Volcano: Stateless Cache Side-channel Attack by Exploiting Mesh Interconnect
Cache side-channel attacks lead to severe security threats to the settings that a CPU is shared across users, e.g., in the cloud. The existing attacks rely on sensing the micro-architectural state changes made by victims, and this assumption can be invalidated by combining spatial (\eg, Intel CAT) a...
Saved in:
Main Authors | , , , |
---|---|
Format | Journal Article |
Language | English |
Published |
07.03.2021
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Cache side-channel attacks lead to severe security threats to the settings
that a CPU is shared across users, e.g., in the cloud. The existing attacks
rely on sensing the micro-architectural state changes made by victims, and this
assumption can be invalidated by combining spatial (\eg, Intel CAT) and
temporal isolation (\eg, time protection). In this work, we advance the state
of cache side-channel attacks by showing stateless cache side-channel attacks
that cannot be defeated by both spatial and temporal isolation.
This side-channel exploits the timing difference resulted from interconnect
congestion. Specifically, to complete cache transactions, for Intel CPUs, cache
lines would travel across cores via the CPU mesh interconnect. Nonetheless, the
mesh links are shared by all cores, and cache isolation does not segregate the
traffic. An attacker can generate interconnect traffic to contend with the
victim's on a mesh link, hoping that extra delay will be measured. With the
variant delays, the attacker can deduce the memory access pattern of a victim
program, and infer its sensitive data. Based on this idea, we implement Volcano
and test it against the existing RSA implementations of JDK. We found the RSA
private key used by a victim process can be partially recovered. In the end, we
propose a few directions for defense and call for the attention of the security
community. |
---|---|
DOI: | 10.48550/arxiv.2103.04533 |