Side Channel Security Risks In Commodity Architectures

Benjamin James Gras

Research output: PhD ThesisPhD-Thesis - Research and graduation internal

69 Downloads (Pure)

Abstract

Computing system security is important for everyday functioning of society, among other things. We say that computing systems should preserve Confidentiality (your se- crets stay secret) and Integrity (if you store information, it should remain unchanged). Another fundamental security property is Availability (the systems you rely on should always be available for you to do work on our behalf), but this thesis doesn’t consider this aspect. It is common that people and organizations share computing resources with other people and organizations, ones that are not necessarily trusted. One example of that is cloud computing - a scenario where a single computer is used by many tenants at the same time. Tenants are isolated logically from each other by presenting each with a Virtual Machine (VM). It’s virtual because you can pretend it’s a real machine. But can you really? It is a previously-established fact that sharing computing resources concurrently can have unexpected side effects. In normal usage these effects are typically not noticed. Everything keeps working as if you are the only user, as computer hardware is extremely well verified to maintain semantic correctness, no matter what the usage patterns and no matter how many different users there are. However, subtle differences in how shared resources behave, even if they are presented as exclusive access to each tenant, can be observed, that depend on what the other tenant is doing. This is known as a side channel. The most popular example of this is the CPU cache. The cache is typically shared between all tenants on a computer system (or, in the case of multi-socket systems, those on the same CPU package, which is still a large fraction of the users on the same computer system). This phenomenon be exploited by a spying tenant by exercising corner cases in how such a resource is normally used, in a way that can lead to stealing secrets from another tenant. This is called a side channel attack. This thesis builds on research in this field and explores generalization in several different dimensions. This thesis finds that the classic way to exploit shared resources, the CPU Cache, also applies to other resources. We show successful, practical cryptographic key recovery from a single signal capture, even between Virtual Machines. We also show that, even if software is written to be very quiet in its footprint, the CPU can still touch items in the CPU Cache on the applications’ behalf, necessary for it to work, that betray some secrets. All Confidentiality violations are broadly similar to eachother in effect - when Confidentiality is violated, secrets are lost. Serious as this can be, we also find realistic examples of Integrity violations, and find that the repercussions are more complex and unpredictable, and not easy to summarize in a single category. We show that by violating Integrity, we can undermine the security of a system in 2 very different ways. One allows us to break in, the other allows us to bypass software update verification and get our own, malicious, software installed when a user upgrades software packages. There are many more possible examples of how undermining the security of a system can happen, just as invisibly as when secrets are stolen, when Integrity is violated. We finally show a generalization in method. We allow for an arbitrary software target to be analyzed to be coupled with an arbitrary CPU, with specific exploitable shared resources, and automatically allow side channel analysis to happen, by using black-box analysis and machine learning.
Original languageEnglish
QualificationPhD
Awarding Institution
  • Vrije Universiteit Amsterdam
Supervisors/Advisors
  • Bos, HJ, Supervisor
  • Giuffrida, C, Co-supervisor
Award date3 Jun 2022
Place of Publications.l.
Publisher
Print ISBNs9789464194890
Publication statusPublished - 3 Jun 2022

Keywords

  • cpu, microarchitecture, side channels, rowhammer, security

Fingerprint

Dive into the research topics of 'Side Channel Security Risks In Commodity Architectures'. Together they form a unique fingerprint.

Cite this