Embed Size (px)
Citation preview
Malicious Management UnitWhy Stopping Cache Attacks in Software is Harder Than
You Think
Stephan van Schaik
Cristiano Giuffrida Herbert Bos Kaveh Razavi
Motivation
Why should you care about cache attacks?
1 / 39
Motivation
CPURegisters
Main Memory
Disk Storage
2 / 39
Motivation
CPURegisters
Main Memory
Disk Storage
Increasing performance gap
Processors advance faster than memory
2 / 39
Motivation
CPURegisters
L1 Cache
L2 Cache
L3 Cache
Main Memory
Disk Storage
2 / 39
Motivation
CPURegisters
L1 Cache
L2 Cache
L3 Cache
Main Memory
Disk Storage
FasterSm
allerLargerSlow
er
2 / 39
Motivation
CPURegisters
L1 Cache
L2 Cache
L3 Cache
Main Memory
Disk Storage
Cache Miss
Cache Hit
FasterSm
allerLargerSlow
er
2 / 39
Motivation
CPURegisters
L1 Cache
L2 Cache
L3 Cache
Main Memory
Disk Storage
Cache Miss
Cache Hit
FasterSm
allerLargerSlow
er
Memory accesses are not performed in constant time
2 / 39
Motivation
▶ Caches are shared resources
▶ Caches can be manipulated
▶ Spy on other processes
▶ Input events
▶ Leak sensitive data
3 / 39
Motivation
CPURegisters
L1 Cache
L2 Cache
L3 Cache
Main Memory
Disk Storage
4 / 39
Motivation
CPURegisters
L1 Cache
L2 Cache
L3 Cache
Main Memory
Disk Storage
CPU
4 / 39
Motivation
CPURegisters
L1 Cache
L2 Cache
L3 Cache
Main Memory
Disk Storage
MMU
4 / 39
AES
▶ Advanced Encryption Standard
▶ Software implementations use T-tables
▶ T[pi ⊕ ki]
▶ Indices are key-dependent
▶ Elements may be in main memory or the cache
5 / 39
PRIME + PROBE
An example of PRIME + PROBE against AES encryption
6 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-table
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
Eviction Set
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PRIME
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PRIME
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PRIME
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PRIME
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
Wait
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
Wait Encrypt
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
Wait
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PROBE
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PROBE
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PROBE
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PROBE
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PROBE
AES encrypt used another cache set
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
Eviction Set
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PRIME
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PRIME
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PRIME
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PRIME
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
Wait
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
Wait Encrypt
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
Wait
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PROBE
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PROBE
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PROBE
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PROBE
7 / 39
PRIME + PROBE
Cache Entries
Cache Sets
Cache AES T-tableAttacker
PROBE
AES encrypt used the same cache set
7 / 39
Defenses
Can we defend against cache attacks?
8 / 39
Defenses
Cache Entries
Cache SetsCache
Way Partitioning
Victim
Attacker
9 / 39
Defenses
Cache Entries
Cache SetsCache
Set Partitioning
Victim
Attacker
9 / 39
Page coloring
How does page coloring work?
10 / 39
Page coloring
Cache Entries
Cache Sets
Cache
11 / 39
Page coloring
Cache Entries
Cache Sets
Cache
11 / 39
Page coloring
Cache Entries
Cache Sets
Cache
11 / 39
Page coloring
Cache Entries
Cache Sets
Cache
11 / 39
Page coloring
Cache Entries
Cache Sets
Cache
11 / 39
Page coloring
Cache Entries
Cache Sets
Cache
Attacker
11 / 39
Page coloring
Cache Entries
Cache Sets
Cache
Attacker
Victim
11 / 39
Page coloring
The victim and the attacker are nicely isolated.
12 / 39
Page coloring
Cache Entries
Cache Sets
Cache
Pages
The attacker can only allocate red pages
13 / 39
Page coloring
Cache Entries
Cache Sets
Cache
Pages
However, the page tables aren't colored
Page Tables
13 / 39
Page coloring
Cache Entries
Cache Sets
Cache
Pages
However, the page tables aren't colored
Page Tables
13 / 39
Page coloring
Cache Entries
Cache Sets
Cache
Pages
However, the page tables aren't colored
Page Tables
13 / 39
Page coloring
Cache Entries
Cache Sets
Cache
Pages
However, the page tables aren't colored
Page Tables
13 / 39
Page coloring
Cache Entries
Cache Sets
Cache
Pages
However, the page tables aren't colored
Page Tables
13 / 39
Page coloring
Cache Entries
Cache Sets
Cache
Pages
Can we control the page tables for cache attacks?
