Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory

Daniel Gruss, Julian Lettner, Felix Schuster, Olga Ohrimenko, Istvan Haller, Manuel Costa

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Cache-based side-channel attacks are a serious problem in multi-tenant environments, for example, modern cloud data centers. We address this problem with Cloak, a new technique that uses hardware transactional memory to prevent adversarial observation of cache misses on sensitive code and data. We show that Cloak provides strong protection against all known cache-based side-channel attacks with low performance overhead. We demonstrate the efficacy of our approach by retrofitting vulnerable code with Cloak and experimentally confirming immunity against state-of-the-art attacks. We also show that by applying Cloak to code running inside Intel SGX enclaves we can effectively block information leakage through cache side channels from enclaves, thus addressing one of the main weaknesses of SGX.
Originalspracheenglisch
Titel2017 Proceedings of the 26th USENIX Security Symposium
PublikationsstatusVeröffentlicht - 16 Aug 2017

Dies zitieren

Gruss, D., Lettner, J., Schuster, F., Ohrimenko, O., Haller, I., & Costa, M. (2017). Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. in 2017 Proceedings of the 26th USENIX Security Symposium

Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. / Gruss, Daniel; Lettner, Julian; Schuster, Felix; Ohrimenko, Olga; Haller, Istvan; Costa, Manuel.

2017 Proceedings of the 26th USENIX Security Symposium. 2017.

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Gruss, D, Lettner, J, Schuster, F, Ohrimenko, O, Haller, I & Costa, M 2017, Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. in 2017 Proceedings of the 26th USENIX Security Symposium.
Gruss D, Lettner J, Schuster F, Ohrimenko O, Haller I, Costa M. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. in 2017 Proceedings of the 26th USENIX Security Symposium. 2017
Gruss, Daniel ; Lettner, Julian ; Schuster, Felix ; Ohrimenko, Olga ; Haller, Istvan ; Costa, Manuel. / Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. 2017 Proceedings of the 26th USENIX Security Symposium. 2017.
@inproceedings{3fe9238c4c6849379f0baf44272bc9a9,
title = "Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory",
abstract = "Cache-based side-channel attacks are a serious problem in multi-tenant environments, for example, modern cloud data centers. We address this problem with Cloak, a new technique that uses hardware transactional memory to prevent adversarial observation of cache misses on sensitive code and data. We show that Cloak provides strong protection against all known cache-based side-channel attacks with low performance overhead. We demonstrate the efficacy of our approach by retrofitting vulnerable code with Cloak and experimentally confirming immunity against state-of-the-art attacks. We also show that by applying Cloak to code running inside Intel SGX enclaves we can effectively block information leakage through cache side channels from enclaves, thus addressing one of the main weaknesses of SGX.",
author = "Daniel Gruss and Julian Lettner and Felix Schuster and Olga Ohrimenko and Istvan Haller and Manuel Costa",
year = "2017",
month = "8",
day = "16",
language = "English",
booktitle = "2017 Proceedings of the 26th USENIX Security Symposium",

}

TY - GEN

T1 - Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory

AU - Gruss, Daniel

AU - Lettner, Julian

AU - Schuster, Felix

AU - Ohrimenko, Olga

AU - Haller, Istvan

AU - Costa, Manuel

PY - 2017/8/16

Y1 - 2017/8/16

N2 - Cache-based side-channel attacks are a serious problem in multi-tenant environments, for example, modern cloud data centers. We address this problem with Cloak, a new technique that uses hardware transactional memory to prevent adversarial observation of cache misses on sensitive code and data. We show that Cloak provides strong protection against all known cache-based side-channel attacks with low performance overhead. We demonstrate the efficacy of our approach by retrofitting vulnerable code with Cloak and experimentally confirming immunity against state-of-the-art attacks. We also show that by applying Cloak to code running inside Intel SGX enclaves we can effectively block information leakage through cache side channels from enclaves, thus addressing one of the main weaknesses of SGX.

AB - Cache-based side-channel attacks are a serious problem in multi-tenant environments, for example, modern cloud data centers. We address this problem with Cloak, a new technique that uses hardware transactional memory to prevent adversarial observation of cache misses on sensitive code and data. We show that Cloak provides strong protection against all known cache-based side-channel attacks with low performance overhead. We demonstrate the efficacy of our approach by retrofitting vulnerable code with Cloak and experimentally confirming immunity against state-of-the-art attacks. We also show that by applying Cloak to code running inside Intel SGX enclaves we can effectively block information leakage through cache side channels from enclaves, thus addressing one of the main weaknesses of SGX.

M3 - Conference contribution

BT - 2017 Proceedings of the 26th USENIX Security Symposium

ER -