research-article

Public Access

SmokeBomb: effective mitigation against cache side-channel attacks on the ARM architecture

Authors:

Yan Shoshitaishvili,

Gail-Joon AhnAuthors Info & Claims

MobiSys '20: Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services

Pages 107 - 120

https://doi.org/10.1145/3386901.3388888

Published: 15 June 2020 Publication History

All formats PDF

Abstract

Cache side-channel attacks abuse microarchitectural designs meant to optimize memory access to infer information about victim processes, threatening data privacy and security. Recently, the ARM architecture has come into the spotlight of cache side-channel attacks with its unprecedented growth in the market.

We propose SmokeBomb, a novel cache side-channel mitigation that functions by explicitly ensuring a private space for each process to safely access sensitive data. The heart of the idea is to use the L1 cache of the CPU core as a private space by which SmokeBomb can give consistent results against cache attacks on the sensitive data, and thus, an attacker cannot distinguish specific data used by the victim. Our experimental results show that SmokeBomb can effectively prevent currently formalized cache attack methods.

References

[1]

(accessed Jan 29, 2019). Attribute Syntax. https://gcc.gnu.org/onlinedocs/gcc/Attribute-Syntax.html.

[2]

(accessed Jan 29, 2019). Byte-unixbench: A Unix benchmark suite. https://github.com/kdlucas/byte-unixbench.

[3]

(accessed Jan 29, 2019). Moz's list of the top 500 domains and pages on the web. https://moz.com/top500.

[4]

Josh Aas. 2005. Understanding the Linux 2.6. 8.1 CPU scheduler.

[5]

Onur Aciiçmez and Werner Schindler. 2008. A vulnerability in RSA implementations due to instruction cache analysis and its demonstration on OpenSSL. In Proceedings of the Cryptographer's Track at the RSA Conference (CT-RSA). San Fancisco, CA, 256--273.

[6]

ARM. 2010. Cortex-A8 Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/index.html.

[7]

ARM. 2012. Cortex-A9 Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.100511040110en/index.html.

[8]

ARM. 2013. Cortex-A15 MPCore Processor Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0438i/index.html.

[9]

ARM. 2013. Cortex-A7 MPCore Processor Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0464f/index.html.

[10]

ARM. 2014. ARM Architecture Reference Manual ARMv7-A and ARMv7-R edition. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0406c/index.html.

[11]

ARM. 2014. Cortex-A17 MPCore Processor Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0535c/index.html.

[12]

ARM. 2015. ARM Cortex-A Series Programmerś Guide for ARMv8-A. http://infocenter.arm.com/help/topic/com.arm.doc.den0024a/index.html.

[13]

ARM. 2016. ARMv8-A Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0487b.b/index.html.

[14]

ARM. 2016. Cortex-A5 MPCore Processor Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0434c/index.html.

[15]

ARM. 2016. Cortex-A53 MPCore Processor Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0500g/index.html.

[16]

ARM. 2016. Cortex-A57 MPCore Processor Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0488h/index.html.

[17]

ARM. 2016. Cortex-A72 MPCore Processor Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.100095000306en/index.html.

[18]

ARM. 2016. Cortex-A73 MPCore Processor Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.100048000205en/index.html.

[19]

ARM. 2017. AMBA Protocol. https://developer.arm.com/products/architecture/amba-protocol.

[20]

ARM. 2017. Cortex-A32 Processor Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.100241000100en/index.html.

[21]

ARM. 2017. Cortex-A35 Processor Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.100236000200en/index.html.

[22]

ARM. 2017. Cortex-A55 MPCore Processor Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.100442010000en/index.html.

[23]

ARM. 2017. Cortex-A75 Core Technical Reference Manual. http://infocenter.arm.com/help/topic/com.arm.doc.100403020000en/index.html.

[24]

Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. arXiv preprint arXiv:1702.07521 (2017).

[25]

Billy Bob Brumley and Risto M Hakala. 2009. Cache-timing template attacks. In Proceedings of the 15th the International Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT). Tokyo, Japan, 667--684.

Digital Library

[26]

Stephen Crane, Andrei Homescu, Stefan Brunthaler, Per Larsen, and Michael Franz. 2015. Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity. In Proceedings of the 2015 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[27]

Craig Disselkoen, David Kohlbrenner, Leo Porter, and Dean Tullsen. 2017. Prime+abort: A timer-free high-precision l3 cache attack using intel TSX. In Proceedings of the 26th USENIX Security Symposium (Security). Vancouver, BC, Canada, 51--67.