Page Tables
13 / 39
XLATE attacks
▶ Memory Management Unit (MMU)
▶ Translates virtual addresses into their physical counterparts
▶ Hence translate or XLATE attacks
▶ XLATE + PROBE caches page tables instead of pages
14 / 39
Page table walks
How does the MMU perform page table walks?
15 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
Virtual Address0x1fafe7fbf000
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
Virtual Address0x1fafe7fbf000
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
CR3
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
PML4
CR3
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
PML4
CR3 PML4E
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
PML4 PDPT
CR3 PML4E
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
PML4 PDPT
CR3 PML4E
PDPTE
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
PML4 PDPT Page Directory
CR3 PML4E
PDPTE
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
PML4 PDPT Page Directory
CR3 PML4E
PDPTE
PDE
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Page Table
Virtual Address0x1fafe7fbf000
PML4 PDPT Page Directory
CR3 PML4E
PDPTE
PDE
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Page Table
Virtual Address0x1fafe7fbf000
PML4 PDPT Page Directory
CR3 PML4E
PDPTE
PDE
PTE
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Page Table
Virtual Address0x1fafe7fbf000
PML4 PDPT Page Directory
CR3 PML4E
PDPTE
PDE
PTE
Physical Address
Cache Entries
Cache Sets
Cache
16 / 39
Page table walks
What do we need for XLATE + PROBE?
17 / 39
Challenges
7 Avoid noise from high-level page tables
7 Avoid noise from pages
7 Build eviction sets
18 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
Virtual Address0x1fafe7fbf000
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
Virtual Address0x1fafe7fbf000
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
CR3
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
PML4
CR3
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
PML4
CR3 PML4E
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
PML4 PDPT
CR3 PML4E
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
PML4 PDPT
CR3 PML4E
PDPTE
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
PML4 PDPT Page Directory
CR3 PML4E
PDPTE
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Virtual Address0x1fafe7fbf000
PML4 PDPT Page Directory
CR3 PML4E
PDPTE
PDE
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Page Table
Virtual Address0x1fafe7fbf000
PML4 PDPT Page Directory
CR3 PML4E
PDPTE
PDE
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Page Table
Virtual Address0x1fafe7fbf000
PML4 PDPT Page Directory
CR3 PML4E
PDPTE
PDE63 191 319
Translation Cache
Translation caches cache intermediate page tables
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Page Table
Virtual Address0x1fafe7fbf000
PML4 PDPT Page Directory
CR3 PML4E
PDPTE
PDE
PTE63 191 319
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 447
Page Table
Virtual Address0x1fafe7fbf000
PML4 PDPT Page Directory
CR3 PML4E
PDPTE
PDE
PTE
Physical Address
63 191 319
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
Virtual Address0x1fafe7fb8000
63 191 319
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 440
Virtual Address0x1fafe7fb8000
63 191 319
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 440
Virtual Address0x1fafe7fb8000
63 191 319
Translation Cache
Translation caches cache intermediate page tables
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 440
Virtual Address0x1fafe7fb8000
63 191 319
Translation Cache
Translation caches cache intermediate page tables
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 440
Page Table
Virtual Address0x1fafe7fb8000
63 191 319
Translation Cache
Translation caches cache intermediate page tables
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 440
Page Table
Virtual Address0x1fafe7fb8000
PTE63 191 319
Translation Cache
19 / 39
Translation Caches
page offset (12-bit)page table indices (36-bit)
63 191 319 440
Page Table
Virtual Address0x1fafe7fb8000
PTE
Physical Address
63 191 319
Translation Cache
19 / 39
Translation Caches
Some properties of translation caches are undocumented
How do we reverse engineer them?
20 / 39
Translation Caches
Some properties of translation caches are undocumented
How do we reverse engineer them?
