The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
CPU 플러시 명령 기반 캐시 부채널 공격(캐시 명령 공격)은 광범위한 시스템을 대상으로 합니다. 예를 들어 FLUSH+RELOAD와 결합된 Meltdown/Spectre는 클라우드 가상 머신, 노트북, 데스크톱 및 모바일 장치에서 작동하는 운영 체제 커널 및 사용자 프로세스의 임의 데이터에 대한 읽기 액세스 권한을 얻습니다. 또한 결함 주입 공격은 CPU 캐시를 사용합니다. 예를 들어 Rowhammer는 물리적 메모리의 임의 데이터에 대한 쓰기 액세스 권한을 얻으려고 시도하는 캐시 명령 공격으로, DDR3이 있는 시스템에 영향을 미칩니다. 기존 캐시 명령 공격으로부터 보호하기 위해 하드웨어 및 소프트웨어 측면을 수정하는 다양한 기존 메커니즘이 제안되었습니다. 그러나 최신 캐시 명령 공격이 공개되면 이러한 메커니즘으로는 이를 방지할 수 없습니다. 또한, 추가적인 대응책을 마련하기 위해서는 설계 및 개발 과정에 오랜 시간이 소요됩니다. 본 논문에서는 모든 유형의 캐시 명령 공격으로부터 보호하고 추가 대응책이 출시될 때까지 최신 부채널 취약점을 사용하는 캐시 명령 공격을 완화하기 위해 FlushBlocker라는 새로운 메커니즘을 제안합니다. FlushBlocker는 CPU 캐시 제어를 제한하여 캐시 플러시 명령 발행과 실패로 이어지는 공격을 제한하는 접근 방식을 사용합니다. 본 연구의 유효성을 입증하기 위해 최신 Linux 커널에 FlushBlocker를 구현하고 보안성과 성능을 평가하였다. 결과에 따르면 FlushBlocker는 기존 캐시 명령 공격(예: Meltdown, Spectre 및 Rowhammer)을 성공적으로 방지했으며 성능 오버헤드가 XNUMX이었으며 실제 애플리케이션에서 투명했습니다.
Shuhei ENOMOTO
Tokyo University of Agriculture and Technology
Hiroki KUZUNO
Kobe University
Hiroshi YAMADA
Tokyo University of Agriculture and Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Shuhei ENOMOTO, Hiroki KUZUNO, Hiroshi YAMADA, "Efficient Protection Mechanism for CPU Cache Flush Instruction Based Attacks" in IEICE TRANSACTIONS on Information,
vol. E105-D, no. 11, pp. 1890-1899, November 2022, doi: 10.1587/transinf.2022NGP0008.
Abstract: CPU flush instruction-based cache side-channel attacks (cache instruction attacks) target a wide range of machines. For instance, Meltdown / Spectre combined with FLUSH+RELOAD gain read access to arbitrary data in operating system kernel and user processes, which work on cloud virtual machines, laptops, desktops, and mobile devices. Additionally, fault injection attacks use a CPU cache. For instance, Rowhammer, is a cache instruction attack that attempts to obtain write access to arbitrary data in physical memory, and affects machines that have DDR3. To protect against existing cache instruction attacks, various existing mechanisms have been proposed to modify hardware and software aspects; however, when latest cache instruction attacks are disclosed, these mechanisms cannot prevent these. Moreover, additional countermeasure requires long time for the designing and developing process. This paper proposes a novel mechanism termed FlushBlocker to protect against all types of cache instruction attacks and mitigate against cache instruction attacks employ latest side-channel vulnerability until the releasing of additional countermeasures. FlushBlocker employs an approach that restricts the issuing of cache flush instructions and the attacks that lead to failure by limiting control of the CPU cache. To demonstrate the effectiveness of this study, FlushBlocker was implemented in the latest Linux kernel, and its security and performance were evaluated. Results show that FlushBlocker successfully prevents existing cache instruction attacks (e.g., Meltdown, Spectre, and Rowhammer), the performance overhead was zero, and it was transparent in real-world applications.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2022NGP0008/_p
부
@ARTICLE{e105-d_11_1890,
author={Shuhei ENOMOTO, Hiroki KUZUNO, Hiroshi YAMADA, },
journal={IEICE TRANSACTIONS on Information},
title={Efficient Protection Mechanism for CPU Cache Flush Instruction Based Attacks},
year={2022},
volume={E105-D},
number={11},
pages={1890-1899},
