Cache Side Channel Defense System -Ezgi Demirayak

From CS486wiki
Jump to navigationJump to search

Cache Side Channel Attacks 

When a program needs a particular data object  from level    , it first looks for  in one of the blocks currently stored at level  . If  happens to be cached at level  , then we have what is called a cache hit. The program reads  directly from level  , which by the nature of the memory hierarchy is faster than reading from level    . For example, a program with good temporal locality might read a data object from block 14, resulting in a cache hit from level. Although caches are highly effective in reducing average

memory access time and thus widely used in modern proces- sors, their internal functionalities, i.e., hit/miss behaviors, were shown to leak critical information that puts trusted software implementations in an unforeseen danger. Software cache-based side channel attacks present a serious threat to computer systems. 

   There exist mainly two types of software cache-based sidechannel

attacks: access-driven and time-driven attacks. In access-driven attacks, the adversary has control over one or multiple spy processes, which share the cache with the victim process. Due to cache sharing, the victim process may evict the spy process’ cache lines/entries when it accesses keydependent (i.e., critical) cache lines/entries. By measuring the access times of itsowncache lines/entries, the spy process can figure out which cache lines/entries are evicted by the victim process. Such cache access behavior of the victim process may leak enough information for the adversary to infer the key. In time-driven attacks, the adversary sends various encryption/decryption requests to the target crypto process. Upon receiving responses, the adversary records the encryption times. Since the secret key may correlate to different number of cache misses upon different inputs/ outputs, the variations among encryption times may provide sufficient information for the adversary to derive the key.

I'm researching in order to find a defense system to prevent the attackers from reaching LLC.

Retrieved from "https://www.cs.binghamton.edu/~steflik/wiki/index.php?title=Cache_Side_Channel_Defense_System_-Ezgi_Demirayak&oldid=7493"