TimeWarp
- 5 September 2012
- journal article
- conference paper
- Published by Association for Computing Machinery (ACM) in ACM SIGARCH Computer Architecture News
- Vol. 40 (3), 118-129
- https://doi.org/10.1145/2366231.2337173
Abstract
Over the past two decades, several microarchitectural side channels have been exploited to create sophisticated security attacks. Solutions to this problem have mainly focused on fixing the source of leaks either by limiting the flow of information through the side channel by modifying hardware, or by refactoring vulnerable software to protect sensitive data from leaking. These solutions are reactive and not preventative: while the modifications may protect against a single attack, they do nothing to prevent future side channel attacks that exploit other microarchitectural side channels or exploit the same side channel in a novel way. In this paper we present a general mitigation strategy that focuses on the infrastructure used to measure side channel leaks rather than the source of leaks, and thus applies to all known and unknown microarchitectural side channel leaks. Our approach is to limit the fidelity of fine grain timekeeping and performance counters, making it difficult for an attacker to distinguish between different microarchitectural events, thus thwarting attacks. We demonstrate the strength of our proposed security modifications, and validate that our changes do not break existing software. Our proposed changes require minor -- or in some cases, no -- hardware modifications and do not result in any substantial performance degradation, yet offer the most comprehensive protection against microarchitectural side channels to date.Keywords
This publication has 13 references indexed in Scilit:
- Eliminating fine grained timers in XenPublished by Association for Computing Machinery (ACM) ,2011
- Rapid identification of architectural bottlenecks via precise event countingACM SIGARCH Computer Architecture News, 2011
- Demand-driven software race detection using hardware performance countersACM SIGARCH Computer Architecture News, 2011
- Remote Cache Timing Attack on Advanced Encryption Standard and countermeasuresPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2010
- Hey, you, get off of my cloudPublished by Association for Computing Machinery (ACM) ,2009
- SigRaceACM SIGARCH Computer Architecture News, 2009
- Yet another MicroArchitectural Attack:Published by Association for Computing Machinery (ACM) ,2007
- New cache designs for thwarting software cache-based side channel attacksACM SIGARCH Computer Architecture News, 2007
- Cache Attacks and Countermeasures: The Case of AESLecture Notes in Computer Science, 2006
- An efficient cache-based access anomaly detection schemeACM SIGARCH Computer Architecture News, 1991