簡易檢索 / 詳目顯示

回結果列表
研究生: 林元泰
Lin, Yuan-Tai
論文名稱: 一個基於超過兩個群組的安全動態快取記憶體配置方法
M-parties partitioning : A Secure Dynamic Cache Partitioning by More Than Two Parties
指導教授: 黃婷婷
Hwang, Ting-Ting
口試委員: 吳中浩
Wu, Chung-Haw
劉一宇
Liu, Yi-Yu
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 資訊系統與應用研究所
Institute of Information Systems and Applications
論文出版年: 2022
畢業學年度: 110
語文別: 英文
論文頁數: 57
中文關鍵詞: 硬體安全快取記憶體分群
外文關鍵詞: Hardware security, Cache, Partitioning
相關次數: 點閱:3下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 多核處理器已經被大量運用在現代的電子產品中,為了增加各個核心中的處理程序的執行效率,最底層快取可以被所有核心取用且處理程序不需要特殊權限就可以改變快取的狀態。因此,這個最底層快取的漏洞被許多應用快取的旁路攻擊利用,造成一個領域的機密資料被洩漏至另一個領域。

    快取記憶體配置是應用快取的旁路攻擊的解決方法之一,動態配置的效率比靜態配置來的出色,但會遭受到根據快取分配結果來推論出機密資料的攻擊方法所攻擊。因此,許多具安全性的動態配置方法被提出並用來保護機密資料,這些方法透過不將機密程式的快取需求納入配置的演算法,藉此從快取分配結果上保護機密程式。

    我們提出了一個基於超過兩個群組的安全動態快取記憶體配置方法,我們的方法將所有程式的快取需求納入產生快取分配結果的考量。如果系統有安全考量,我們的方法會啟動一個虛擬程式藉以混肴產生出來的快取分配結果。實驗結果顯示我們的方法對於靜態配置達到4.3\%的效率提升並在虛擬程式啟動時表現得比另一個具安全性的動態配置來得優秀。

    In nowadays, multi-core processors are widely used in modern designs. To improve the performance of processes by all cores, the last-level cache (LLC) is shared by processes and processes can change the state of LLC without privileged permission. Therefore, a number of cache-based side channel attacks were proposed to exploit the vulnerability of LLC to leak confidential information of one domain to another domain.

    Cache partitioning is a countermeasure to the cache-based side channel attacks. Dynamic cache partitioning has better performance than static cache partitioning, but suffers from the attacks that deduce the confidential information from cache allocations. Hence, several secure dynamic cache partitioning mechanisms are proposed to protect the confidential information by excluding the cache demands of confidential applications from partitioning mechanisms.

    We present the M-parties partitioning, a dynamic cache partitioning that utilize all cache demands of involved applications to generate cache allocations. The M-parties partitioning activates the Dummy application to obfuscate the patterns of cache allocations if the system is in the security concerned. The evaluation results show that the M-parties partitioning achieves 4.3\% improvement over static cache partitioning when the Dummy application is deactivated and performs better than another secure cache partitioning mechanism when the Dummy application is activated.

    1 Introduction 1 2 Previous Work 5 2.1 Cache-based side channel attacks . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1.1 Cache timing channel attacks . . . . . . . . . . . . . . . . . . . . . . . 6 2.1.2 Spectre-liked attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.1.3 Covert channel attacks . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2 Cache side channel attack solutions . . . . . . . . . . . . . . . . . . . . . . . 9 2.2.1 Randomize the memory-to-cache mapping . . . . . . . . . . . . . . . 10 2.2.2 Protect cache timing information by cache partitioning . . . . . . . . . 10 3 Motivation 13 4 Secure Dynamic Cache Partition 17 4.1 Threat model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.2 Security policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 4.3 Security proof of 3-party system . . . . . . . . . . . . . . . . . . . . . . . . . 19 5 Secure Cache Shared by More Than Two Parties 23 5.1 System overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 5.2 Mapping 2-party system to 3-party system by Dummy application . . . . . . . 25 5.3 Partitioning algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 5.3.1 Dummy activation controller . . . . . . . . . . . . . . . . . . . . . . . 29 5.3.2 Utility monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 5.3.3 Minimum loss controlling function . . . . . . . . . . . . . . . . . . . 33 5.3.4 Maximum gain controlling function . . . . . . . . . . . . . . . . . . . 35 5.4 The way allocation function and replacement policy . . . . . . . . . . . . . . . 36 6 Experimental Results 39 6.1 Experimental setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 6.2 Benchmark categorization and workload generation . . . . . . . . . . . . . . . 39 6.3 Performance evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 6.4 Analysis on cache allocations . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 iii 6.5 Comparisons with other secure dynamic cache partition mechanism . . . . . . 48 6.6 M-parties partitioning in real world . . . . . . . . . . . . . . . . . . . . . . . . 48 7 Conclusions 53 References 55

