Efficient Cache Randomization for Security
The effectiveness of cache hierarchies, undeniably, is of crucial importance, since they essentially constitute the solution to the disparity between fast processors and high memory latency. Nevertheless, security developments spanning for more than the last decade, critically expose cache hierarchi...
| Main Author: | |
|---|---|
| Format: | Others |
| Language: | English |
| Published: |
Uppsala universitet, Institutionen för informationsteknologi
2019
|
| Subjects: | |
| Online Access: | http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-417725 |
| id |
ndltd-UPSALLA1-oai-DiVA.org-uu-417725 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-UPSALLA1-oai-DiVA.org-uu-4177252020-08-26T05:33:05ZEfficient Cache Randomization for SecurityengLoukas, VasileiosUppsala universitet, Institutionen för informationsteknologi2019Engineering and TechnologyTeknik och teknologierThe effectiveness of cache hierarchies, undeniably, is of crucial importance, since they essentially constitute the solution to the disparity between fast processors and high memory latency. Nevertheless, security developments spanning for more than the last decade, critically expose cache hierarchies' vulnerabilities, thus creating a need for counter-measures to take place. Through conflict-based attacks, the access pattern of a co-running application might be inferred, which in turn can be used to leak sensitive information from the application, such as encryption keys. Consequently, different ways of securing cache memories with respect to conflict- based attacks have emerged, ideally incurring neither large storage overhead nor requiring any Operating System support, yet providing both high performance and strong security. Prior work in the field has shown that a static encryption scheme is practically deemed insufficient, thus dynamic remapping policies have been introduced, so that the eviction sets form periodically, making it much harder for an adversary to recognize them. In this thesis project, a randomization technique that leverages the indexing function of a 3-level cache hierarchy (RASCAL) as well as a smooth dynamic remapping policy that further curates the performance gap introduced have been designed and implemented. The performance overhead incurred by our intervention on a typical cache hierarchy mechanism is identified, compared and contrasted to another two different remapping policies implemented, eventually exhibiting that it is feasible for a cache to be randomized and dynamically remapped at a sensible security-wise interval with a performance decrease of less than 1% in terms of miss ratio. Student thesisinfo:eu-repo/semantics/bachelorThesistexthttp://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-417725IT ; 19088application/pdfinfo:eu-repo/semantics/openAccess |
| collection |
NDLTD |
| language |
English |
| format |
Others
|
| sources |
NDLTD |
| topic |
Engineering and Technology Teknik och teknologier |
| spellingShingle |
Engineering and Technology Teknik och teknologier Loukas, Vasileios Efficient Cache Randomization for Security |
| description |
The effectiveness of cache hierarchies, undeniably, is of crucial importance, since they essentially constitute the solution to the disparity between fast processors and high memory latency. Nevertheless, security developments spanning for more than the last decade, critically expose cache hierarchies' vulnerabilities, thus creating a need for counter-measures to take place. Through conflict-based attacks, the access pattern of a co-running application might be inferred, which in turn can be used to leak sensitive information from the application, such as encryption keys. Consequently, different ways of securing cache memories with respect to conflict- based attacks have emerged, ideally incurring neither large storage overhead nor requiring any Operating System support, yet providing both high performance and strong security. Prior work in the field has shown that a static encryption scheme is practically deemed insufficient, thus dynamic remapping policies have been introduced, so that the eviction sets form periodically, making it much harder for an adversary to recognize them. In this thesis project, a randomization technique that leverages the indexing function of a 3-level cache hierarchy (RASCAL) as well as a smooth dynamic remapping policy that further curates the performance gap introduced have been designed and implemented. The performance overhead incurred by our intervention on a typical cache hierarchy mechanism is identified, compared and contrasted to another two different remapping policies implemented, eventually exhibiting that it is feasible for a cache to be randomized and dynamically remapped at a sensible security-wise interval with a performance decrease of less than 1% in terms of miss ratio. |
| author |
Loukas, Vasileios |
| author_facet |
Loukas, Vasileios |
| author_sort |
Loukas, Vasileios |
| title |
Efficient Cache Randomization for Security |
| title_short |
Efficient Cache Randomization for Security |
| title_full |
Efficient Cache Randomization for Security |
| title_fullStr |
Efficient Cache Randomization for Security |
| title_full_unstemmed |
Efficient Cache Randomization for Security |
| title_sort |
efficient cache randomization for security |
| publisher |
Uppsala universitet, Institutionen för informationsteknologi |
| publishDate |
2019 |
| url |
http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-417725 |
| work_keys_str_mv |
AT loukasvasileios efficientcacherandomizationforsecurity |
| _version_ |
1719338846570676224 |