ABSTRACT
Cache side-channel attacks have been extensively studied on x86 architectures, but much less so on ARM processors. The technical challenges to conduct side-channel attacks on ARM, presumably, stem from the poorly documented ARM cache implementations, such as cache coherence protocols and cache flush operations, and also the lack of understanding of how different cache implementations will affect side-channel attacks. This paper presents a systematic exploration of vectors for flush-reload attacks on ARM processors. flush-reload attacks are among the most well-known cache side-channel attacks on x86. It has been shown in previous work that they are capable of exfiltrating sensitive information with high fidelity. We demonstrate in this work a novel construction of flush-reload side channels on last-level caches of ARM processors, which, particularly, exploits return-oriented programming techniques to reload instructions. We also demonstrate several attacks on Android OS (e.g., detecting hardware events and tracing software execution paths) to highlight the implications of such attacks for Android devices.
- Android source code. https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/widget/Editor.java. Retrieved in May 2016.Google Scholar
- ARM architecture reference manual. http://infocenter.arm.com/. ARMv8, for ARMv8-A architecture profile, beta.Google Scholar
- ARM architecture reference manual. http://infocenter.arm.com/. ARMv7, for ARMv7-A architecture profile.Google Scholar
- ARM CoreLink CCI-400 Cache Coherent Interconnect Technical Reference Manual. http://infocenter.arm.com/. Revision: r1p5.Google Scholar
- ARM Cortex-A15 MPCore Processor. http://infocenter.arm.com/. Revision: r4p0.Google Scholar
- ARM Cortex-A57 MPCore Processor. http://infocenter.arm.com/. Revision: r1p3.Google Scholar
- Event codes. https://www.kernel.org/doc/Documentation/input/event-codes.txt. event codes - The Linux Kernel Archives.Google Scholar
- GDB documentation. http://www.gnu.org/software/gdb/documentation/.Google Scholar
- pagemap: do not leak physical addresses to non-privileged userspace. https://lwn.net/Articles/642074/. Retrieved in May 2016.Google Scholar
- Programmer's Guide for ARMv8-A. http://infocenter.arm.com/. Version 1.0.Google Scholar
- Upstream: pagemap: do not leak physical addresses to non-privileged userspace. https://android-review.googlesource.com/#/c/182766/. Retrieved in Aug. 2016.Google Scholar
- O. Aciiçmez. Yet another microarchitectural attack: exploiting I-Cache. In 2007 ACM workshop on Computer security architecture, 2007. Google ScholarDigital Library
- O. Aciiçmez, B. B. Brumley, and P. Grabher. New results on instruction cache attacks. In 12th international conference on Cryptographic hardware and embedded systems, 2010. Google ScholarDigital Library
- V. Afonso, A. Bianchi, Y. Fratantonio, A. Doupe, M. Polino, P. de Geus, C. Kruegel, and G. Vigna. Going native: Using a large-scale analysis of android apps to create a practical native-code sandboxing policy. In 2016 ISOC Network and Distributed System Security Symposium, 2016.Google ScholarCross Ref
- A. J. Aviv, B. Sapp, M. Blaze, and J. M. Smith. Practicality of accelerometer side channels on smartphones. In 28th Annual Computer Security Applications Conference, 2012. Google ScholarDigital Library
- N. Benger, J. van de Pol, N. P. Smart, and Y. Yarom. "Ooh Aah... Just a Little Bit": A small amount of side channel can go a long way. In 16th International Workshop on Cryptographic Hardware and Embedded Systems, 2014. Google ScholarDigital Library
- L. Cai and H. Chen. Touchlogger: Inferring keystrokes on touch screen from smartphone motion. In 6th USENIX Conference on Hot Topics in Security, 2011. Google ScholarDigital Library
- S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In 17th ACM Conference on Computer and Communications Security, 2010. Google ScholarDigital Library
- Q. A. Chen, Z. Qian, and Z. M. Mao. Peeking into your app without actually seeing it: UI state inference and novel Android attacks. In 23th USENIX Security Symposium, 2014. Google ScholarDigital Library
