DABANGG: A Case for Noise Resilient Flush-Based Cache Attacks

Submitted by grigby1 on Fri, 03/03/2023 - 12:16pm

Title	DABANGG: A Case for Noise Resilient Flush-Based Cache Attacks
Publication Type	Conference Paper
Year of Publication	2022
Authors	Saxena, Anish, Panda, Biswabandan
Conference Name	2022 IEEE Security and Privacy Workshops (SPW)
Date Published	may
Keywords	calibration, compositionality, Dynamic Voltage & Frequency Scaling, human factors, iOS Security, Metrics, Multicore processing, privacy, pubcrawl, rendering (computer graphics), resilience, Resiliency, Runtime, security, side-channel attacks, Side-Channel Detectors, Voltage
Abstract	Flush-based cache attacks like Flush+Reload and Flush+Flush are highly precise and effective. Most of the flush-based attacks provide high accuracy in controlled and isolated environments where attacker and victim share OS pages. However, we observe that these attacks are prone to low accuracy on a noisy multi-core system with co-running applications. Two root causes for the varying accuracy of flush-based attacks are: (i) the dynamic nature of core frequencies that fluctuate depending on the system load, and (ii) the relative placement of victim and attacker threads in the processor, like same or different physical cores. These dynamic factors critically affect the execution latency of key instructions like clflush and mov, rendering the pre-attack calibration step ineffective.We propose DABANGG, a set of novel refinements to make flush-based attacks resilient to system noise by making them aware of frequency and thread placement. First, we introduce pre-attack calibration that is aware of instruction latency variation. Second, we use low-cost attack-time optimizations like fine-grained busy waiting and periodic feedback about the latency thresholds to improve the effectiveness of the attack. Finally, we provide victim-specific parameters that significantly improve the attack accuracy. We evaluate DABANGG-enabled Flush+Reload and Flush+Flush attacks against the standard attacks in side-channel and covert-channel experiments with varying levels of compute, memory, and IO-intensive system noise. In all scenarios, DABANGG+Flush+Reload and DABANGG+Flush+Flush outperform the standard attacks in stealth and accuracy.
Notes	ISSN: 2770-8411
DOI	10.1109/SPW54247.2022.9833897
Citation Key	saxena_dabangg_2022

Groups:

Science of Security VO