Page Cache Attacks

Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, Anders Fogh

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

We present a new side-channel attack that targets one of the most fundamental software caches in modern computer systems: the operating system page cache. The page cache is a pure software cache that contains all disk-backed pages, including program binaries, shared libraries, and other files. On Windows, dynamic pages are also part of this cache and can be attacked as well, e.g., data, heap, and stacks. Our side channel permits unprivileged monitoring of accesses to these pages of other processes, with a spatial resolution of 4KB and a temporal resolution of 2µs on Linux (≤ 6.7 measurements per second), and 466ns on Windows 10 (≤ 223 measurements per second). We systematically analyze the side channel by demonstrating different hardware-agnostic local attacks, including a sandbox-bypassing high-speed covert channel, an ASLR break on Windows 10, and various information leakages that can be used for targeted extortion, spam campaigns, and more directly for UI redressing attacks. We also show that, as with hardware cache attacks, we can attack the generation of temporary passwords on vulnerable cryptographic implementations. Our hardware-agnostic attacks can be mitigated with our proposed security patches, but the basic side channel remains exploitable via timing measurements. We demonstrate this with a remote covert channel exfiltrating information from a colluding process through innocuous server requests.
Original languageEnglish
Title of host publicationCCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
PublisherACM/IEEE
Pages167-180
ISBN (Electronic) 978-1-4503-6747-9
DOIs
Publication statusPublished - 12 Nov 2019
EventACM CCS 2019: 26th ACM Conference on Computer and Communications Security - London, United Kingdom
Duration: 11 Nov 201915 Nov 2019

Conference

ConferenceACM CCS 2019
CountryUnited Kingdom
CityLondon
Period11/11/1915/11/19

    Fingerprint

Keywords

  • cs.CR

Cite this

Gruss, D., Kraft, E., Tiwari, T., Schwarz, M., Trachtenberg, A., Hennessey, J., ... Fogh, A. (2019). Page Cache Attacks. In CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 167-180). ACM/IEEE. https://doi.org/10.1145/3319535.3339809