abstract={CPU flush instruction-based cache side-channel attacks (cache instruction attacks) target a wide range of machines. For instance, Meltdown / Spectre combined with FLUSH+RELOAD gain read access to arbitrary data in operating system kernel and user processes, which work on cloud virtual machines, laptops, desktops, and mobile devices. Additionally, fault injection attacks use a CPU cache. For instance, Rowhammer, is a cache instruction attack that attempts to obtain write access to arbitrary data in physical memory, and affects machines that have DDR3. To protect against existing cache instruction attacks, various existing mechanisms have been proposed to modify hardware and software aspects; however, when latest cache instruction attacks are disclosed, these mechanisms cannot prevent these. Moreover, additional countermeasure requires long time for the designing and developing process. This paper proposes a novel mechanism termed FlushBlocker to protect against all types of cache instruction attacks and mitigate against cache instruction attacks employ latest side-channel vulnerability until the releasing of additional countermeasures. FlushBlocker employs an approach that restricts the issuing of cache flush instructions and the attacks that lead to failure by limiting control of the CPU cache. To demonstrate the effectiveness of this study, FlushBlocker was implemented in the latest Linux kernel, and its security and performance were evaluated. Results show that FlushBlocker successfully prevents existing cache instruction attacks (e.g., Meltdown, Spectre, and Rowhammer), the performance overhead was zero, and it was transparent in real-world applications.},
keywords={},
doi={10.1587/transinf.2022NGP0008},
ISSN={1745-1361},
month={November},}
부
TY - JOUR
TI - Efficient Protection Mechanism for CPU Cache Flush Instruction Based Attacks
T2 - IEICE TRANSACTIONS on Information
SP - 1890
EP - 1899
AU - Shuhei ENOMOTO
AU - Hiroki KUZUNO
AU - Hiroshi YAMADA
PY - 2022
DO - 10.1587/transinf.2022NGP0008
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E105-D
IS - 11
JA - IEICE TRANSACTIONS on Information
Y1 - November 2022
AB - CPU flush instruction-based cache side-channel attacks (cache instruction attacks) target a wide range of machines. For instance, Meltdown / Spectre combined with FLUSH+RELOAD gain read access to arbitrary data in operating system kernel and user processes, which work on cloud virtual machines, laptops, desktops, and mobile devices. Additionally, fault injection attacks use a CPU cache. For instance, Rowhammer, is a cache instruction attack that attempts to obtain write access to arbitrary data in physical memory, and affects machines that have DDR3. To protect against existing cache instruction attacks, various existing mechanisms have been proposed to modify hardware and software aspects; however, when latest cache instruction attacks are disclosed, these mechanisms cannot prevent these. Moreover, additional countermeasure requires long time for the designing and developing process. This paper proposes a novel mechanism termed FlushBlocker to protect against all types of cache instruction attacks and mitigate against cache instruction attacks employ latest side-channel vulnerability until the releasing of additional countermeasures. FlushBlocker employs an approach that restricts the issuing of cache flush instructions and the attacks that lead to failure by limiting control of the CPU cache. To demonstrate the effectiveness of this study, FlushBlocker was implemented in the latest Linux kernel, and its security and performance were evaluated. Results show that FlushBlocker successfully prevents existing cache instruction attacks (e.g., Meltdown, Spectre, and Rowhammer), the performance overhead was zero, and it was transparent in real-world applications.
ER -