TY - GEN
T1 - Leveraging hardware transactional memory for cache side-channel defenses
AU - Chen, Sanchuan
AU - Liu, Fangfei
AU - Mi, Zeyu
AU - Zhang, Yinqian
AU - Lee, Ruby B.
AU - Chen, Haibo
AU - Wang, Xiao Feng
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/5/29
Y1 - 2018/5/29
N2 - A program's use of CPU caches may reveal its memory access pattern and thus leak sensitive information when the program performs secret-dependent memory accesses. In recent studies, it has been demonstrated that cache side-channel attacks that extract secrets by observing the victim program's cache uses can be conducted under a variety of scenarios, among which the most concerning are cross-VM attacks and those against SGX enclaves. In this paper, we propose a mechanism that leverages hardware transactional memory (HTM) to enable software programs to defend themselves against various cache side-channel attacks. We observe that when the HTM is implemented by retrofitting cache coherence protocols, as is the case of Intel's Transactional Synchronization Extensions, the cache interference that is necessary in cache side-channel attacks will inevitably terminate hardware transactions. We provide a systematic analysis of the security requirements that a software-only solution must meet to defeat cache attacks, propose a software design that leverages HTM to satisfy these requirements and devise several optimization techniques in our implementation to reduce performance impact caused by transaction aborts. The empirical evaluation suggests that the performance overhead caused by the HTM-based solution is low.
AB - A program's use of CPU caches may reveal its memory access pattern and thus leak sensitive information when the program performs secret-dependent memory accesses. In recent studies, it has been demonstrated that cache side-channel attacks that extract secrets by observing the victim program's cache uses can be conducted under a variety of scenarios, among which the most concerning are cross-VM attacks and those against SGX enclaves. In this paper, we propose a mechanism that leverages hardware transactional memory (HTM) to enable software programs to defend themselves against various cache side-channel attacks. We observe that when the HTM is implemented by retrofitting cache coherence protocols, as is the case of Intel's Transactional Synchronization Extensions, the cache interference that is necessary in cache side-channel attacks will inevitably terminate hardware transactions. We provide a systematic analysis of the security requirements that a software-only solution must meet to defeat cache attacks, propose a software design that leverages HTM to satisfy these requirements and devise several optimization techniques in our implementation to reduce performance impact caused by transaction aborts. The empirical evaluation suggests that the performance overhead caused by the HTM-based solution is low.
UR - http://www.scopus.com/inward/record.url?scp=85049174096&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85049174096&partnerID=8YFLogxK
U2 - 10.1145/3196494.3196501
DO - 10.1145/3196494.3196501
M3 - Conference contribution
AN - SCOPUS:85049174096
T3 - ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
SP - 601
EP - 608
BT - ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security
PB - Association for Computing Machinery, Inc
T2 - 13th ACM Symposium on Information, Computer and Communications Security, ASIACCS 2018
Y2 - 4 June 2018 through 8 June 2018
ER -