A Predictive Model for Cache-Based Side Channels in Multicore and ...
Recommend Documents
e-mail: {name.surname}@epfl.ch, [email protected]. ABSTRACT. The goal of thermal management is to meet maximum operat- ing temperature constraints ...
power price and weather forecast, considering users' comfort settings to meet an optimization ... shifting; model predictive control; solar/wind power penetration.
multiple-access decoding problem, for which we apply superposition coding. ..... of random codes with a rate that is greater than 1 â h(W), we ensure that the ...
In a random-coding setting (as will be discussed in Section II.2), we construct the .... We now provide a precise analysis of superposition coding using randomly ...
show that covert channels and side channels exist in building automation. Additionally, we ... a communication channel that was never designed to be used.
Key word.c economics, fishery regulation, management, quotas, licenses, taxes, fishermen's quotas ... nitude have seldom actually been imposed in fisheries,. Printed in .... the '"eneral production" model ...... more, because of the competition for f
Feb 9, 2014 - A predictive distribution model for a series cooperative braking system of an electric vehicle is proposed, which can solve the real-time problem ...
Nov 16, 2003 - Semiconductor Manufacturing Supply Chains under Uncertainty ... phone: (480) 965-9476 fax: (480) 965-0037; e-mail: [email protected]. 2 ... of the plans for the factories, warehouses, and transport links that form the backbone of a
Aug 24, 2016 - exponent relating height and stem diameter is denoted as α 1, we see ..... D (Fig. 3c). Importantly, beyond the variations of scaling exponents ...
Sep 20, 2001 - 15. 20. 25. 30. Time [hrs]. C ry s ta l S ize [m u. ] Data Window ..... STW, AKZO-Nobel, BASF, Bayer A.G., Dow Chemicals, DSM, DuPont de ...
Nov 25, 2008 - Multicore co- herent caching enables data cached on a core to be accessed by other cores using the iMesh network. The block diagram.
and magmatism (Roy et al., 1971; Naha and Halyburton, 1974; Roy, 1988; .... Marble. 5. 1.67. 0.5. DF2 Synform. 4. 0.27. 0.08. Metavolcanics. 8. 2.67. 0.8.
IEEE TRANSACTIONS ON GEOSCIENCE AND REMOTE SENSING, VOL. 48, NO. ... spatial aggregation (1â8 km) to investigate the efficacy of the model.
Bruno Picasso, Carlo Romani, Riccardo Scattolini. Multiple Model Predictive .... Christoph Böhm, Moritz Merk, Walter Fichter, Frank Allgöwer. Nonlinear Model ...
Jul 21, 2012 - Our simulations indicate that algal blooms can influence snowpacN ... Snow has a more variable albedo than any other surface on Earth, ... However, many snow algae share morphological traits. 62 .... Real blooms observed by .... bloom
Mar 26, 2015 - PeerJ 3:e842; DOI 10.7717/peerj.842 ...... Papa R, Kapan DD, Counterman BA, Maldonado K, Lindstrom DP, Reed RD, Nijhout HF,. Hrbek T ...
Main objective of this thesis is development and implementation of a modular computer framework for nonlinear model predictive control (NMPC). Modularity of ...
Feb 9, 2014 - studied. The second one is emergency braking process, within which the antilock braking system (ABS) is required to work together with the ..... tional condition, the basic principle is that, if the predictive parameters fall into the .
Solving an optimization problem can be a time-consuming ... position. However, in [11] a NMPC-controller is used to swing-up and stabilize a planar pendulum ...
Chemical Engineering Department, University of Illinois, 810 S. Clinton Street, Chicago, IL 60607-7000, USA. Received 6 July 1995; accepted 8 April 1996.
AbstractâThis paper presents a nonlinear model predictive control algorithm for online motion planning and tracking of an omnidirectional autonomous robot.
Jun 16, 2016 - 2012; Overby, Bharadwaj, & Sambamurthy, 2006; Seo, Desouza, &. Erickson ..... study relies on the use of fsQCA 2.5 software (Ragin & Davey, 2014). A first step in this ..... Predictive analytics in information systems research.
technique called model predictive control (MPC) that can take advantage of ......
optimization task is solved in Scilab environment and transmitted to BAS via a ...
Oct 19, 2017 - Revisiting EOR Projects in Indonesia through Integrated Study: EOR .... maximum-type property to refer to probability density function (pdf) form: triangle, right- ...... A Critical Review on Microbial Enhanced Oil Recovery Using ...
A Predictive Model for Cache-Based Side Channels in Multicore and ...
Power wall; ILP wall; memory wall. â âEnd of lazy-boy programming eraâ. ⢠Multi-cores offer a way out. â New Moore's law: 2x number of cores every 1.5 years.