20 / 39
Translation Caches
Translation Cache
Virtual Address0x1fafe7e00000
page offset (12-bit)page table indices (36-bit)
63 191 319 0
MMU
21 / 39
Translation Caches
Translation Cache
Virtual Address0x1fafe7e00000
page offset (12-bit)page table indices (36-bit)
63 191 319 0
MMU
Load into translation cache
21 / 39
Translation Caches
63 191 319
Translation Cache
Virtual Address0x1fafe7e00000
page offset (12-bit)page table indices (36-bit)
63 191 319 0
MMU
Physical Address
Load into translation cache
21 / 39
Translation Caches
63 191 319
Translation Cache
Virtual Address0x1fafe7e00000
page offset (12-bit)page table indices (36-bit)
63 191 319 0
MMU
Physical Address
Perform n page table walks
21 / 39
Translation Caches
Translation Cache
Virtual Address0x1fafe8000000
page offset (12-bit)page table indices (36-bit)
63 191 320 0
MMU
63 191 319
Perform n page table walks
21 / 39
Translation Caches
Translation Cache
page offset (12-bit)page table indices (36-bit)
63 191 320 0
MMU
Physical Address
63 191 320
Virtual Address0x1fafe8000000
63 191 319
Perform n page table walks
21 / 39
Translation Caches
Translation Cache
Virtual Address0x1fafe8200000
page offset (12-bit)page table indices (36-bit)
63 191 321 0
MMU
63 191 319
Perform n page table walks
63 191 320
21 / 39
Translation Caches
Translation Cache
page offset (12-bit)page table indices (36-bit)
63 191 321 0
MMU
Physical Address
63 191 320
Virtual Address0x1fafe8200000
63 191 319
Perform n page table walks
63 191 321
21 / 39
Translation Caches
Reload the target
63 191 319
Translation Cache
Virtual Address0x1fafe7e00000
page offset (12-bit)page table indices (36-bit)
63 191 319 0
MMU63 191 320
63 191 321
21 / 39
Translation Caches
The page table entry is still cached
63 191 319
Translation Cache
Virtual Address0x1fafe7e00000
page offset (12-bit)page table indices (36-bit)
63 191 319 0
MMU
Physical Address
63 191 320
63 191 321
21 / 39
Translation Caches
63 191 319
Translation Cache
Virtual Address0x1fafe7e00000
page offset (12-bit)page table indices (36-bit)
63 191 319 0
MMU
Physical Address
Perform n page table walks
21 / 39
Translation Caches
Translation Cache
Virtual Address0x1fafe8000000
page offset (12-bit)page table indices (36-bit)
63 191 320 0
MMU
63 191 319
Perform n page table walks
21 / 39
Translation Caches
Translation Cache
page offset (12-bit)page table indices (36-bit)
63 191 320 0
MMU
Physical Address
63 191 320
Virtual Address0x1fafe8000000
63 191 319
Perform n page table walks
21 / 39
Translation Caches
Translation Cache
Virtual Address0x1fafe8200000
page offset (12-bit)page table indices (36-bit)
63 191 321 0
MMU
63 191 319
Perform n page table walks
63 191 320
21 / 39
Translation Caches
Translation Cache
page offset (12-bit)page table indices (36-bit)
63 191 321 0
MMU
Physical Address
63 191 320
Virtual Address0x1fafe8200000
63 191 319
Perform n page table walks
63 191 321
21 / 39
Translation Caches
Translation Cache
Virtual Address0x1fafe8400000
page offset (12-bit)page table indices (36-bit)
63 191 322 0
MMU
63 191 319
Perform n page table walks
63 191 320
63 191 321
21 / 39
Translation Caches
Translation Cache
page offset (12-bit)page table indices (36-bit)
63 191 322 0
MMU
Physical Address
63 191 320
Virtual Address0x1fafe8400000
63 191 319
Perform n page table walks
63 191 322
63 191 321
21 / 39
Translation Caches
Translation Cache
Virtual Address0x1fafe8600000
page offset (12-bit)page table indices (36-bit)
63 191 323 0
MMU
63 191 319
Perform n page table walks
63 191 320
63 191 321
63 191 322
21 / 39
Translation Caches
Translation Cache
page offset (12-bit)page table indices (36-bit)
63 191 323 0
MMU
Physical Address
63 191 320
Virtual Address0x1fafe8600000