[28]

Leonid Domnitser, Aamer Jaleel, Jason Loew, Nael Abu-Ghazaleh, and Dmitry Ponomarev. 2012. Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks. ACM Transactions on Architecture and Code Optimization (TACO) 8, 4 (2012), 35.

[29]

Shekhar R Gaddam, Vir V Phoha, and Kiran S Balagani. 2007. K-Means+ ID3: A novel method for supervised anomaly detection by cascading K-Means clustering and ID3 decision tree learning methods. IEEE Transactions on Knowledge and Data Engineering 19, 3 (2007), 345--354.

Digital Library

[30]

Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos, and Christiano Giuffrida. 2017. ASLR on the line: Practical cache attacks on the MMU. In Proceedings of the 2017 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[31]

Marc Green, Leandro Rodrigues-Lima, Andreas Zankl, Gorka Irazoqui, Johann Heyszl, and Thomas Eisenbarth. 2017. AutoLock: Why Cache Attacks on ARM Are Harder Than You Think. In Proceedings of the 26th USENIX Security Symposium (Security). Vancouver, BC, Canada, 1075--1091.

Digital Library

[32]

Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2016. Rowhammer.js: A remote software-induced fault attack in javascript. In Proceedings of the 13th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA). San Sebastian, Spain, 300--321.

Digital Library

[33]

Daniel Gruss, Clémentine Maurice, Klaus Wagner, and Stefan Mangard. 2016. Flush+Flush: a fast and stealthy cache attack. In Proceedings of the 13th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA). San Sebastian, Spain, 279--299.

Digital Library

[34]

Daniel Gruss, Felix Schuster, Olya Ohrimenko, Istvan Haller, Julian Lettner, and Manuel Costa. 2017. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. In Proceedings of the 26th USENIX Security Symposium (Security). Vancouver, BC, Canada, 217--233.

[35]

Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. 2015. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In Proceedings of the 24th USENIX Security Symposium (Security). Washington, DC, 897--912.

[36]

Roberto Guanciale, Hamed Nemati, Christoph Baumann, and Mads Dam. 2016. Cache storage channels: Alias-driven attacks and verified countermeasures. In Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA, 38--55.

[37]

David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache games-bringing access-based cache attacks on AES to practice. In Proceedings of the 32nd IEEE Symposium on Security and Privacy (Oakland). Oakland, CA, 490--505.

Digital Library

[38]

Marcus Hähnel, Weidong Cui, and Marcus Peinado. 2017. High-Resolution Side Channels for Untrusted Operating Systems. In Proceedings of the 2017 USENIX Annual Technical Conference (ATC). Santa Clara, CA, 299--312.

[39]

Mehmet Sinan Inci, Berk Gulmezoglu, Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. Seriously, get off my cloud! Cross-VM RSA Key Recovery in a Public Cloud. Cryptology ePrint Archive, Report 2015/898. (2015). https://eprint.iacr.org/2015/898.

[40]

Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2015. S $ A: A shared cache attack that works across cores and defies VM sandboxing-and its application to AES. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA, 591--604.

Digital Library

[41]

Gorka Irazoqui, Thomas Eisenbarth, and Berk Sunar. 2016. Cross processor cache attacks. In Proceedings of the 11th ACM Symposium on Information, Computer and Communications Security (ASIACCS). Xi'an, China, 353--364.

Digital Library

[42]

Gorka Irazoqui, Mehmet Sinan Inci, Thomas Eisenbarth, and Berk Sunar. 2014. Wait a minute! A fast, Cross-VM attack on AES. In Proceedings of the 17th International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Gothenburg, Sweden, 299--319.

[43]

Georgios Keramidas, Alexandros Antonopoulos, Dimitrios N Serpanos, and Stefanos Kaxiras. 2008. Non deterministic caches: A simple and effective defense against side channel attacks. Design Automation for Embedded Systems 12, 3 (2008), 221--230.

Digital Library

[44]

Taesoo Kim, Marcus Peinado, and Gloria Mainar-Ruiz. 2012. STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud. In Proceedings of the 21st USENIX Security Symposium (Security). Bellevue, WA, 189--204.

[45]

Jingfei Kong, Onur Aciicmez, Jean-Pierre Seifert, and Huiyang Zhou. 2008. Deconstructing new cache designs for thwarting software cache-based side channel attacks. In Proceedings of the the 2nd ACM workshop on Computer security architectures. Alexandria, VA, 25--34.

Digital Library

[46]

Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard. 2016. ARMageddon: Cache attacks on mobile devices. In Proceedings of the 25th USENIX Security Symposium (Security). Austin, TX, 549--564.