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
A Predictive Model for Cache-Based Side Channels in Multicore and Multithreaded Microprocessors Leonid Domnitser, Nael Abu-Ghazaleh and Dmitry Ponomarev Department of Computer Science SUNY-Binghamton {lenny, nael, dima}@cs.binghamton.edu
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Multi-cores-->Many-cores • Moore's law coming to an end – Power wall; ILP wall; memory wall – “End of lazy-boy programming era”
• Multi-cores offer a way out – New Moore's law: 2x number of cores every 1.5 years
• New security vulnerabilities arise due to resource sharing – Side-Channel Attacks and Denial of Service Attacks Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Last-level Cache Sharing on Multicores (Intel Xeon)
2 quad-core Intel Xeon e5345 (Clovertown)
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
L1 Cache Sharing in SMT Processor Instruction Cache
Fetch Unit
Decode
PC PC PC PC
PC
Issue Queue Register File
Load/Store Queues
LDST PC Units
PC Execution PC Units
Data Cache
Register Rename
Re-order Buffers
Arch State
Private Resources Shared Resources
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Advanced Encryption Standard (AES) • One of the most popular algorithms in symmetric key cryptography 16-byte input (plaintext) 16-byte output (ciphertext) 16-byte secret key (for standard 128-bit encryption) several rounds of 16 XOR operations and 16 table lookups secret key byte
Lookup Table index
Input byte
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Set-Associative Caches Address 31 30
•
12 11 10 9 8
8
22
Index 0 1 2
V
Tag
Data
V
3210
Tag
Data
V
Tag
Data
V
Tag
Data
253 254 255 22
32
4-to-1 multiplexor
Hit
Data Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Attack Example Cache a b c d
Main Memory AES data
Attacker’s data b>(a≈c≈d)
Can exploit knowledge of the cache replacement policy to optimize attack 8 Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Cache-Based Side Channel Attacks • An attacker and a victim process (e.g. AES) run together using a shared cache • Access-Driven Attack: • Attacker occupies the cache, evicting victim’s data • When victim accesses cache, attacker’s data is evicted • By timing its accesses, attacker can detect intervening accesses by the victim
• Time-Driven Attack • Attacker fills the cache • Times victim’s execution for various inputs • Performs correlation analysis Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Simple Attack Code Example #define ASSOC 8 #define NSETS 128 #define LINESIZE 32 #define ARRAYSIZE (ASSOC*NSETS*LINESIZE/sizeof(int)) static int the_array[ARRAYSIZE] int fine_grain_timer(); //implemented as inline assembler void time_cache() { register int i, time, x; for(i = 0; i < ARRAYSIZE; i++) { time = fine_grain_timer(); x = the_array[i]; time = fine_grain_timer() - time; the_array[i] = time; } }
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Existing Solutions • Avoid using pre-computed tables – too slow • Close the channel: • Lock critical data in the cache (Lee, ISCA 07) • Impacts performance
• Randomize the victim selection (Lee, MICRO’08) • Both are highly complex, impact performance and require OS/ISA support • Constrain the channel: • NoMo: dynamic partitioning of the cache that sets some ways of the cache to be exclusive to each thread • Still leaks a small amount of accesses Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Aggregate Exposure of Critical Data Aggregate Critical Exposure 1.0
Exposure rate
0.8 AES encrypt AES decrypt BF encrypt BF decrypt
0.6 0.4 0.2 0.0
NoMo-0
NoMo-1
NoMo-2
NoMo-3
NoMo-4
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Contribution and Motivation • Predictive mathematical model for access leakage for access based side channel attacks • Why? Vulnerability is a function of information leaked through the side-channel • Estimate how vulnerable current algorithms and caches to attack • Estimate how effective imperfect solutions that constrain rather than close the side-channel are
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Model Parameters
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Leakage Prediction Model • P(D|C) is the probability that the cache access is detected by the attacker given that this access is critical • P(D) is the probability that the access is detected
• P(C) is the probability that the access is critical
• Our model computes P(C|D) as follows: • P(D|C) = [P(C|D)*P(D)] / P(C) Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Leakage Prediction Model • Estimating P(C) • Average fraction of critical accesses – constant for a given program. • Can be estimated through static analysis or profiling • Estimating P(D) • Number of detected accesses out of the total number of accesses • 100% for the perfect attacker. Less in reality as some accesses are hidden by cache hits. • Estimating P(C|D)
• Need to filter out the noise due to non-critical accesses Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Estimating P(D)
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Estimating P(C|D)
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Estimating P(D|C)
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Aggregate Leakage Predicted by Model
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Predicted Leakge Per Set, Blowfish 8-way set associative cache
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Predicted leakage Per Set, AES 8-way set associative cache
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Predicted leakage Per Set, Blowfish, AES, Direct Mapped Cache
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Model Validation Methodology • We used M-Sim-3.0 cycle accurate simulator (multithreaded and Multicores derivative of Simplescalar) developed at SUNY Binghamton • http://www.cs.binghamton.edu/~msim • Evaluated leakage for AES and Blowfish encryption/decryption • Ran security benchmarks for blocks of randomly generated input • Implemented the attacker as a separate thread and ran it alongside the crypto processes • Assumed that the attacker is able to synchronize at the block encryption boundaries (i.e. It fills the cache after each block encryption and checks the cache after the encryption).
