Attack Directories on ARM big.LITTLE Processors

2022 IEEE/ACM International Conference On Computer Aided Design (ICCAD) Pub Date : 2022-10-29 DOI:10.1145/3508352.3549340

Zili Kou, Sharad Sinha, Wenjian He, W. Zhang

{"title":"Attack Directories on ARM big.LITTLE Processors","authors":"Zili Kou, Sharad Sinha, Wenjian He, W. Zhang","doi":"10.1145/3508352.3549340","DOIUrl":null,"url":null,"abstract":"Eviction-based cache side-channel attacks take advantage of inclusive cache hierarchies and shared cache hardware. Processors with the template ARM big.LITTLE architecture do not guarantee such preconditions and therefore will not usually allow cross-core attacks let alone cross-cluster attacks. This work reveals a new side-channel based on the snoop filter (SF), an unexplored directory structure embedded in template ARM big.LITTLE processors. Our systematic reverse engineering unveils the undocumented structure and property of the SF, and we successfully utilize it to bootstrap cross-core and cross-cluster cache eviction. We demonstrate a comprehensive methodology to exploit the SF side-channel, including the construction of eviction sets, the covert channel, and attacks against RSA and AES. When attacking TrustZone, we conduct an interrupt-based side-channel attack to extract the key of RSA by a single profiling trace, despite the strict cache clean defense. Supported by detailed experiments, the SF side-channel not only achieves competitive performance but also overcomes the main challenge of cache side-channel attacks on ARM big.LITTLE processors.","PeriodicalId":270592,"journal":{"name":"2022 IEEE/ACM International Conference On Computer Aided Design (ICCAD)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE/ACM International Conference On Computer Aided Design (ICCAD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3508352.3549340","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Eviction-based cache side-channel attacks take advantage of inclusive cache hierarchies and shared cache hardware. Processors with the template ARM big.LITTLE architecture do not guarantee such preconditions and therefore will not usually allow cross-core attacks let alone cross-cluster attacks. This work reveals a new side-channel based on the snoop filter (SF), an unexplored directory structure embedded in template ARM big.LITTLE processors. Our systematic reverse engineering unveils the undocumented structure and property of the SF, and we successfully utilize it to bootstrap cross-core and cross-cluster cache eviction. We demonstrate a comprehensive methodology to exploit the SF side-channel, including the construction of eviction sets, the covert channel, and attacks against RSA and AES. When attacking TrustZone, we conduct an interrupt-based side-channel attack to extract the key of RSA by a single profiling trace, despite the strict cache clean defense. Supported by detailed experiments, the SF side-channel not only achieves competitive performance but also overcomes the main challenge of cache side-channel attacks on ARM big.LITTLE processors.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

攻击目录对ARM大。小的处理器

基于驱逐的缓存侧通道攻击利用了包容性缓存层次结构和共享缓存硬件。处理器用ARM大的模板。LITTLE架构不保证这样的前提条件，因此通常不允许跨核心攻击，更不用说跨集群攻击了。这项工作揭示了一个基于snoop过滤器(SF)的新侧信道，这是一个未开发的目录结构，嵌入在模板ARM big中。小的处理器。我们的系统逆向工程揭示了SF的文档结构和特性，并成功地利用它来引导跨核和跨集群的缓存清除。我们展示了一种利用SF侧信道的综合方法，包括驱逐集的构建，隐蔽信道以及对RSA和AES的攻击。在攻击TrustZone时，我们进行了基于中断的侧信道攻击，通过单个分析跟踪提取RSA密钥，尽管有严格的缓存清理防御。在详细的实验支持下，SF侧信道不仅达到了具有竞争力的性能，而且克服了ARM大缓存侧信道攻击的主要挑战。小的处理器。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2022 IEEE/ACM International Conference On Computer Aided Design (ICCAD)

自引率

0.00%

发文量