Spotlight on Lablet Research #33 - Side-Channel Attack Resilience
Spotlight on Lablet Research #33 -
Side-Channel Attack Resilience
Lablet: University of Kansas
Cyber-Physical Systems (CPS)--cars, airplanes, power plants, etc.--are increasingly dependent on powerful and complex hardware for higher intelligence and functionalities. However, this complex hardware may also introduce new attack vectors--hardware side-channels--which can be exploited by attackers to steal sensitive information, to disrupt timing of time-critical functions that interact with the physical plants, or to break memory protection mechanisms in modern computers. Because these attacks target hardware, even logically safe and secure software such as a formally verified OS, could still be vulnerable. Given the safety-critical nature of CPS, hardware side-channels should be thoroughly analyzed and prevented in CPS. This project, led by Principal Investigator (PI) Heechul Yun, focuses on micro-architectural side channels in embedded multicore computing hardware and aims to develop fundamental OS and architecture designs that minimize or eliminate the possibility of potential hardware-level side-channel attacks. The goal of this project is to fundamentally reduce or completely eradicate these micro-architectural side-channels by introducing new OS abstractions and minimally modifying micro-architecture and OS. Successful completion of this project will result in empirical studies on micro-architectural side-channels in safety-critical CPS and criticality-aware OS and architecture prototypes for side-channel attack-resistant CPS.
The research team has continued to develop speculative execution-based attacks. As part of this effort, the team validated their previously developed SpectreRewind covert channel, which targets non-pipelined floating point division units, on several recent Intel architectures and found that their attacks worked well after minor adaptation. The researchers released SpectreRewind PoCs, which include a C version, a JavaScript version, and a modified end-to-end Meltdown attack using SpectreRewind, as open source on a public github repository.
They have also continued to develop Denial-of-Service (DoS) attack and prevention techniques. As part of this effort, the team evaluated Intel RDT technologies and their effectiveness in preventing DoS attacks on recent Intel architectures. The researchers also demonstrated that the memory-aware (DRAM bank-aware) variant of DoS attack techniques are substantially (by up to 5X) more effective in causing execution time increases to cross-core victims than memory-unaware state-of-the-art cache DoS attacks on embedded ARM platforms. They also successfully demonstrated a similar degree of improved effectiveness on Intel platforms.
Finally, the research team is continuing to develop operating system-level solutions to mitigate micro-architectural attacks. As part of this effort, the team proposed new interference-aware group (virtual gang) scheduling methods that minimize utilization loss of their previously proposed gang scheduling approach while still preventing cache DoS attacks.