Software Observable Side Channels Flashcards
Causes of software observable SCs?
Finite total amount (memory, cache size, etc) and finite throughput (number of cache accesses, memory channels, etc)
How to get Software Observable SC onto target system?
- time shared system (multi accounts on same device), malicious user can get info about others
- personal computers, cell phones - apps are sandboxed, so malicious app can get info about other apps
- cloud computing - must RE how provider assigns VMs => usually based on resource usage => create VM with matching profile to target
what are Memoization-Based Optimizations?
Improve performance based on temporal locality (what recently happened is likely to happen again). Usually table stores the results of a time-consuming operation
Types of Memoization-Based Optimizations?
Non-speculative (tagged lookup, i.e. cache) => miss takes longer than a hit
Speculative (i.e. branch prediction) => each entry contains info about params and outcome => misprediction is expensive and causes a penalty
general approach to Memoization-Based attack
Premise: parameters of victim’s operation contain sensitive information => sensitive information determines which table entry is used
- Attacker does operations to occupy specific table entries
- Depending on sensitive data, victim tries to occupy same entries => evicting attacker’s data
- Attacker repeats operation and times it to see which entries were evicted
how does cache set associativity make a SC harder or easier?
Less entries in a set ==> more information is leaked
how to prevent cache side channels?
- Timing between memory accesses should not depend on sensitive data
- Addresses of memory accesses should not depend on sensitive data
how to measure side channels
- Use system calls to get the time
- Use hardware performance counters (count things such as cache misses)
- Use other hardware tables (TLB, branch pred tables, LLC, cache coherence dirs)
