as their central computing engines. In our work, we target the devices that employ as their AP CPUs the ARM processors which are the de-facto standard CPUs for commercial mobile devices today. The key difference of ours from previous hardware solutions is that our CRA detection hardware modules have been integrated as off-core modules with the processor, strictly following the AP designing principle. We exploit the ARM debug interface to obtain the core internal information which is not directly accessible from off-core hardware modules. As a result, we were able to detect CRAs from outside the CPU without modifying the processor internal. For our preliminary experiment, we have implemented in our prototype a module to detect the attacks based on return-oriented programming (ROP) which is a representative technique used in CRAs. Empirical results show that our solution successfully detects ROP attacks with negligibly low runtime overhead and moderate area overhead.","PeriodicalId":332892,"journal":{"name":"Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132285935","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Side-channel analysis of MAC-Keccak hardware implementations","authors":"Pei Luo, Yunsi Fei, Xin Fang, A. Ding, D. Kaeli, M. Leeser","doi":"10.1145/2768566.2768567","DOIUrl":"https://doi.org/10.1145/2768566.2768567","url":null,"abstract":"As Keccak has been selected as the new SHA-3 standard, Message Authentication Code (MAC) (MAC-Keccak) using a secret key will be widely used for integrity checking and authenticity assurance. Recent works have shown the feasibility of side-channel attacks against software implementations of MAC-Keccak to retrieve the key, with the security assessment of hardware implementations remaining an open problem. In this paper, we present a comprehensive and practical side-channel analysis of a hardware implementation of MAC-Keccak on FPGA. Different from previous works, we propose a new attack method targeting the first round output of MAC-Keccak rather than the linear operation θ only. The results on sampled power traces show that the unprotected hardware implementation of MAC-Keccak is vulnerable to side-channel attacks, and attacking the nonlinear operation of MAC-Keccak is very effective. We further discuss countermeasures against side-channel analysis on hardware MAC-Keccak. Finally, we discuss the impact of the key length on side-channel analysis and compare the attack complexity between MAC-Keccak and other cryptographic algorithms.","PeriodicalId":332892,"journal":{"name":"Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123272911","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Can randomized mapping secure instruction caches from side-channel attacks?","authors":"Fangfei Liu, Hao Wu, R. Lee","doi":"10.1145/2768566.2768570","DOIUrl":"https://doi.org/10.1145/2768566.2768570","url":null,"abstract":"Information leakage through cache side channels is a serious threat in computer systems. The leak of secret cryptographic keys voids the protections provided by strong cryptography and software virtualization. Past cache side channel defenses focused almost entirely on data caches. Recently, instruction cache based side-channel attacks have been demonstrated to be practical -- even in a Cloud Computing environment across two virtual machines. Unlike data caches, instruction caches leak information through secret-dependent execution paths. In this paper, we propose to use a classification matrix to quantitatively characterize the vulnerability of an instruction cache to software side channel attacks. We use this quantitative analysis to answer the open question: can randomized mapping proposed for thwarting data cache side channel attacks secure instruction caches? We further study the performance impact of the randomized mapping approach for the instruction cache.","PeriodicalId":332892,"journal":{"name":"Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114187288","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy","authors":"R. Lee, W. Shi, Jakub Szefer","doi":"10.1145/2768566","DOIUrl":"https://doi.org/10.1145/2768566","url":null,"abstract":"It is our great pleasure to introduce the technical program for the 4th International Workshop on Hardware and Architectural Support for Security and Privacy (HASP 2015), which will be held in conjunction with the 42nd International Symposium on Computer Architecture (ISCA 2015) in Portland, OR, USA. The workshop will run on June 14, 2015. \u0000 \u0000Although study of security at the system and application levels has received wide spread attention, security and privacy research focusing on hardware and architecture aspects is still a new frontier. In the era of cloud computing, smartphones and Internet of Things (IoT), practitioners and researchers have to address new challenges and requirements in order to meet the ever-changing landscape of security research and new demands from consumers, enterprises, governments, defense and other industries. \u0000 \u0000The goal of HASP is to bring together researchers, developers, and practitioners from academia and industry, to share new research results, practical insights, experiences and implementations related to all aspects of hardware and architectural support for security and privacy, and to discuss future trends in research and applications. We encourage contributions describing innovative work on hardware and architectural support for smart phones and smart devices, Internet-of-Things, cloud security, sensors and sensor networks, etc.","PeriodicalId":332892,"journal":{"name":"Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128857891","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Support