Researchers at imec-COSIC, KU Leuven presented this paper titled “Double Trouble: Combined Heterogeneous Attacks on Non-Inclusive Cache Hierarchies” at the USENIX Security Symposium in Boston in August 2022. Note, this is a prepublication paper.
Abstract:
“As the performance of general-purpose processors faces diminishing improvements, computing systems are increasingly equipped with domain-specific accelerators. Today’s high-end servers tightly integrate such accelerators with the CPU, e.g., giving them direct access to the CPU’s last-level cache (LLC).
Caches are an important source of information leakage across security domains. This work explores combined cache attacks, complementing traditional co-tenancy with control over one or more accelerators. The constraints imposed on these accelerators, originally perceived as limitations, turn out to be advantageous to an attacker. We develop a novel approach for accelerators to find eviction sets, and leverage precise double-sided control over cache lines to expose undocumented behavior in non-inclusive Intel cache hierarchies.
We develop a compact and extensible FPGA hardware accelerator to demonstrate our findings. It constructs eviction sets at unprecedented speeds (<200 µs), outperforming existing techniques with one to three orders of magnitude. It maintains excellent performance, even under high noise pressure. We also use the accelerator to set up a covert channel with fine spatial granularity, encoding more than 3 bits per cache set. Furthermore, it can efficiently evict shared targets with tiny eviction sets, refuting the common assumption that eviction sets must be as large as the cache associativity." Find the technical paper here (pre-publication).
Authors:
Antoon Purnal, Furkan Turan, and Ingrid Verbauwhede, imec-COSIC, KU Leuven
Leave a Reply