Ecole d'ingénieur et centre de recherche en Sciences du numérique

Flush+Flush: A stealthier last-level cache attack

Gruss, Daniel; Maurice, Clémentine; Wagner, Klaus

DIMVA 2016, 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 7-8, 2016, Donostia-San Sebastian, Spain / Also published in LNCS, Vol.9721/2016

Research on cache attacks has shown that CPU caches leak significant information. Proposed detection mechanisms assume that all cache attacks cause more cache hits and cache misses than benign applications and use hardware performance counters for detection. In this article, we show that this assumption does not hold by developing a novel attack technique: the Flush+Flush attack. The Flush+Flush attack only relies on the execution time of the flush instruction, which depends on whether data is cached or not. Flush+Flush does not make any memory accesses, contrary to any other cache attack. Thus, it causes no cache misses at all and the number of cache hits is reduced to a minimum due to the constant cache flushes. Therefore, Flush+Flush attacks are stealthy, i.e., the spy process cannot be detected based on cache hits and misses, or state-of-the-art detection mechanisms. The Flush+Flush attack runs in a higher frequency and thus is faster than any existing cache attack. With 496 KB/s in a cross-core covert channel it is 6.7 times faster than any previously published cache covert channel. 

Document Doi Arxiv Bibtex

Titre:Flush+Flush: A stealthier last-level cache attack
Type:Conférence
Langue:English
Ville:San Sebastian
Pays:ESPAGNE
Date:
Département:Sécurité numérique
Eurecom ref:4749
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in DIMVA 2016, 13th Conference on Detection of Intrusions and Malware & Vulnerability Assessment, July 7-8, 2016, Donostia-San Sebastian, Spain / Also published in LNCS, Vol.9721/2016 and is available at : http://dx.doi.org/10.1007/978-3-319-40667-1_14
Bibtex: @inproceedings{EURECOM+4749, doi = {http://dx.doi.org/10.1007/978-3-319-40667-1_14}, year = {2016}, title = {{F}lush+{F}lush: {A} stealthier last-level cache attack}, author = {{G}russ, {D}aniel and {M}aurice, {C}l{\'e}mentine and {W}agner, {K}laus}, booktitle = {{DIMVA} 2016, 13th {C}onference on {D}etection of {I}ntrusions and {M}alware \& {V}ulnerability {A}ssessment, {J}uly 7-8, 2016, {D}onostia-{S}an {S}ebastian, {S}pain / {A}lso published in {LNCS}, {V}ol.9721/2016}, address = {{S}an {S}ebastian, {ESPAGNE}}, month = {07}, url = {http://www.eurecom.fr/publication/4749} }
Voir aussi: