Covert and Side Channels Due to Processor Architecture

  title={Covert and Side Channels Due to Processor Architecture},
  author={Zhenghong Wang and Ruby B. Lee},
  journal={2006 22nd Annual Computer Security Applications Conference (ACSAC'06)},
  • Zhenghong Wang, R. Lee
  • Published 11 December 2006
  • Computer Science
  • 2006 22nd Annual Computer Security Applications Conference (ACSAC'06)
Information leakage through covert channels and side channels is becoming a serious problem, especially when these are enhanced by modern processor architecture features. We show how processor architecture features such as simultaneous multithreading, control speculation and shared caches can inadvertently accelerate such covert channels or enable new covert channels and side channels. We first illustrate the reality and severity of this problem by describing concrete attacks. We identify two… 

Figures and Tables from this paper

Understanding and Mitigating Covert Channels Through Branch Predictors
This article classify, analyze, and compare covert channels through dynamic branch prediction units in modern processors, and estimates the capacity of the branch predictor covert channels and describes a software-only mitigation technique based on randomizing the state of the predictor tables on context switches.
Covert Timing Channels Exploiting Non-Uniform Memory Access based Architectures
A new type of covert timing channel that exploits the access timing difference between various caches in Non-Uniform Memory Access (NUMA)-based architectures, especially multi-socket CPUs is presented.
Thermal Covert Channels on Multi-core Platforms
This work demonstrates that even seemingly strong isolation techniques based on dedicated cores can be circumvented through the use of thermal channels, and shows a limitation in the isolation that can be achieved on existing multi-core systems.
New models of cache architectures characterizing information leakage from cache side channels
This paper establishes side-channel leakage models based on the non-interference property, and defines how the security aspects of a cache architecture can be modeled as a finite-state machine (FSM) with state transitions that cause interference.
CC-Hunter: Uncovering Covert Timing Channels on Shared Processor Hardware
This work proposes a new micro architecture-level framework, CC-Hunter, that detects the possible presence of covert timing channels on shared hardware and demonstrates that Chanter is able to successfully detect different types of covert timer channels at varying bandwidths and message patterns.
Survey of Microarchitectural Side and Covert Channels, Attacks, and Defenses
This survey extracts the key features of the processor’s microarchitectural functional units which make the channels possible, presents an analysis and categorization of the variety of microarch Architectural side and covert channels others have presented in literature, and surveys existing defense proposals.
Timing channel protection for a shared memory controller
A protection scheme to eliminate the interference across security domains through two main changes: a per security domain based queueing structure, and static allocation of time slots in the scheduling algorithm.
Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations
It is demonstrated that a reliable, high-capacity and low-error covert channel can be created through the RNG module that works across CPU cores and across virtual machines.
Port Contention for Fun and Profit
This work targets ports to stacks of execution units to create a high-resolution timing side-channel due to port contention, inherently stealthy since it does not depend on the memory subsystem like other cache or TLB based attacks.
SecSMT: Securing SMT Processors against Contention-Based Covert Channels
This paper presents the first comprehensive analysis of contention-based security vulnerabilities in a high-performance simultaneous mulithreaded (SMT) processor, and presents a set of unified mitiga-tion/isolation strategies that dramatically cut leakage while preserving most of the performance of a full, insecure SMT implementation.


Theoretical Use of Cache Memory as a Cryptanalytic Side-Channel
  • D. Page
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2002
An attack is described which encrypts 2 chosen plaintexts on the target processor in order to collect cache profiles and then performs around 2 computational steps to recover the key.
Cache Attacks and Countermeasures: The Case of AES
An extremely strong type of attack is demonstrated, which requires knowledge of neither the specific plaintexts nor ciphertexts, and works by merely monitoring the effect of the cryptographic process on the cache.
It is demonstrated that this shared access to memory caches provides not only an easily used high bandwidth covert channel between threads, but also permits a malicious thread to monitor the execution of another thread, allowing in many cases for theft of cryptographic keys.
HIDE: an infrastructure for efficiently protecting information leakage on the address bus
An infrastructure called HIDE (Hardware-support for leakage-Immune Dynamic Execution) which provides a solution consisting of chunk-level protection with hardware support and a flexible interface which can be orchestrated through the proposed compiler optimization and user specifications that allow utilizing underlying hardware solution more efficiently to provide better security guarantees.
Transparent Run-Time Defense Against Stack-Smashing Attacks
Two new methods to detect and handle buffer overflow vulnerabilities in process stacks are presented that work with any existing pre-compiled executable and can be used transparently per-process as well as on a system-wide basis.
Towards Efficient Second-Order Power Analysis
This work considers two variants of second-order differential power analysis: Zero-Offset 2DPA and FFT2DPA, and explores a couple of attacks that attempt to efficiently employ second- order techniques to overcome masking.
Cache-timing attacks on AES
This paper demonstrates complete AES key recovery from known-plaintext timings of a network server on another computer and discusses several of the obstacles to constant-time high-speed AES software for common general-purpose computers.
Cryptanalysis of DES Implemented on Computers with Cache
The results of applying an attack against the Data Encryption Standard (DES) implemented in some applications, using side-channel information based on CPU delay as proposed in (11), found that the cipher can be broken with 2 known plaintexts and 2 24 calculations at a success rate > 90%, using a personal computer with 600-MHz Pentium III.
On Boolean and Arithmetic Masking against Differential Power Analysis
The present paper shows that the `BooleanToArithmetic' algorithm proposed by T. Messerges is not sufficient to prevent Differential Power Analysis and the 'ArithmeticToBoolean' algorithm is not secure either.
Towards a theory of software protection and simulation by oblivious RAMs
This paper distill and formulate the key problem of learning about a program from its execution, and presents an efficient way of executing programs such that it is infeasible to learn anything about the program by monitoring its executions.