The cache-based covert channel is one of the common vulnerabilities exploited in the Spectre attacks.Current mitigation strategies focus on blocking the eviction-based channel by using a random/encrypted mapping funct...The cache-based covert channel is one of the common vulnerabilities exploited in the Spectre attacks.Current mitigation strategies focus on blocking the eviction-based channel by using a random/encrypted mapping function to translate memory address to the cache address,while the updated-based channel is still vulnerable.In addition,some mitigation strategies are also costly as it needs software and hardware modifications.In this paper,our objective is to devise low-cost,comprehensive-protection techniques for mitigating the Spectre attacks.We proposed a novel cache structure,named EBCache,which focuses on the RISC-V processor and applies the address encryption and blacklist to resist the Spectre attacks.The addresses encryption mechanism increases the difficulty of pruning a minimal eviction set.The blacklist mechanism makes the updated cache lines loaded by the malicious updates invisible.Our experiments demonstrated that the EBCache can prevent malicious modifications.The EBCache,however,reduces the processor’s performance by about 23%but involves only a low-cost modification in the hardware.展开更多
Since the discovery of speculative execution attacks based on side channels,there has been a long history of research on their attack mechanisms and defense principles.To explore TLB side channels,we constructed a Sys...Since the discovery of speculative execution attacks based on side channels,there has been a long history of research on their attack mechanisms and defense principles.To explore TLB side channels,we constructed a System-on-Chip(SoC)centered around the XuanTie C910 processor on a Virtex UltraScale+HBM VCU128 FPGA and ran the Linux operating system on this platform.We successfully implemented the Spectre-v1 attack targeting the multi-level TLB structure of the XuanTie C910 processor,identifying the second-level TLB as the primary target of the attack.In addition,we proposed a defense mechanism called TLBshield-v1,which employs a 50-percent block rate policy on the write-back channel from the Page Table Walker to the second-level TLB,thereby mitigating all attacks based on the second-level TLB.We tested a 50-percent block rate policy,which reduced the success rate of the Spectre-v1 attack from 100 percent to 55.7 percent,with a performance overhead of only 1.77 percent.Furthermore,we designed TLBshield-v2,with different block rates of second-level TLB,tested their corresponding performance overheads and security implications,and introduced a normalized evaluation metric,Security-Versus-Performance to determine the optimal design strategy that balances performance overhead and security under varying security requirements.展开更多
基金This work was supported in part by the China Ministry of Science and Technology under Grant 2015GA600002。
文摘The cache-based covert channel is one of the common vulnerabilities exploited in the Spectre attacks.Current mitigation strategies focus on blocking the eviction-based channel by using a random/encrypted mapping function to translate memory address to the cache address,while the updated-based channel is still vulnerable.In addition,some mitigation strategies are also costly as it needs software and hardware modifications.In this paper,our objective is to devise low-cost,comprehensive-protection techniques for mitigating the Spectre attacks.We proposed a novel cache structure,named EBCache,which focuses on the RISC-V processor and applies the address encryption and blacklist to resist the Spectre attacks.The addresses encryption mechanism increases the difficulty of pruning a minimal eviction set.The blacklist mechanism makes the updated cache lines loaded by the malicious updates invisible.Our experiments demonstrated that the EBCache can prevent malicious modifications.The EBCache,however,reduces the processor’s performance by about 23%but involves only a low-cost modification in the hardware.
文摘Since the discovery of speculative execution attacks based on side channels,there has been a long history of research on their attack mechanisms and defense principles.To explore TLB side channels,we constructed a System-on-Chip(SoC)centered around the XuanTie C910 processor on a Virtex UltraScale+HBM VCU128 FPGA and ran the Linux operating system on this platform.We successfully implemented the Spectre-v1 attack targeting the multi-level TLB structure of the XuanTie C910 processor,identifying the second-level TLB as the primary target of the attack.In addition,we proposed a defense mechanism called TLBshield-v1,which employs a 50-percent block rate policy on the write-back channel from the Page Table Walker to the second-level TLB,thereby mitigating all attacks based on the second-level TLB.We tested a 50-percent block rate policy,which reduced the success rate of the Spectre-v1 attack from 100 percent to 55.7 percent,with a performance overhead of only 1.77 percent.Furthermore,we designed TLBshield-v2,with different block rates of second-level TLB,tested their corresponding performance overheads and security implications,and introduced a normalized evaluation metric,Security-Versus-Performance to determine the optimal design strategy that balances performance overhead and security under varying security requirements.
