On-Demand Time Blurring to Support Side-Channel Defense

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10493)

Abstract

Side-channel attacks are a serious threat to multi-tenant public clouds. Past work showed how secret information in one virtual machine (VM) can be leaked to another, co-resident VM using timing side channels. Recent defenses against timing side channels focus on reducing the degree of resource sharing. However, such defenses necessarily limit the flexibility with which resources are shared. In this paper, we propose a technique that dynamically adjusts the granularity of platform time sources, to interfere with timing side-channel attacks. Our proposed technique supposes an interface by which a VM can request the temporary coarsening of platform time sources as seen by all VMs on the platform, which the hypervisor can effect since it virtualizes accesses to those timers. We show that the VM-Function (VMFUNC) mechanism provides a low-overhead such interface, thereby enabling applications to adjust timer granularity with minimal overhead. We present a proof-of-concept implementation using a Xen hypervisor running Linux-based VMs on a cloud server using commodity Intel processors and supporting adjustment of the timestamp-counter (TSC) granularity. We evaluate our implementation and show that our scheme mitigates timing side-channel attacks, while introducing negligible performance penalties.

Notes

Acknowledgment

This work was supported in part by NSF grant 1330599.

References

  1. 1.
    Intel 64 and IA-32 Architectures Software Developer’s Manual. http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html
  2. 2.
    Askarov, A., Zhang, D., Myers, A.C.: Predictive black-box mitigation of timing channels. In: 17th ACM Conference on Computer and Communications Security (2010)Google Scholar
  3. 3.
    Barresi, A., Razavi, K., Payer, M., Gross, T.R.: CAIN: silently breaking ASLR in the cloud. In: 9th USENIX Workshop on Offensive Technologies (2015)Google Scholar
  4. 4.
    Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh aah.. just a little bit”: a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75–92. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-44709-3_5Google Scholar
  5. 5.
    Chen, S., Zhang, X., Reiter, M.K., Zhang, Y.: Detecting privileged side-channel attacks in shielded execution with Déjá Vu. In: 12th ACM Asia Conference on Computer and Communications Security (2017)Google Scholar
  6. 6.
    Crane, S., Homescu, A., Brunthaler, S., Larsen, P., Franz, M.: Thwarting cache side-channel attacks through dynamic software diversity. In: ISOC Network and Distributed System Security Symposium (2015)Google Scholar
  7. 7.
    Domnitser, L., Jaleel, A., Loew, J., Abu-Ghazaleh, N., Ponomarev, D.: Non-monopolizable caches: low-complexity mitigation of cache side channel attacks. ACM Trans. Archit. Code Optim. 8(4), 35 (2012)CrossRefGoogle Scholar
  8. 8.
    Genkin, D., Pachmanov, L., Pipman, I., Tromer, E., Yarom, Y.: ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: 23rd ACM Conference on Computer and Communications Security (2016)Google Scholar
  9. 9.
    Gras, B., Razavi, K., Bosman, E., Bos, H., Giuffrida, C.: ASLR on the line: Practical cache attacks on the MMU. In ISOC Network and Distributed System Security Symposium (2017)Google Scholar
  10. 10.
    Gruss, D., Spreitzer, R., Mangard, S.: Cache template attacks: automating attacks on inclusive last-level caches. In: 24th USENIX Security Symposium (2015)Google Scholar
  11. 11.
    Gullasch, D., Bangerter, E., Krenn, S.: Cache games-bringing access-based cache attacks on AES to practice. In: 32nd IEEE Symposium Security and Privacy (2011)Google Scholar
  12. 12.
    Hu, W.-M.: Reducing timing channels with fuzzy time. J. Comput. Secur. 1(3–4), 233–254 (1992)CrossRefGoogle Scholar
  13. 13.
    Hund, R., Willems, C., Holz, T.: Practical timing side channel attacks against kernel space ASLR. In: 34th IEEE Symposium Security and Privacy (2013)Google Scholar
  14. 14.
    Inci, M.S., Gulmezoglu, B., Irazoqui, G., Eisenbarth, T., Sunar, B.: Seriously, get off my cloud! Cross-VM RSA key recovery in a public cloud. IACR Cryptology ePrint Archive, Report 2015/898 (2015)Google Scholar
  15. 15.
    Irazoqui, G., Eisenbarth, T., Sunar, B.: A shared cache attack that works across cores and defies VM sandboxing-and its application to AES. In: 36th IEEE Symposium Security and Privacy (2015)Google Scholar
  16. 16.
    Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Fine grain cross-VM attacks on Xen and VMware. In: 4th IEEE International Conference on Big Data and Cloud Computing (2014)Google Scholar
  17. 17.
    Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! A fast, cross-VM attack on AES. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 299–319. Springer, Cham (2014). doi: 10.1007/978-3-319-11379-1_15Google Scholar
  18. 18.
    Keramidas, G., Antonopoulos, A., Serpanos, D.N., Kaxiras, S.: Non deterministic caches: a simple and effective defense against side channel attacks. Des. Autom. Embed. Syst. 12(3), 221–230 (2008)CrossRefGoogle Scholar