63 191 322
Perform n page table walks
63 191 322
63 191 321
63 191 323
21 / 39
Translation Caches
Reload the target
63 191 323
Translation Cache
Virtual Address0x1fafe7e00000
page offset (12-bit)page table indices (36-bit)
63 191 319 0
MMU63 191 320
63 191 321
63 191 322
21 / 39
Translation Caches
Perform full page table walk
Translation Cache
Virtual Address0x1fafe7e00000
page offset (12-bit)page table indices (36-bit)
63 191 319 0
MMU
Physical Address
63 191 323
63 191 320
63 191 321
63 191 322
21 / 39
Translation CachesCaches TLBs Translation Caches
CPU Year
L1d
L2 L3 4Kpa
ges
2Mpa
ges
1Gpa
ges
PML2
E
PML3
E
PML4
E
Time
Intel Core i7-7500U (Kaby Lake) @ 2.70GHz 2016 32K 256K 4M 1600 32 20 24-32 3-4 0 5m49sIntel Core m3-6Y30 (Skylake) @ 0.90GHz 2015 32K 256K 4M 1600 32 20 24 3-4 0 6m01sIntel Xeon E3-1240 v5 (Skylake) @ 3.50GHz 2015 32K 256K 8M 1600 32 20 24 3-4 0 3m08sIntel Core i7-6700K (Skylake) @ 4.00GHz 2015 32K 256K 8M 1600 32 20 24 3-4 0 3m41sIntel Celeron N2840 (Silvermont) @ 2.16GHz 2014 24K 1M N/A 128 16 N/A 12-16 0 0 52sIntel Core i7-4500U (Haswell) @ 1.80GHz 2013 32K 256K 4M 1088 32 4 24 3-4 0 2m53Intel Core i7-3632QM (Ivy Bridge) @ 2.20GHz 2012 32K 256K 6M 576 32 4 24-32 3 0 3m05sIntel Core i7-2620QM (Sandy Bridge) @ 2.00GHz 2011 32K 256K 6M 576 32 4 24 2-4 0 3m11sIntel Core i5 M480 (Westmere) @ 2.67GHz 2010 32K 256K 3M 576 32 N/A 24-32 2-6 0 2m44sIntel Core i7 920 (Nehalem) @ 2.67GHz 2008 32K 256K 8M 576 32 N/A 24-32 3 0 4m26sAMD Ryzen 7 1700 8-Core (Zen) @ 3.3GHz 2017 32K 512K 16M 1600 1600 64 0 64 0 13m16sAMD Ryzen 5 1600X 6-Core (Zen) @ 3.6GHz 2017 32K 512K 16M 1600 1600 64 0 64 16 30m50sAMD FX-8350 8-Core (Piledriver) @ 4.0GHz 2012 64K 2M 8M 1088 1088 1088 0 0 0 2m50sAMD FX-8320 8-Core (Piledriver) @ 3.5GHz 2012 64K 2M 8M 1088 1088 1088 0 0 0 2m47sAMD FX-8120 8-Core (Bulldozer) @ 3.4GHz 2011 16K 2M 8M 1056 1056 1056 0 0 0 2m33sAMD Athlon II 640 X4 (K10) @ 3.0GHz 2010 64K 512K N/A 560 176 N/A 24 0 0 7m50sAMD E-350 (Bobcat) @ 1.6GHz 2010 32K 512K N/A 552 8-12 N/A 8-12 0 0 5m38sAMD Phenom 9550 4-Core (K10) @ 2.2GHz 2008 64K 512K 2M 560 176 48 24 0 0 6m52sRockchip RK3399 (ARM Cortex A72) @ 2.0GHz 2017 32K 1M N/A 544 512 N/A 16 6 N/A 17m49sRockchip RK3399 (ARM Cortex A53) @ 1.4GHz 2017 32K 512K N/A 522 512 N/A 64 0 N/A 7m06sAllwinner A64 (ARM Cortex A53) @ 1.2GHz 2016 32K 512K N/A 522 512 N/A 64 0 N/A 52m26sSamsung Exynos 5800 (ARM Cortex A15) @ 2.1GHz 2014 32K 2M N/A 544 512 N/A 16 0 N/A 13m28sNvidia Tegra K1 CD580M-A1 (ARM Cortex A15) @ 2.3GHz 2014 32K 2M N/A 544 512 N/A 16 0 N/A 24m19sNvidia Tegra K1 CD570M-A1 (ARM Cortex A15; LPAE) @ 2.1GHz 2014 32K 2M N/A 544 512 N/A 16 0 N/A 6m35sSamsung Exynos 5800 (ARM Cortex A7) @ 1.3GHz 2014 32K 512K N/A 266 256 N/A 64 0 N/A 17m42sSamsung Exynos 5250 (ARM Cortex A15) @ 1.7GHz 2012 32K 1M N/A 544 512 N/A 16 0 N/A 6m46s
22 / 39
Translation Caches
Translation caches are widely available on Intel, AMD and ARM
23 / 39
Translation Caches
Cache Entries
Cache Sets
Cache
Pages
Page Tables
24 / 39
Translation Caches
Cache Entries
Cache Sets
Cache
Pages
Translation caches skip page table walks
Page Tables
Translation Cache
24 / 39
Challenges
3 Avoid noise from high-level page tables
7 Avoid noise from pages
7 Build eviction sets
25 / 39
Shared Memory
Cache Entries
Cache Sets
Cache
Pages
Page Tables
Translation Cache
26 / 39
Shared Memory
Cache Entries
Cache Sets
Cache
Shared Page
Use shared memory to reduce noise
Page Tables
Translation Cache
26 / 39
Challenges
3 Avoid noise from high-level page tables
3 Avoid noise from pages
7 Build eviction sets
27 / 39
Building Eviction Sets
”The Spy in the Sandbox: Practical Cache Attacks in JavaScript andtheir Implications” - Oren et al.