- R. Delgado. Arm-based servers: The next evolution of the cloud? http://www.cloudcomputing-news.net/news/2015/apr/17/arm-based-servers-next-evolution-cloud/.Google Scholar
- W. Diao, X. Liu, Z. Li, and K. Zhang. No pardon for the interruption: New inference attacks on android through interrupt timing analysis. In 37th IEEE Symposium on Security and Privacy, 2016.Google ScholarCross Ref
- D. Gruss, R. Spreitzer, and S. Mangard. Cache template attacks: Automating attacks on inclusive last-level caches. In 24th USENIX Security Symposium, 2015. Google ScholarDigital Library
- D. Gullasch, E. Bangerter, and S. Krenn. Cache games -- bringing access-based cache attacks on AES to practice. In 32nd IEEE Symposium on Security and Privacy, 2011. Google ScholarDigital Library
- R. Hund, C. Willems, and T. Holz. Practical timing side channel attacks against kernel space ASLR. In 34th IEEE Symposium on Security and Privacy, 2013. Google ScholarDigital Library
- M. S. Inci, B. Gulmezoglu, G. Irazoqui, T. Eisenbarth, and B. Sunar. Seriously, get off my cloud! cross-vm rsa key recovery in a public cloud. Cryptology ePrint Archive, Report 2015/898, 2015. http://eprint.iacr.org/.Google Scholar
- G. Irazoqui, T. Eisenbarth, and B. Sunar. S\$A: A shared cache attack that works across cores and defies VM sandboxing--and its application to AES. In 36th IEEE Symposium on Security and Privacy, 2015. Google ScholarDigital Library
- G. Irazoqui, T. Eisenbarth, and B. Sunar. Cross processor cache attacks. In 11th ACM Asia Conference on Computer and Communications Security, 2016. Google ScholarDigital Library
- G. Irazoqui, M. S. Inci, T. Eisenbarth, and B. Sunar. Wait a minute! a fast, cross-vm attack on AES. In 17th International Symposium Research in Attacks, Intrusions and Defenses, 2014.Google ScholarCross Ref
- A. Jaleel, E. Borch, M. Bhandaru, S. C. Steely Jr., and J. Emer. Achieving non-inclusive cache performance with inclusive caches: Temporal locality aware (tla) cache management policies. In 43rd Annual IEEE/ACM International Symposium on Microarchitecture. Google ScholarDigital Library
- S. Jana and V. Shmatikov. Memento: Learning secrets from process footprints. In 33rd IEEE Symposium on Security and Privacy, 2012. Google ScholarDigital Library
- C.-C. Lin, H. Li, X. Zhou, and X. Wang. Screenmilker: How to milk your Android screen for secrets. In 21st ISOC Network and Distributed System Security Symposium, 2014.Google ScholarCross Ref
- M. Lipp, D. Gruss, R. Spreitzer, C. Maurice, and S. Mangard. ARMageddon: Cache attacks on mobile devices. In 25th USENIX Security Symposium, 2016.Google Scholar
- F. Liu, Y. Yarom, Q. Ge, G. Heiser, and R. B. Lee. Last-level cache side-channel attacks are practical. In 36th IEEE Symposium on Security and Privacy, 2015. Google ScholarDigital Library
- Y. Michalevsky, D. Boneh, and G. Nakibly. Gyrophone: Recognizing speech from gyroscope signals. In 23rd USENIX Security Symposium, 2014. Google ScholarDigital Library
- M. Neve and J.-P. Seifert. Advances on access-driven cache attacks on AES. In 13th international conference on selected areas in cryptography, 2007. Google ScholarDigital Library
- Y. Oren, V. P. Kemerlis, S. Sethumadhavan, and A. D. Keromytis. The spy in the sandbox: Practical cache attacks in javascript and their implications. In 22nd ACM SIGSAC Conference on Computer and Communications Security, 2015. Google ScholarDigital Library
- D. A. Osvik, A. Shamir, and E. Tromer. Cache attacks and countermeasures: the case of AES. In 6th Cryptographers' track at the RSA conference on Topics in Cryptology, 2006. Google ScholarDigital Library
- C. Percival. Cache missing for fun and profit. In 2005 BSDCan, 2005.Google Scholar
- Z. Qian, Z. M. Mao, and Y. Xie. Collaborative TCP sequence number inference attack: How to crack sequence number under a second. In 19th ACM Conference on Computer and Communications Security, 2012. Google ScholarDigital Library
- H. Rydberg. Multi-touch (mt) protocol. Linux kernel documentation. https://www.kernel.org/doc/Documentation/input/multi-touch-protocol.txt.Google Scholar