  19. 19.
    Kim, T., Peinado, M., Mainar-Ruiz, G.: StealthMem: system-level protection against cache-based side channel attacks in the cloud. In: 21st USENIX Security Symposium (2012)Google Scholar
  20. 20.
    Könighofer, R.: A fast and cache-timing resistant implementation of the AES. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 187–202. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-79263-5_12CrossRefGoogle Scholar
  21. 21.
    Li, P., Gao, D., Reiter, M.K.: StopWatch: a cloud architecture for timing channel mitigation. ACM Trans. Inf. Syst. Secur. 17(2), 8 (2014)CrossRefGoogle Scholar
  22. 22.
    Liu, F., Ge, Q., Yarom, Y., Mckeen, F., Rozas, C., Heiser, G., Lee, R.B.: Catalyst: defeating last-level cache side channel attacks in cloud computing. In: 22nd International Symposium High Performance Computer Architecture (2016)Google Scholar
  23. 23.
    Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: 36th IEEE Symposium Security and Privacy (2015)Google Scholar
  24. 24.
    Liu, Y., Zhou, T., Chen, K., Chen, H., Xia, Y.: Thwarting memory disclosure with efficient hypervisor-enforced intra-domain isolation. In: 22nd ACM Conference on Computer and Communications Security (2015)Google Scholar
  25. 25.
    Martin, R., Demme, J., Sethumadhavan, S.: TimeWarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. In: 39th International Symposium on Computer Architecture (2012)Google Scholar
  26. 26.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006). doi: 10.1007/11605805_1CrossRefGoogle Scholar
  27. 27.
    Raj, H., Nathuji, R., Singh, A., England, P.: Resource management for isolation enhanced cloud services. In: 1st ACM Cloud Computing Security Workshop (2009)Google Scholar
  28. 28.
    Rane, A., Lin, C., Tiwari, M.: Raccoon: closing digital side-channels through obfuscated execution. In: 24th USENIX Security Symposium (2015)Google Scholar
  29. 29.
    Schwarz, M., Weiser, S., Gruss, D., Maurice, C., Mangard, S.: Malware guard extension: using SGX to conceal cache attacks. arXiv:1702.08719 (2017)
  30. 30.
    Shi, J., Song, X., Chen, H., Zang, B.: Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In: 41st IEEE/IFIP International Conference Dependable Systems and Networks (2011)Google Scholar
  31. 31.
    Stefan, D., Buiras, P., Yang, E.Z., Levy, A., Terei, D., Russo, A., Mazières, D.: Eliminating cache-based timing attacks with instruction-based scheduling. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 718–735. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40203-6_40CrossRefGoogle Scholar
  32. 32.
    Varadarajan, V., Ristenpart, T., Swift, M.: Scheduler-based defenses against cross-VM side-channels. In: 23rd USENIX Security Symposium (2014)Google Scholar
  33. 33.
    Vattikonda, B.C., Das, S., Shacham, H.: Eliminating fine grained timers in Xen. In: 3rd ACM Cloud Computing Security Workshop (2011)Google Scholar
  34. 34.
    Wang, Y., Ferraiuolo, A., Suh, G.E.: Timing channel protection for a shared memory controller. In: 20th International Symposium on High Performance Computer Architecture (2014)Google Scholar
  35. 35.
    Wang, Z., Lee, R.B.: New cache designs for thwarting software cache-based side channel attacks. In: 34th International Symposium on Computer Architecture (2007)Google Scholar
  36. 36.
    Wang, Z., Lee, R.B.: A novel cache architecture with enhanced performance and security. In: 41st IEEE/ACM International Symposium on Microarchitecture (2008)Google Scholar
  37. 37.
    Wray, J.C.: An analysis of covert timing channels. J. Comput. Secur. 1(3–4), 219–232 (1992)CrossRefGoogle Scholar
  38. 38.
    Wu, W., Zhai, E., Wolinsky, D.I., Ford, B., Gu, L., Jackowitz, D.: Warding off timing attacks in Deterland. In: Conference on Timely Results in Operating Systems (2015)Google Scholar
  39. 39.
    Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-bandwidth and reliable covert channel attacks inside the cloud. IEEE/ACM Trans. Netw. 23(2), 603–614 (2015)CrossRefGoogle Scholar
  40. 40.
    Yarom, Y., Falkner, K.: Flush+reload: a high resolution, low noise, L3 cache side-channel attack. In: 23rd USENIX Security Symposium (2014)Google Scholar
  41. 41.
    Zhang, D., Askarov, A., Myers, A.C.: Predictive mitigation of timing channels in interactive systems. In: 18th ACM Conference on Computer and Communications Security (2011)Google Scholar
  42. 42.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: 19th ACM Conference on Computer and Communications Security (2012)Google Scholar
  43. 43.
    Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-tenant side-channel attacks in PaaS clouds. In: 21st ACM Conference on Computer and Communications Security (2014)Google Scholar
  44. 44.
    Zhou, Z., Reiter, M.K., Zhang, Y.: A software approach to defeating side channels in last-level caches. In: 23rd ACM Conference on Computer and Communications Security (2016)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Computer SchoolWuhan UniversityWuhanChina
  2. 2.Singapore Management UniversitySingaporeSingapore
  3. 3.University of North CarolinaChapel HillUSA

Personalised recommendations