    [1] Y. Yarom and K. E. Falkner, “Flush+reload: a high resolution, low noise, l3 cache side-
    channel attack.,” IACR Cryptology ePrint Archive, vol. 2013, p. 448, 2013.
    [2] C. Tang, P. Liu, C. Ma, Z. Liu, and J. Ge, “Flush+time: A high accuracy and high resolu-
    tion cache attack on arm-fpga embedded soc,” in 2020 IEEE 38th VLSI Test Symposium
    (VTS), pp. 1–6, 2020.
    [3] M. Lipp, D. Gruss, R. Spreitzer, C. Maurice, and S. Mangard, “ARMageddon: Cache
    attacks on mobile devices,” in 25th USENIX Security Symposium (USENIX Security
    16), (Austin, TX), pp. 549–564, USENIX Association, Aug. 2016.
    [4] D. Gullasch, E. Bangerter, and S. Krenn, “Cache games – bringing access-based cache
    attacks on aes to practice,” in 2011 IEEE Symposium on Security and Privacy, pp. 490–
    505, 2011.
    [5] F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee, “Last-level cache side-channel attacks
    are practical,” in 2015 IEEE Symposium on Security and Privacy, pp. 605–622, 2015.
    [6] P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp,
    S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom, “Spectre attacks: Exploiting spec-
    ulative execution,” Commun. ACM, vol. 63, p. 93–101, jun 2020.
    [7] M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, A. Fogh, J. Horn, S. Mangard,
    P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg, “Meltdown: Reading kernel memory
    from user space,” in 27th USENIX Security Symposium (USENIX Security 18), (Balti-
    more, MD), pp. 973–990, USENIX Association, Aug. 2018.
    [8] A. Agarwal, J. Kaur, and S. Das, “Exploiting secrets by leveraging dynamic cache par-
    titioning of last level cache,” in 2021 Design, Automation Test in Europe Conference
    Exhibition (DATE), pp. 1691–1696, 2021.
    [9] K. N. Khasawneh, E. M. Koruyeh, C. Song, D. Evtyushkin, D. Ponomarev, and N. Abu-
    Ghazaleh, “Safespec: Banishing the spectre of a meltdown with leakage-free speculation,”
    in 2019 56th ACM/IEEE Design Automation Conference (DAC), pp. 1–6, 2019.
    [10] M. Yan, J. Choi, D. Skarlatos, A. Morrison, C. Fletcher, and J. Torrellas, “Invisispec:
    Making speculative execution invisible in the cache hierarchy,” in 2018 51st Annual
    IEEE/ACM International Symposium on Microarchitecture (MICRO), pp. 428–441, 2018.
    [11] S. Ainsworth and T. M. Jones, “Muontrap: Preventing cross-domain spectre-like attacks
    by capturing speculative state,” in Proceedings of the ACM/IEEE 47th Annual Interna-
    tional Symposium on Computer Architecture, ISCA ’20, p. 132–144, IEEE Press, 2020.
    [12] Z. Xu, L. Yin, Y. Lyu, H. Wang, G. Qu, and D. Wang, “Cacheguard: A behavior model
    checker for cache timing side-channel security: (invited paper),” in 2022 27th Asia and
    South Pacific Design Automation Conference (ASP-DAC), pp. 19–24, 2022.
    [13] Z. Wang and R. B. Lee, “New cache designs for thwarting software cache-based side
    channel attacks,” SIGARCH Comput. Archit. News, vol. 35, p. 494–505, jun 2007.
    [14] F. Liu and R. B. Lee, “Random fill cache architecture,” in 2014 47th Annual IEEE/ACM
    International Symposium on Microarchitecture, pp. 203–215, 2014.
    [15] F. Liu, Q. Ge, Y. Yarom, F. Mckeen, C. Rozas, G. Heiser, and R. B. Lee, “Catalyst: Defeat-
    ing last-level cache side channel attacks in cloud computing,” in 2016 IEEE International
    Symposium on High Performance Computer Architecture (HPCA), pp. 406–418, 2016.
    [16] G. Saileshwar, S. Kariyappa, and M. Qureshi, “Bespoke cache enclaves: Fine-grained