- H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In 14th ACM Conference on Computer and Communications Security, 2007. Google ScholarDigital Library
- A. L. Shimpi. Answered by the experts: Arm's cortex a53 lead architect, peter greenhalgh. http://www.anandtech.com/show/7591/answered-by-the-experts-arms-cortex-a53-lead-architect -peter-greenhalgh.Google Scholar
- R. Spreitzer and B. Gérard. Towards more practical time-driven cache attacks. In 8th IFIP International Workshop on Information Security Theory and Practice, Securing the Internet of Things, 2014. Google ScholarDigital Library
- R. Spreitzer and T. Plos. In 4th International Workshop on Constructive Side-Channel Analysis and Secure Design, 2013.Google Scholar
- R. Spreitzer and T. Plos. On the applicability of time-driven cache attacks on mobile devices. In 7th International Conference on Network and System Security, 2013.Google ScholarCross Ref
- E. Tromer, D. A. Osvik, and A. Shamir. Efficient cache attacks on AES, and countermeasures. J. Cryptol., 23(2):37--71, Jan. 2010.Google ScholarDigital Library
- M. Weiß, B. Heinz, and F. Stumpf. A cache timing attack on AES in virtualization environments. In 16th International Conference on Financial Cryptography and Data Security, 2012.Google ScholarCross Ref
- J. C. Wray. An analysis of covert timing channels. In 1991 IEEE Computer Society Symposium on Research in Security and Privacy, 1991.Google ScholarCross Ref
- Y. Yarom and N. Benger. Recovering OpenSSL ECDSA nonces using the FLUSHGoogle Scholar
- RELOAD cache side-channel attack. In Cryptology ePrint Archive, 2014.Google Scholar
- Y. Yarom and K. E. Falkner. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack. In 23rd USENIX Security Symposium, 2014. Google ScholarDigital Library
- N. Zhang, K. Yuan, M. Naveed, X. Zhou, and X. Wang. Leave me alone: App-level protection against runtime information gathering on android. In 36th IEEE Symposium on Security and Privacy, 2015. Google ScholarDigital Library
- Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-VM side channels and their use to extract private keys. In 19th ACM Conference on Computer and Communications Security, 2012. Google ScholarDigital Library
- Y. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Cross-tenant side-channel attacks in PaaS clouds. In 21st ACM Conference on Computer and Communications Security, 2014. Google ScholarDigital Library
- X. Zhou, S. Demetriou, D. He, M. Naveed, X. Pan, X. Wang, C. A. Gunter, and K. Nahrstedt. Identity, location, disease and more: Inferring your secrets from Android public resources. In 20th ACM Conference on Computer and Communications Security, 2013. Google ScholarDigital Library
- Z. Zhou, M. K. Reiter, and Y. Zhang. A software approach to defeating side channels in last-level caches. In 23rd ACM Conference on Computer and Communications Security, 2016. Google ScholarDigital Library
Index Terms
- Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices
Recommendations
A Software Approach to Defeating Side Channels in Last-Level Caches
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityWe present a software approach to mitigate access-driven side-channel attacks that leverage last-level caches (LLCs) shared across cores to leak information between security domains (e.g., tenants in a cloud). Our approach dynamically manages physical ...
FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack
SEC'14: Proceedings of the 23rd USENIX conference on Security SymposiumSharing memory pages between non-trusting processes is a common method of reducing the memory footprint of multi-tenanted systems. In this paper we demonstrate that, due to a weakness in the Intel X86 processors, page sharing exposes processes to ...
Flush+Flush: A Fast and Stealthy Cache Attack
DIMVA 2016: Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Volume 9721Research on cache attacks has shown that CPU caches leak significant information. Proposed detection mechanisms assume that all cache attacks cause more cache hits and cache misses than benign applications and use hardware performance counters for ...
Comments