28 / 39
Building Eviction Sets
Cache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Allocate pagesCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Allocate pagesCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Allocate pagesCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Allocate pagesCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Allocate pagesCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Allocate pagesCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Allocate pagesCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Draw targetCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Draw targetCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Load target into cacheCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Draw pages and try to evict the targetCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Draw pages and try to evict the targetCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Draw pages and try to evict the targetCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Draw pages and try to evict the targetCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Draw pages and try to evict the targetCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Draw pages and try to evict the targetCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Draw pages and try to evict the targetCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Draw pages and try to evict the targetCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Draw pages and try to evict the targetCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Found an eviction setCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Optimize the eviction setCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Optimize the eviction setCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Optimize the eviction setCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Optimize the eviction setCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Optimize the eviction setCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Optimize the eviction setCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Optimal eviction set foundCache Entries
Cache Sets
Cache
29 / 39
Building Eviction Sets
Filter red pagesCache Entries
Cache Sets
29 / 39
Building Eviction SetsCache Sets
Cache
Filter red pagesCache Entries
29 / 39
Building Eviction Sets
This technique can also be applied to page tables
30 / 39
Challenges
3 Avoid noise from high-level page tables
3 Avoid noise from pages
3 Build eviction sets
31 / 39
XLATE + PROBE
It’s time for the big picture.
32 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page TablesXLATE
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
XLATE
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
XLATE
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
XLATE
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
XLATE
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
XLATE
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
XLATE
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
Wait
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
WaitEncrypt
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
Wait
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
Wait
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
Wait
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
PROBE
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
PROBE
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
PROBE
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
PROBE
33 / 39
XLATE + PROBE
Cache Entries
Cache SetsCache AES T-tableAttacker
Eviction Set Page Tables
MMU
PROBE AES encrypt used the same cache set
33 / 39
Evaluation
Evaluation
34 / 39
Evaluation
▶ Reliability
▶ Effectiveness
▶ Cache defenses
35 / 39
Reliability
FLUSH+
RELOAD
FLUSH+
FLUSH
PRIME
+PROBE
XLATE+
PROBE102
103
104
105
Ban
dwid
th(b
ytes
/sec
)
FLUSH+
RELOAD
FLUSH+
FLUSH
PRIME
+PROBE
XLATE+
PROBE101
102
103
104
Bit
erro
rs(b
its/s
ec)
Cross-Thread (correct)Cross-Thread (raw)Cross-Core (correct)Cross-Core (raw)
XLATE attacks are practical
36 / 39
Reliability
FLUSH+
RELOAD
FLUSH+
FLUSH
PRIME
+PROBE
XLATE+
PROBE102
103
104
105
Ban
dwid
th(b
ytes
/sec
)
FLUSH+
RELOAD
FLUSH+
FLUSH
PRIME
+PROBE
XLATE+
PROBE101
102
103
104
Bit
erro
rs(b
its/s
ec)
Cross-Thread (correct)Cross-Thread (raw)Cross-Core (correct)Cross-Core (raw)
XLATE attacks are practical36 / 39
Effectiveness
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
FLUSH + RELOAD
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
PRIME + PROBE
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
PRIME + ABORT
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
FLUSH + FLUSH
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
XLATE + PROBE
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
XLATE + ABORT
XLATE + PROBE is effective against AES T-tables
37 / 39
Effectiveness
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
FLUSH + RELOAD
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
PRIME + PROBE
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
PRIME + ABORT
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
FLUSH + FLUSH
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
XLATE + PROBE
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
XLATE + ABORT
XLATE + PROBE is effective against AES T-tables37 / 39
Cache Defenses
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
PRIME + PROBE (coloring)
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
XLATE + PROBE (coloring)
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
PRIME + PROBE (ways)
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
XLATE + PROBE (ways)
XLATE + PROBE bypasses set and way partitioning
38 / 39
Cache Defenses
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
PRIME + PROBE (coloring)
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
XLATE + PROBE (coloring)
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
PRIME + PROBE (ways)
0 32 64 96 128
160
192
224
256
p[0]
0x1584c0
0x158500
0x158540
0x158580
0x1585c0
0x158600
0x158640
0x158680
0x1586c0
Te0
offs
et
XLATE + PROBE (ways)
XLATE + PROBE bypasses set and way partitioning38 / 39
Conclusions
▶ New family of cache attacks: Xlate
▶ Indirect cache attacks are practical
▶ Reconsider existing cache defenses
▶ https://vusec.net/projects/xlate
39 / 39