    and scalable isolation from cache side-channels via flexible set-partitioning,” in 2021 In-
    ternational Symposium on Secure and Private Execution Environment Design (SEED),
    pp. 37–49, 2021.
    [17] M. K. Qureshi and Y. N. Patt, “Utility-based cache partitioning: A low-overhead, high-
    performance, runtime mechanism to partition shared caches,” in 2006 39th Annual
    IEEE/ACM International Symposium on Microarchitecture (MICRO’06), pp. 423–432,
    2006.
    [18] V. Kiriansky, I. Lebedev, S. Amarasinghe, S. Devadas, and J. Emer, “Dawg: A defense
    against cache timing attacks in speculative execution processors,” in 2018 51st Annual
    IEEE/ACM International Symposium on Microarchitecture (MICRO), pp. 974–987, 2018.
    [19] Y. Wang, A. Ferraiuolo, D. Zhang, A. C. Myers, and G. E. Suh, “Secdcp: Se-
    cure dynamic cache partitioning for efficient timing channel protection,” in 2016 53nd
    ACM/EDAC/IEEE Design Automation Conference (DAC), pp. 1–6, 2016.
    [20] S. Sari, O. Demir, and G. Kucuk, “Fairsdp: Fair and secure dynamic cache partitioning,”
    in 2019 4th International Conference on Computer Science and Engineering (UBMK),
    pp. 469–474, 2019.
    [21] P. Li, L. Zhao, R. Hou, L. Zhang, and D. Meng, “Conditional speculation: An effective
    approach to safeguard out-of-order execution against spectre attacks,” in 2019 IEEE Inter-
    national Symposium on High Performance Computer Architecture (HPCA), pp. 264–276,
    2019.
    [22] J. Yu, M. Yan, A. Khyzha, A. Morrison, J. Torrellas, and C. W. Fletcher, “Speculative taint
    tracking (stt): A comprehensive protection for speculatively accessed data,” Commun.
    ACM, vol. 64, p. 105–112, nov 2021.
    [23] M. Kayaalp, K. N. Khasawneh, H. A. Esfeden, J. Elwell, N. Abu-Ghazaleh, D. Ponomarev,
    and A. Jaleel, “Ric: Relaxed inclusion caches for mitigating llc side-channel attacks,” in
    Proceedings of the 54th Annual Design Automation Conference 2017, DAC ’17, (New
    York, NY, USA), Association for Computing Machinery, 2017.
    [24] F. Yao, H. Fang, M. Doroslovaki, and G. Venkataramani, “Cotsknight: Practical defense
    against cache timing channel attacks using cache monitoring and partitioning technolo-
    gies,” 2019 IEEE International Symposium on Hardware Oriented Security and Trust
    (HOST), pp. 121–130, 2019.
    [25] Y. Guo, A. Zigerelli, Y. Zhang, and J. Yang, “Ivcache: Defending cache side channel
    attacks via invisible accesses,” in Proceedings of the 2021 on Great Lakes Symposium on
    VLSI, GLSVLSI ’21, (New York, NY, USA), p. 403–408, Association for Computing
    Machinery, 2021.
    [26] A. Cruz-Roa, A. Basavanhally, F. González, H. Gilmore, M. Feldman, S. Ganesan,
    N. Shih, J. Tomaszewski, and A. Madabhushi, “Automatic detection of invasive duc-
    tal carcinoma in whole slide images with convolutional neural networks,” Progress in
    Biomedical Optics and Imaging - Proceedings of SPIE, vol. 9041, 02 2014.
    [27] R. L. Burden and J. D. Faires, Numerical Analysis. The Prindle, Weber and Schmidt Series
    in Mathematics, Boston: PWS-Kent Publishing Company, fourth ed., 1989.
    [28] F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee, “Last-level cache side-channel attacks
    are practical,” in 2015 IEEE Symposium on Security and Privacy, pp. 605–622, 2015.
    [29] N. Binkert, B. Beckmann, G. Black, S. K. Reinhardt, A. Saidi, A. Basu, J. Hestness, D. R.
    Hower, T. Krishna, S. Sardashti, R. Sen, K. Sewell, M. Shoaib, N. Vaish, M. D. Hill, and
    D. A. Wood, “The gem5 simulator,” SIGARCH Comput. Archit. News, vol. 39, p. 1–7,
    aug 2011.

    QR CODE