Covert and Side Channels Due to Processor Architecture

@article{Wang2006CovertAS,
  title={Covert and Side Channels Due to Processor Architecture},
  author={Zhenghong Wang and Ruby B. Lee},
  journal={2006 22nd Annual Computer Security Applications Conference (ACSAC'06)},
  year={2006},
  pages={473-482}
}
  • Z. Wang, Ruby B. Lee
  • Published 2006
  • Computer Science
  • 2006 22nd Annual Computer Security Applications Conference (ACSAC'06)
Information leakage through covert channels and side channels is becoming a serious problem, especially when these are enhanced by modern processor architecture features. We show how processor architecture features such as simultaneous multithreading, control speculation and shared caches can inadvertently accelerate such covert channels or enable new covert channels and side channels. We first illustrate the reality and severity of this problem by describing concrete attacks. We identify two… Expand
Covert channels through branch predictors: a feasibility study
TLDR
This paper demonstrates how a trojan and a spy can manipulate the branch prediction tables in a way that creates high-capacity, robust and noise-resilient covert channel. Expand
Understanding and Mitigating Covert Channels Through Branch Predictors
TLDR
This article classify, analyze, and compare covert channels through dynamic branch prediction units in modern processors, and estimates the capacity of the branch predictor covert channels and describes a software-only mitigation technique based on randomizing the state of the predictor tables on context switches. Expand
DFS covert channels on multi-core platforms
TLDR
A new covert timing channel attack that exploits the CPU operating frequencies with different power governors in real system environment is demonstrated and established how two colluding processes can modulate the CPU frequency to create a powerful, high-capacity and robust covert channel. Expand
Covert Timing Channels Exploiting Non-Uniform Memory Access based Architectures
TLDR
A new type of covert timing channel that exploits the access timing difference between various caches in Non-Uniform Memory Access (NUMA)-based architectures, especially multi-socket CPUs is presented. Expand
Thermal Covert Channels on Multi-core Platforms
TLDR
This work demonstrates that even seemingly strong isolation techniques based on dedicated cores can be circumvented through the use of thermal channels, and shows a limitation in the isolation that can be achieved on existing multi-core systems. Expand
New models of cache architectures characterizing information leakage from cache side channels
TLDR
This paper establishes side-channel leakage models based on the non-interference property, and defines how the security aspects of a cache architecture can be modeled as a finite-state machine (FSM) with state transitions that cause interference. Expand
CC-Hunter: Uncovering Covert Timing Channels on Shared Processor Hardware
TLDR
This work proposes a new micro architecture-level framework, CC-Hunter, that detects the possible presence of covert timing channels on shared hardware and demonstrates that Chanter is able to successfully detect different types of covert timer channels at varying bandwidths and message patterns. Expand
Survey of Microarchitectural Side and Covert Channels, Attacks, and Defenses
TLDR
This survey extracts the key features of the processor’s microarchitectural functional units which make the channels possible, presents an analysis and categorization of the variety of microarch Architectural side and covert channels others have presented in literature, and surveys existing defense proposals. Expand
Timing channel protection for a shared memory controller
TLDR
A protection scheme to eliminate the interference across security domains through two main changes: a per security domain based queueing structure, and static allocation of time slots in the scheduling algorithm. Expand
Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations
TLDR
It is demonstrated that a reliable, high-capacity and low-error covert channel can be created through the RNG module that works across CPU cores and across virtual machines. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 31 REFERENCES
Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel
  • D. Page
  • Computer Science
  • IACR Cryptol. ePrint Arch.
  • 2002
TLDR
An attack is described which encrypts 2 chosen plaintexts on the target processor in order to collect cache profiles and then performs around 2 computational steps to recover the key. Expand
Cache Attacks and Countermeasures: The Case of AES
TLDR
An extremely strong type of attack is demonstrated, which requires knowledge of neither the specific plaintexts nor ciphertexts, and works by merely monitoring the effect of the cryptographic process on the cache. Expand
CACHE MISSING FOR FUN AND PROFIT
Simultaneous multithreading — put simply, the sharing of the execution resources of a superscalar processor between multiple execution threads — has recently become widespread via its introductionExpand
HIDE: an infrastructure for efficiently protecting information leakage on the address bus
TLDR
An infrastructure called HIDE (Hardware-support for leakage-Immune Dynamic Execution) which provides a solution consisting of chunk-level protection with hardware support and a flexible interface which can be orchestrated through the proposed compiler optimization and user specifications that allow utilizing underlying hardware solution more efficiently to provide better security guarantees. Expand
Transparent Run-Time Defense Against Stack-Smashing Attacks
TLDR
Two new methods to detect and handle buffer overflow vulnerabilities in process stacks are presented that work with any existing pre-compiled executable and can be used transparently per-process as well as on a system-wide basis. Expand
Towards Efficient Second-Order Power Analysis
TLDR
This work considers two variants of second-order differential power analysis: Zero-Offset 2DPA and FFT2DPA, and explores a couple of attacks that attempt to efficiently employ second- order techniques to overcome masking. Expand
Cache-timing attacks on AES
TLDR
This paper demonstrates complete AES key recovery from known-plaintext timings of a network server on another computer and discusses several of the obstacles to constant-time high-speed AES software for common general-purpose computers. Expand
Cryptanalysis of DES Implemented on Computers with Cache
TLDR
The results of applying an attack against the Data Encryption Standard (DES) implemented in some applications, using side-channel information based on CPU delay as proposed in (11), found that the cipher can be broken with 2 known plaintexts and 2 24 calculations at a success rate > 90%, using a personal computer with 600-MHz Pentium III. Expand
On Boolean and Arithmetic Masking against Differential Power Analysis
TLDR
The present paper shows that the `BooleanToArithmetic' algorithm proposed by T. Messerges is not sufficient to prevent Differential Power Analysis and the 'ArithmeticToBoolean' algorithm is not secure either. Expand
Towards a theory of software protection and simulation by oblivious RAMs
TLDR
This paper distill and formulate the key problem of learning about a program from its execution, and presents an efficient way of executing programs such that it is infeasible to learn anything about the program by monitoring its executions. Expand
...
1
2
3
4
...