Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Fair Cache Sharing and Partitioning in a Chip Multiprocessor Architecture
Proceedings of the 13th International Conference on Parallel Architectures and Compilation Techniques
Covert and Side Channels Due to Processor Architecture
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
New cache designs for thwarting software cache-based side channel attacks
Proceedings of the 34th annual international symposium on Computer architecture
Memory performance attacks: denial of memory service in multi-core systems
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Deconstructing new cache designs for thwarting software cache-based side channel attacks
Proceedings of the 2nd ACM workshop on Computer security architectures
A novel cache architecture with enhanced performance and security
Proceedings of the 41st annual IEEE/ACM International Symposium on Microarchitecture
Practical Mitigations for Timing-Based Side-Channel Attacks on Modern x86 Processors
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Proceedings of the 16th ACM conference on Computer and communications security
Resource management for isolation enhanced cloud services
Proceedings of the 2009 ACM workshop on Cloud computing security
Efficient Cache Attacks on AES, and Countermeasures
Journal of Cryptology
AESSE: a cold-boot resistant implementation of AES
Proceedings of the Third European Workshop on System Security
Advances on access-driven cache attacks on AES
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Determinating timing channels in compute clouds
Proceedings of the 2010 ACM workshop on Cloud computing security workshop
Memory deduplication as a threat to the guest OS
Proceedings of the Fourth European Workshop on System Security
HomeAlone: Co-residency Detection in the Cloud via Side-Channel Analysis
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
An exploration of L2 cache covert channels in virtualized environments
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Home is safer than the cloud!: privacy concerns for consumer cloud storage
Proceedings of the Seventh Symposium on Usable Privacy and Security
Non-monopolizable caches: Low-complexity mitigation of cache side channel attacks
ACM Transactions on Architecture and Code Optimization (TACO) - HIPEAC Papers
Cache-collision timing attacks against AES
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Cache attacks and countermeasures: the case of AES
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Cache based remote timing attack on the AES
CT-RSA'07 Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology
Düppel: retrofitting commodity operating systems to mitigate cache side channels in the cloud
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
CacheAudit: a tool for the static analysis of cache side channels
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
Cloud services are rapidly gaining adoption due to the promises of cost efficiency, availability, and on-demand scaling. To achieve these promises, cloud providers share physical resources to support multi-tenancy of cloud platforms. However, the possibility of sharing the same hardware with potential attackers makes users reluctant to offload sensitive data into the cloud. Worse yet, researchers have demonstrated side channel attacks via shared memory caches to break full encryption keys of AES, DES, and RSA. We present STEALTHMEM, a system-level protection mechanism against cache-based side channel attacks in the cloud. STEALTHMEM manages a set of locked cache lines per core, which are never evicted from the cache, and efficiently multiplexes them so that each VM can load its own sensitive data into the locked cache lines. Thus, any VM can hide memory access patterns on confidential data from other VMs. Unlike existing state-of-the-art mitigation methods, STEALTHMEM works with existing commodity hardware and does not require profound changes to application software. We also present a novel idea and prototype for isolating cache lines while fully utilizing memory by exploiting architectural properties of set-associative caches. STEALTHMEM imposes 5.9% of performance overhead on the SPEC 2006 CPU benchmark, and between 2% and 5% overhead on secured AES, DES and Blowfish, requiring only between 3 and 34 lines of code changes from the original implementations.