Performing Cache Timing Attacks from the Reconfigurable Part of a Heterogeneous SoC—An Experimental Study

Performing Cache Timing Attacks from the Reconfigurable Part of a Heterogeneous SoC—An Experimental Study

Cache attacks are widespread on microprocessors and multi-processor system-on-chips but have not yet spread to heterogeneous systems-on-chip such as SoC-FPGA that are found in increasing numbers of applications on servers or in the cloud. This type of SoC has two parts: a processing system that incl...

Full description

Bibliographic Details
Main Authors: Lilian Bossuet, El Mehdi Benhani
Format: Article
Language:English
Published: MDPI AG 2021-07-01
Series:Applied Sciences
Subjects:
cache timing analysis
side-channel attack
covert channel
heterogeneous SoC security
Online Access:https://www.mdpi.com/2076-3417/11/14/6662
id doaj-65193e6e7f164854939db2404a7e75b7
record_format Article
spelling doaj-65193e6e7f164854939db2404a7e75b72021-07-23T13:30:24ZengMDPI AGApplied Sciences2076-34172021-07-01116662666210.3390/app11146662Performing Cache Timing Attacks from the Reconfigurable Part of a Heterogeneous SoC—An Experimental StudyLilian Bossuet0El Mehdi Benhani1Laboratoire Hubert Curien UMR 5516, CNRS, Jean Monnet University, 42000 Saint-Etienne, FranceLaboratoire Hubert Curien UMR 5516, CNRS, Jean Monnet University, 42000 Saint-Etienne, FranceCache attacks are widespread on microprocessors and multi-processor system-on-chips but have not yet spread to heterogeneous systems-on-chip such as SoC-FPGA that are found in increasing numbers of applications on servers or in the cloud. This type of SoC has two parts: a processing system that includes hard components and ARM processor cores and a programmable logic part that includes logic gates to be used to implement custom designs. The two parts communicate via memory-mapped interfaces. One of these interfaces is the accelerator coherency port that provides optional cache coherency between the two parts. In this paper, we discuss the practicability and potential threat of inside-SoC cache attacks using the cache coherency mechanism of a complex heterogeneous SoC-FPGA. We provide proof of two cache timing attacks <i>Flush+Reload</i> and <i>Evict+Time</i> when SoC-FPGA is targeted, and proof of hidden communication using a cache-based covert channel. The heterogeneous SoC-FPGA Xilinx Zynq-7010 is used as an experimental target.https://www.mdpi.com/2076-3417/11/14/6662cache timing analysisside-channel attackcovert channelheterogeneous SoC security
collection DOAJ
language English
format Article
sources DOAJ
author Lilian Bossuet
El Mehdi Benhani
spellingShingle Lilian Bossuet
El Mehdi Benhani
Performing Cache Timing Attacks from the Reconfigurable Part of a Heterogeneous SoC—An Experimental Study
Applied Sciences
cache timing analysis
side-channel attack
covert channel
heterogeneous SoC security
author_facet Lilian Bossuet
El Mehdi Benhani
author_sort Lilian Bossuet
title Performing Cache Timing Attacks from the Reconfigurable Part of a Heterogeneous SoC—An Experimental Study
title_short Performing Cache Timing Attacks from the Reconfigurable Part of a Heterogeneous SoC—An Experimental Study
title_full Performing Cache Timing Attacks from the Reconfigurable Part of a Heterogeneous SoC—An Experimental Study
title_fullStr Performing Cache Timing Attacks from the Reconfigurable Part of a Heterogeneous SoC—An Experimental Study
title_full_unstemmed Performing Cache Timing Attacks from the Reconfigurable Part of a Heterogeneous SoC—An Experimental Study
title_sort performing cache timing attacks from the reconfigurable part of a heterogeneous soc—an experimental study
publisher MDPI AG
series Applied Sciences
issn 2076-3417
publishDate 2021-07-01
description Cache attacks are widespread on microprocessors and multi-processor system-on-chips but have not yet spread to heterogeneous systems-on-chip such as SoC-FPGA that are found in increasing numbers of applications on servers or in the cloud. This type of SoC has two parts: a processing system that includes hard components and ARM processor cores and a programmable logic part that includes logic gates to be used to implement custom designs. The two parts communicate via memory-mapped interfaces. One of these interfaces is the accelerator coherency port that provides optional cache coherency between the two parts. In this paper, we discuss the practicability and potential threat of inside-SoC cache attacks using the cache coherency mechanism of a complex heterogeneous SoC-FPGA. We provide proof of two cache timing attacks <i>Flush+Reload</i> and <i>Evict+Time</i> when SoC-FPGA is targeted, and proof of hidden communication using a cache-based covert channel. The heterogeneous SoC-FPGA Xilinx Zynq-7010 is used as an experimental target.
topic cache timing analysis
side-channel attack
covert channel
heterogeneous SoC security
url https://www.mdpi.com/2076-3417/11/14/6662
work_keys_str_mv AT lilianbossuet performingcachetimingattacksfromthereconfigurablepartofaheterogeneoussocanexperimentalstudy
AT elmehdibenhani performingcachetimingattacksfromthereconfigurablepartofaheterogeneoussocanexperimentalstudy
_version_ 1721289422469595136

Similar Items