Digital Library

[47]

Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B Lee. 2016. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In Proceedings of the 22nd IEEE Symposium on High Performance Computer Architecture (HPCA). Barcelona, Spain, 406--418.

[48]

Fangfei Liu, Hao Wu, Kenneth Mai, and Ruby B Lee. 2016. Newcache: Secure cache architecture thwarting cache side-channel attacks. IEEE Micro 36, 5 (2016), 8--16.

Digital Library

[49]

Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B Lee. 2015. Last-level cache side-channel attacks are practical. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA, 605--622.

Digital Library

[50]

Olga Ohrimenko, Felix Schuster, Cédric Fournet, Aastha Mehta, Sebastian Nowozin, Kapil Vaswani, and Manuel Costa. 2016. Oblivious Multi-Party Machine Learning on Trusted Processors. In Proceedings of the 25th USENIX Security Symposium (Security). Austin, TX, 619--636.

Digital Library

[51]

Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and counter-measures: the case of AES. In Proceedings of the Cryptographer's Track at the RSA Conference (CT-RSA). San Jose, CA, 1--20.

[52]

Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS). Chicago, IL, 199--212.

Digital Library

[53]

Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2017. Malware guard extension: Using SGX to conceal cache attacks. In Proceedings of the 14th Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA). Bonn, Germany, 279--299.

[54]

Eran Tromer, Dag Arne Osvik, and Adi Shamir. 2010. Efficient cache attacks on AES, and countermeasures. Journal of Cryptology 23, 1 (2010), 37--71.

Digital Library

[55]

Venkatanathan Varadarajan, Yinqian Zhang, Thomas Ristenpart, and Michael Swift. 2015. A Placement Vulnerability Study in Multi-Tenant Public Clouds. In Proceedings of the 24th USENIX Security Symposium (Security). Washington, DC, 913--928.

Digital Library

[56]

Shuai Wang, Pei Wang, Xiao Liu, Danfeng Zhang, and Dinghao Wu. 2017. Cached: Identifying cache-based timing channels in production software. In Proceedings of the 26th USENIX Security Symposium (Security). Vancouver, BC, Canada, 235--252.

[57]

Zhenghong Wang and Ruby B Lee. 2008. A novel cache architecture with enhanced performance and security. In Proceedings of the the 41st annual IEEE/ACM International Symposium on Microarchitecture. Como, Italy, 83--93.

[58]

Andrew Waterman, Yunsup Lee, Rimas Avizienis, David A Patterson, and Krste Asanovic. 2017. The RISC-V Instruction Set Manual. https://github.com/riscv/riscv-isa-manual.

[59]

Yuval Yarom and Naomi Benger. 2014. Recovering OpenSSL ECDSA Nonces Using the FLUSH RELOAD Cache Side-channel Attack. IACR Cryptology ePrint Archive 2014 (2014), 140.

[60]

Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In Proceedings of the 23rd USENIX Security Symposium (Security). San Diego, CA, 719--732.

Digital Library

[61]

Ning Zhang, Kun Sun, Deborah Shands, Wenjing Lou, and Y Thomas Hou. 2016. TruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices. IACR Cryptology ePrint Archive 2016 (2016), 980.

[62]

Xiaokuan Zhang, Yuan Xiao, and Yinqian Zhang. 2016. Return-oriented flush-reload side channels on arm and their implications for android devices. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS). Vienna, Austria, 858--870.

Digital Library

[63]

Yinqian Zhang, Ari Juels, Alina Oprea, and Michael K. Reiter. 2011. HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis. In Proceedings of the 32nd IEEE Symposium on Security and Privacy (Oakland). Oakland, CA, 313--328.

[64]

Yinqian Zhang, Ari Juels, Michael K Reiter, and Thomas Ristenpart. 2012. Cross-VM side channels and their use to extract private keys. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS). Raleigh, NC, 305--316.

Digital Library

[65]

Yinqian Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2014. Cross-Tenant Side-Channel Attacks in PaaS Clouds. In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS). Scottsdale, AZ, 990--1003.

Digital Library

[66]

Yinqian Zhang and Michael K Reiter. 2013. Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In Proceedings of the 20th ACM Conference on Computer and Communications Security (CCS). Berlin, Germany, 827--838.

Digital Library

[67]

Ziqiao Zhou, Michael K Reiter, and Yinqian Zhang. 2016. A software approach to defeating side channels in last-level caches. In Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS). Vienna, Austria, 871--882.

