PowerPoint Presentation · Less frequent, smaller cache region: 15% More frequent, larger cache...

The attacker runs a program on the system that is performing the cryptographic operation of interest

Basic idea: observe computation’s effects on the system, and learn information from that

Recent attacks are asynchronous, in that they do not require the attacker to achieve precisely timed observations of the victim

Cache Set

Cache Line

4-way set associative cache

Physical Address

PRIME PRIME-PROBE Interval

PRIME-PROBE Interval

400 600 500 400 400 500

PRIME PROBE

Hardware

Operating System

Attacker

Process

Victim

Process

Hardware

Virtual Machine Monitor

Victim VM

Victim

Process

Attacker VM

PRIME-PROBE Interval PRIME PROBE

Foe VM

Friendly VMs

Xen Hypervisor

Friendly VMs

Xen Hypervisor

PRIME PRIME-PROBE Interval PROBE

Pseudo-physical Pages

Physical Pages

0x5000 0x3000

2 1 3 5 4

0x5000 0x3000 Page Table Entries

Physical Address 0x2000 0x1000 0x3000 0x4000 0x5000

Pseudo-physical Pages

Physical Pages

Reserved pages

0x01 0x02 0x03 0x04 0x05 0x06

Avoided pages

Data copy

L2 Cache

PRIME PROBE PRIME-PROBE Interval

core core

1500 2000 2500 3000 3500

PROBE results with NO foe present (CPU cycles)

1500 2000 2500 3000 3500

PROBE results with NO foe present (CPU cycles)

Class B

Class A

Foe more

PROBE results

Foe less PROBE

results here

Different friend I/O

Cache region Select Monitoring VM

Xen Hypervisor

PRIME PRIME-PROBE Interval PROBE

Xen Hypervisor

Select next Monitoring VM Does the PROBE result fall into

class A or class B? I am the next

Monitoring VM

True detection rate (with 1% false positive) Foe VM running cloud applications

Simulated with PARSEC benchmarks: 84% - 100% Foe VM running PRIME-PROBE protocol

Less frequent, smaller cache region: 15%

More frequent, larger cache region: 85%

Performance overhead Address remapping: 150ms for remapping a 2GB memory (1/16 mapped to monitored cache region)

Less than 5% overhead during detection period

PowerPoint Presentation · Less frequent, smaller cache region: 15% More frequent, larger cache...

Documents

Remapping du clavier - Rebellyon.info

Remapping Evil

Cache-conscious Frequent Pattern Mining on a Modern Processor

Remapping Your Strategic Mind Set - McKinsey Quart

Remapping Bangladesh: A Palimpsestic Approach to Tehmima

Remapping India - Louise Tillin

ECU CARS/TRUCKS/TRACTORS MOTORBIKES REMAPPING …

YOUR REMAPPING PARTNER - Tuning Files Service

Remapping Translation Studies (1)

51. Remapping Beijing

CAPS Radar QC and Remapping

REMAPPING YOUR PADDLES - Evil Controllers...REMAPPING YOUR PADDLES STEP 1 STEP 2 STEP 3 STEP 4 Note: You must press touchpad örst in order to access remapping. NSHIFT . Title: RemapInstructionsTemp.indd

Know More About Car Remapping

CONTOH Form Task Force Remapping Dealer

Remapping Inland Southern California: Global Commodity ... · Juan David De Lara. 1 Abstract Remapping Inland Southern California: Global Commodity Distribution, Land Speculation,

Art 4 d time remapping wit 2013

Understanding ECU Remapping Audi TT 1.8t Tutorial

Time Remapping in Final Cut Pro

Remapping World Cinemas for the Digital Age

Banshee: Bandwidth-Efﬁcient DRAM Caching Via Software ...Tagless DRAM Cache (TDC [10]) also uses address remap-ping, but enables frequent cache replacement via hardware-managed TLB