vector regression: exploiting machine learning techniques for leakage modeling","authors":"Dirmanto Jap, Marc Stöttinger, S. Bhasin","doi":"10.1145/2768566.2768568","DOIUrl":"https://doi.org/10.1145/2768566.2768568","url":null,"abstract":"Side-channel analysis (SCA) is a serious threat to embedded cryptography. Any SCA has two important components: leakage modeling and distinguisher. Although distinguisher has received much research efforts, leakage modeling still lies on couple of classical techniques like Hamming weight or linear regression. In this paper, we propose a novel support vector machine based technique for efficient leakage modeling. The technique is called support vector regression (SVR) and can be used in both profiled and non-profiled settings. We provide proper theoretical background of SVR with practical application on AES implementation running on an AVR microcontroller.","PeriodicalId":332892,"journal":{"name":"Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128329453","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Performance optimizations of integrity checking based on Merkle trees","authors":"Salaheddine Ouaarab, Guillaume Duc, R. Pacalet","doi":"10.1145/2768566.2768576","DOIUrl":"https://doi.org/10.1145/2768566.2768576","url":null,"abstract":"Merkle hash trees are used to protect the integrity of data sets, against all kinds of attacks, including replay. They usually imply a significant storage and performance overhead. This paper introduces several proposals (hollow trees, dedicated caches) to mitigate these overheads. They have been implemented in SecBus, a software / hardware architecture protecting the external memories of a System-on-Chip.","PeriodicalId":332892,"journal":{"name":"Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129686444","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Covert channels through branch predictors: a feasibility study","authors":"Dmitry Evtyushkin, D. Ponomarev, N. Abu-Ghazaleh","doi":"10.1145/2768566.2768571","DOIUrl":"https://doi.org/10.1145/2768566.2768571","url":null,"abstract":"Covert channels through shared processor resources provide secret communication between malicious processes. In this paper, we introduce a new mechanism for covert communication using the processor branch prediction unit. Specifically, we demonstrate how a trojan and a spy can manipulate the branch prediction tables in a way that creates high-capacity, robust and noise-resilient covert channel. We demonstrate this covert channel on a real hardware platform both in Simultaneous Multi-Threading (SMT) and single-threaded settings. We also discuss techniques for improving the channel quality and outline possible defenses to protect against this covert channel.","PeriodicalId":332892,"journal":{"name":"Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128543458","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Exploiting small leakages in masks to turn a second-order attack into a first-order attack","authors":"Alexander DeTrano, S. Guilley, Xiaofei Guo, Naghmeh Karimi, R. Karri","doi":"10.1145/2768566.2768573","DOIUrl":"https://doi.org/10.1145/2768566.2768573","url":null,"abstract":"Masking countermeasures, used to thwart side-channel attacks, have been shown to be vulnerable to mask-extraction attacks. State-of-the-art mask-extraction attacks on the Advanced Encryption Standard (AES) algorithm target S-Box re-computation schemes, but have not been applied to scenarios where S-Boxes are precomputed offline. We propose an attack targeting precomputed S-Boxes stored in nonvolatile memory. Our attack targets AES implemented in software protected by a low entropy masking scheme and recovers the masks with 91% success rate. Recovering the secret key requires fewer power traces (in fact, by at least two orders of magnitude) compared to a classical second order attack. Moreover, we show that this attack remains viable in a noisy environment, or with a reduced number of leakage points.","PeriodicalId":332892,"journal":{"name":"Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114519120","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Hardware overhead analysis of programmability in ARX crypto processing","authors":"Mohamed El-Hadedy, K. Skadron","doi":"10.1145/2768566.2768574","DOIUrl":"https://doi.org/10.1145/2768566.2768574","url":null,"abstract":"This paper evaluates the area and performance overhead of a programmable cryptographic accelerator specialized to support ARX (Add, Rotate, and Xor) based encryption standards, which are common in symmetric cryptography. This overhead is measured by comparing to a variety of custom ARX implementations optimized specifically for π -- Cipher. This is a new algorithm for authenticated encryption that offers advantages over AES-GCM and is a candidate in the CAESAR competition. The programmable processor is designed to accommodate different word sizes, different block sizes and different security levels. The custom variants require separate versions to support these diverse capabilities. We find that the overhead of the programmability is quite high. For example, we implemented the Programmable Processing Element PPE in 227 slices, achieving a throughput of about 1.2 Gbps/block, regardless of the word size. In comparison, our best custom 64-bit implementation so far requires 445 slices, achieving 3.09 Gbps. This means that two PPEs running in parallel can achieve 75% of the throughput of the custom 64-bit solution, while providing flexibility to support diverse cryptographic standards.","PeriodicalId":332892,"journal":{"name":"Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124335373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}