Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory
نویسندگان
چکیده
Cache-based side-channel attacks are a serious problem in multi-tenant environments, for example, modern cloud data centers. We address this problem with Cloak, a new technique that uses hardware transactional memory to prevent adversarial observation of cache misses on sensitive code and data. We show that Cloak provides strong protection against all known cache-based side-channel attacks with low performance overhead. We demonstrate the efficacy of our approach by retrofitting vulnerable code with Cloak and experimentally confirming immunity against state-of-the-art attacks. We also show that by applying Cloak to code running inside Intel SGX enclaves we can effectively block information leakage through cache side channels from enclaves, thus addressing one of the main weaknesses of SGX.
منابع مشابه
Announcing the Final Examination of Jingfei Kong for the degree of Doctor of Philosophy Time & Location: June 18, 2010 at 2:00 PM in HEC 302 Title: ARCHITECTURAL SUPPORT FOR IMPROVING COMPUTER SECURITY
We propose several methods to improve computer security and privacy from architectural point of view. They provide strong protection as well as cost efficiency. In our first approach, we propose a new dynamic information flow method to protect systems from popular software attacks such as buffer overflow and format string attacks. In our second approach, we propose to deploy encryption schemes ...
متن کاملAnnouncing the Final Examination of Jingfei Kong for the degree of Doctor of Philosophy Time & Location: June 18, 2010 at 2:00 PM in HEC 302 Title: ARCHITECTURAL SUPPORT FOR IMPROVING COMPUTER SECURITY
We propose several methods to improve computer security and privacy from architectural point of view. They provide strong protection as well as cost efficiency. In our first approach, we propose a new dynamic information flow method to protect systems from popular software attacks such as buffer overflow and format string attacks. In our second approach, we propose to deploy encryption schemes ...
متن کاملAnnouncing the Final Examination of Jingfei Kong for the degree of Doctor of Philosophy Time & Location: June 18, 2010 at 2:00 PM in HEC 302 Title: ARCHITECTURAL SUPPORT FOR IMPROVING COMPUTER SECURITY
We propose several methods to improve computer security and privacy from architectural point of view. They provide strong protection as well as cost efficiency. In our first approach, we propose a new dynamic information flow method to protect systems from popular software attacks such as buffer overflow and format string attacks. In our second approach, we propose to deploy encryption schemes ...
متن کاملEnergy and Throughput Efficient Transactional Memory for Embedded Multicore Systems
We propose a new design for an energy-efficient hardware transactional memory (HTM) system for power-aware embedded devices. Prior hardware transactional memory designs proposed a small, fully-associative transactional cache at the same level as the L1 cache. We propose an alternative design that unifies the transactional and L1 caches, and provides a small victim cache to reduce effects of cap...
متن کاملSTEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud
Cloud services are rapidly gaining adoption due to the promises of cost efficiency, availability, and on-demand scaling. To achieve these promises, cloud providers share physical resources to support multi-tenancy of cloud platforms. However, the possibility of sharing the same hardware with potential attackers makes users reluctant to offload sensitive data into the cloud. Worse yet, researche...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2017