CACHE SIDE CHANNEL ATTACK: EXPLOITABILITY AND COUNTERMEASURES presented at BlackhatAsia 2017

by Gorka Irazoqui, Xiaofei Guo,

Summary : Cache attacks have proven to be a big concern for security code designers because they are able to recover a wide range of information, ranging from cryptographic keys to user privacy-related information. These attacks take advantage of the fact that two processes are utilizing the same hardware resource, thus leveraging unexpected leakages that can be exploited by a malicious user. More specifically, Last Level Cache (LLC) attacks make use of the fact that the LLC is shared across cores, thus being able to steal information from users located in different cores. These attacks have been shown to be applicable in a wide variety of scenarios, going from IaaS clouds to web browsing exploitation with embedded javascript code.
This presentation describes the approaches that two of the most dangerous cache attacks follow, i.e., Flush and Reload and Prime and Probe. Indeed their characteristics also determine their applicability; while Flush and Reload requires memory deduplication to succeed (i.e. shared memory between processes), Prime and Probe does not need special requirements to succeed. We evaluate the different examples of everyday usage software that can be targeted by this kind of attacks to violate our privacy. Further, this presentation expands on the scenarios in which each of the attacks succeed - including but not limited to, IaaS and PaaS co-located VMs/processes, web browsing javascript attacks, trusted execution environment attacks or smartphone inter-application attacks.
Finally, this presentation explores the steps that need to be taken to avoid the exploitation of such attacks: at the software level (writing key independent execution flow), at the OS/hypervisor level (Utilizing LLC isolation through mechanisms like page sharing) and at the hardware level (e.g., locking certain portions of the LLC).