Digital Library

Cited By

Wang JSun KLei LWang YJing JWan SLi Q(2024)CacheIEE: Cache-Assisted Isolated Execution Environment on ARM Multi-Core PlatformsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325141821:1(254-269)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3251418
Roy PEshete BSu P(2023)Designing Secure Performance Metrics for Last Level Cache2023 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW)10.1109/IPDPSW59300.2023.00069(383-392)Online publication date: May-2023
https://doi.org/10.1109/IPDPSW59300.2023.00069
Liu CLyu YWang HQiu PJu DQu GWang D(2023)Leaky MDU: ARM Memory Disambiguation Unit Uncovered and Vulnerabilities Exposed2023 60th ACM/IEEE Design Automation Conference (DAC)10.1109/DAC56929.2023.10247985(1-6)Online publication date: 9-Jul-2023
https://doi.org/10.1109/DAC56929.2023.10247985
Show More Cited By

Index Terms

SmokeBomb: effective mitigation against cache side-channel attacks on the ARM architecture
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures
  2. Systems security
    1. Operating systems security
      1. Mobile platform security

Recommendations

Security testing of a secure cache design
HASP '13: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy

Cache side channel attacks are attacks that leak secret information through physical implementation of cryptographic operations, nullifying cryptographic protection. Recently, these attacks have received great interest. Previous research found that ...
A Distributed Security Approach against ARP Cache Poisoning Attack
CySSS '22: Proceedings of the 1st Workshop on Cybersecurity and Social Sciences

The Address Resolution Protocol (ARP) has a critical function in the Internet protocol suite, however, it was not designed for security as it does not verify that a response to an ARP request really comes from an authorized party. This weak point in the ...
Detecting Insider Theft of Trade Secrets

Trusted insiders who misuse their privileges to gather and steal sensitive information represent a potent threat to businesses. Applying access controls to protect sensitive information can reduce the threat but has significant limitations. Even if ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

MobiSys '20: Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services

June 2020

496 pages

ISBN:9781450379540

DOI:10.1145/3386901

General Chairs:
Eyal de Lara
University of Toronto
,
Iqbal Mohomed
Samsung AI Centre Toronto
,
Program Chairs:
Jason Nieh
Columbia University
,
Elizabeth M. Belding
UC Santa Barbara

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 June 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

Defense Advanced Research Projects Agency
Office of Naval Research
National Science Foundation

Conference

MobiSys '20

Sponsor:

SIGMOBILE

MobiSys '20: The 18th Annual International Conference on Mobile Systems, Applications, and Services

June 15 - 19, 2020

Ontario, Toronto, Canada

Acceptance Rates

Overall Acceptance Rate 274 of 1,679 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
1,026
Total Downloads

Downloads (Last 12 months)325
Downloads (Last 6 weeks)21

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang JSun KLei LWang YJing JWan SLi Q(2024)CacheIEE: Cache-Assisted Isolated Execution Environment on ARM Multi-Core PlatformsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.325141821:1(254-269)Online publication date: Jan-2024
https://doi.org/10.1109/TDSC.2023.3251418
Roy PEshete BSu P(2023)Designing Secure Performance Metrics for Last Level Cache2023 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW)10.1109/IPDPSW59300.2023.00069(383-392)Online publication date: May-2023
https://doi.org/10.1109/IPDPSW59300.2023.00069
Liu CLyu YWang HQiu PJu DQu GWang D(2023)Leaky MDU: ARM Memory Disambiguation Unit Uncovered and Vulnerabilities Exposed2023 60th ACM/IEEE Design Automation Conference (DAC)10.1109/DAC56929.2023.10247985(1-6)Online publication date: 9-Jul-2023
https://doi.org/10.1109/DAC56929.2023.10247985
Choi JKim JLim CLee SLee JSong DKim YBellavista PZhang KGherbi ABagchi SPatiño MDi Modica GGascon-Samson J(2022)GuardiaNNProceedings of the 23rd ACM/IFIP International Middleware Conference10.1145/3528535.3531513(15-28)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3528535.3531513
Nelson CIzraelevitz JBahar RLehman T(2022)Eliminating Micro-Architectural Side-Channel Attacks using Near Memory Processing2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED55351.2022.00023(179-189)Online publication date: Sep-2022
https://doi.org/10.1109/SEED55351.2022.00023
Hamza AMushtaq MBhatti KNovo DBruguier FBenoit P(2022)Diminisher: A Linux Kernel Based Countermeasure for TAA VulnerabilityComputer Security. ESORICS 2021 International Workshops10.1007/978-3-030-95484-0_28(477-495)Online publication date: 8-Feb-2022
https://doi.org/10.1007/978-3-030-95484-0_28

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

ePub

View this article in ePub.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents