Explore a conference talk from CCS 2016 that delves into a software-based approach for mitigating side-channel attacks in last-level caches. Learn about the vulnerabilities of shared memory in cloud environments and the techniques used by attackers, such as Flush+Reload and Prime+Probe. Discover the innovative Copy-On-Access mechanism and its state transitions, as well as cacheability management strategies. Examine the security evaluations conducted for both Flush+Reload and Prime+Probe attacks, and understand the performance implications of the proposed solution on web servers and various operations. Gain insights into the challenges of memory sharing in PaaS cloud environments and the effectiveness of the CACHEBAR system in defending against cache-based side-channel attacks.
A Software Approach to Defeating Side Channels in Last-Level Caches
Association for Computing Machinery (ACM) via YouTube
Overview
Syllabus
Intro
Side-Channel Attacks in Clouds
Secret-Dependent Memory Access Patterns
Flush+Reload Attack: Shared Memory
Prime+Probe in LLC: Collision in Cache Set
Copy-On-Access [Flush-Reload]
State Transitions: Copy-On-Access
Cacheability Management Prime-Probel
Size of Queue
Assemble CACHEBAR Page Fault Trap
Memory Sharing in Paas Cloud?
Security Evaluation: Flush+Reload
Security Evaluation: Prime+Probe
Performance Overhead: Web Servers Client: Autobench
Performance Overhead: Operations
Conclusion
Taught by
ACM CCS
