CaSA : end-to-end quantitative security analysis of randomly mapped caches
Author(s)Drean, Jules(Jules G.)
Cache Security Analyzer : end-to-end quantitative security analysis of randomly mapped caches
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
MetadataShow full item record
It is well known that there are micro-architectural vulnerabilities that enable an attacker to use caches to exfiltrate secrets from a victim. These vulnerabilities exploit the fact that the attacker can detect cache lines that were accessed by the victim. Therefore, architects have looked at different forms of randomization to thwart the attacker's ability to communicate using the cache. The security analysis of those randomly mapped caches is based upon the increased difficulty for the attacker to determine the addresses that touch the same cache line that the victim has accessed. In this paper, we show that the analyses used to evaluate those schemes were incomplete in various ways. For example, they were incomplete in only looking at one communication step, which is the step that the attacker uses to determine the set of addresses that can monitor the cache lines used by the transmitter address. Indeed, we generalize micro-architecture side channels to obtain the overall view of the communication process and identify that there exist other communication steps that can also affect the security of randomly mapped caches, but have been ignored by prior work. We design an analysis framework, CaSA, to comprehensively and quantitatively analyze the security of these randomly mapped caches. We comprehensively consider the end-to- end communication steps and study the statistical relationship between different steps. In addition, to perform quantitative analysis, we leverage the concepts from the field of telecommunication to formulate the security analysis into a statistical problem. We use CaSA to evaluate a wide range of attack strategies and cache configurations. Our result shows that the randomization mechanisms used in the state-of-the-art randomly mapped caches are insecure.
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, September, 2020Cataloged from student-submitted PDF version of thesis.Includes bibliographical references (pages 63-67).
DepartmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Massachusetts Institute of Technology
Electrical Engineering and Computer Science.