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Model Validation: Per Block Leakage in AES
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Model Validation: Blowfish
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Model Validation: Direct-Mapped Cache
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Conclusions and Future Work • We developed a model for information leakage for access based cache side channel attacks • An important attack with the emergence of multi-core and multithreaded architectures • Model can capture overall accesses in an application or any subset of them (e.g., specific sets) • The model was validated against a cycle accurate simulator
• Future work: model the impact of defenses that reduce the leakage • Future work: translate leakage pattern into a measure of difficulty of breaking the key
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Thank you! Questions?
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Спасибо большое какие-нибудь вопросы?
30 Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Example of Partial Side Channel Closure: NoMo Caches
Key idea: An application sharing cache cannot use all lines in a set NoMo invariant: For an N-way cache, a thread can use at most N – Y lines Y – NoMo degree Essentially, we reserve Y cache ways for each co-executing application and dynamically share the rest If Y=N/2, we have static non-overlapping cache partitioning Implementation is very simple – just need to check the reservation bits at the time of replacement Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
NoMo Replacement Logic
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
NoMo example for an 8-way cache Initial NoMo Entry Reserved Shared More Thread (Yellow cache way way 2 enters =usage T1, usage Blue = T2)
F:1 H:1 R:2 A:1 G:1 B:1 B:1 M:1 L:1 T:2
C:1 Q:2 A:1 P:1 N:1 J:1 S:2 I:1 U:2
K:1
N:1 O:1
D:1 E:1
• Showing 4 lines of an 8-way cache with NoMo-2 • X:N means data X from thread N Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Why Does NoMo Work?
• Victim’s accesses become visible to attacker only if the victim has accesses outside of its allocated partition between two cache fills by the attacker. • In this example: NoMo-1
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Evaluation Methodology • We used M-Sim-3.0 cycle accurate simulator (multithreaded and Multicores derivative of Simplescalar) developed at SUNY Binghamton • http://www.cs.binghamton.edu/~msim • Evaluated security for AES and Blowfish encryption/decryption • Ran security benchmarks for 3M blocks of randomly generated input • Implemented the attacker as a separate thread and ran it alongside the crypto processes • Assumed that the attacker is able to synchronize at the block encryption boundaries (i.e. It fills the cache after each block encryption and checks the cache after the encryption) • Evaluated performance on a set of SPEC 2006 Benchmarks. Used Pin-based trace-driven simulator with Pintools.
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Sets with Critical Exposure AES enc.
AES dec.
BF enc.
BF dec.
NoMo-0
128
128
128
128
NoMo-1
128
128
128
128
NoMo-2
10
14
22
22
NoMo-3
0
0
1
1
NoMo-4
0
0
0
0 Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Impact on IPC Throughput (105 2-threaded SPEC 2006 workloads simulated)
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
Impact on Fair Throughput (105 2-threaded SPEC 2006 workloads simulated)
Normalized Fairness
1.01
1.00
NoMo-1 NoMo-2 NoMo-3 NoMo-4
0.99
0.98
0.97 Benchmark Mixes
Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
NoMo Design Summary • Practical and low-overhead hardware-only design for defeating access-driven cache-based side channel attacks • Can easily adjust security-performance trade-offs by manipulating degree of NoMo • Can support unrestricted cache usage in singlethreaded mode • Performance impact is very low in all cases • No OS or ISA support required Nael Abu-Ghazaleh | SAB2003
Information Exploitation | Information Fusion & Understanding | Information Management | Cyber Operations | Command & Control | Connectivity | Advanced Computing Architectures
NoMo Results Summary (for an 8-way L1 cache) • NoMo-4 (static partitioning): complete application isolation with 1.2% average (5% max) performance and fairness impact on SPEC 2006 benchmarks • NoMo-3: No side channel for AES, and 0.07% critical leakage for Blowfish. 0.8% average(4% max) performance impact on SPEC 2006 benchmarks • NoMo-2: Leaks 0.6% of critical accesses for AES and 1.6% for Blowfish. 0.5% average (3% max) performance impact on SPEC 2006 benchmarks • NoMo-1: Leaks 15% of critical accesses for AES and 18% for Blowfish. 0.3% average (2% max) performance impact on SPEC 2006 benchmarks
