Cache Side-Channel Attacks and Defenses
-
摘要:
近年来,随着信息技术的发展,信息系统中的缓存侧信道攻击层出不穷.从最早利用缓存计时分析推测密钥的想法提出至今,缓存侧信道攻击已经历了10余年的发展和演进.研究中梳理了信息系统中缓存侧信道攻击风险,并对缓存侧信道攻击的攻击场景、实现层次、攻击目标和攻击原理进行了总结.系统分析了针对缓存侧信道攻击的防御技术,从缓存侧信道攻击防御的不同阶段出发,分析了攻击检测和防御实施2部分研究工作,并基于不同防御原理对防御方法进行分类和分析.最后,总结并讨论了互联网生态体系下缓存侧信道攻击与防御的研究热点,指出缓存侧信道攻击与防御未来的研究方向,为想要在这一领域开始研究工作的研究者提供参考.
Abstract:In recent years, with the development of information technology, cache side-channel attack threats in information system has a rapid growth. It has taken more than 10 years for cache side channel attacks to evolve and develop since cache-timing analysis was proposed to speculate encryption keys. In this survey, we comb the cache side-channel attack threats in the information system by analyzing the vulnerabilities in the design characteristics of software and hardware. Then we summarize the attacks from attack scene, cache levels, attack targets and principles. Further more, we compare the attack conditions, advantages and disadvantages of 7 typical cache side-channel attacks in order to better understand their principles and applications. We also make a systematic analysis of the defense technology against cache side channel attack from detection stage and prevention stage, classify and analyze the defence technology based on different defense principles. Finally, we summarize the work of this paper, discuss the research hotspots and the development trend of cache side-channel attack and defense under the Internet ecosystem, and point out the future research direction of cache side-channel attack and defense, so as to provide reference for researchers who want to start research in this field.
-
嵌入式实时系统广泛存在于生产和生活当中,例如航空航天、轨道交通、无人驾驶、互联通信等.在实时系统中,其正确性不仅仅依赖于逻辑结果的正确性,同时还依赖于结果产生的时间[1].实时系统中的任务执行时间具有严格的约束,如果错过任务截止时间将会导致灾难性后果.因此,实时系统在任务调度设计和可调度性分析时都必须保证任务的执行在一个安全的时间上界之内,此上界的计算方法即任务的最坏情况执行时间(worst-case execution time,WCET)分析.当前主流的WCET分析方法分为静态分析和动态分析,动态分析也称为基于测试的分析方法,通过大量的测试用例来获取精确的WCET分析结果,由于无法穷尽所有的测试用例,动态分析无法保证分析结果的安全性,工业界通常会在分析结果的基础上增加一定的裕量(例如20%)[2]作为最终的WCET分析结果.静态分析方法则是通过对处理器硬件结构和程序流信息进行分析估算程序的WCET值,静态分析方法能够保证分析结果的安全性,并且不需要运行程序便可获得WCET结果,所以大多数WCET分析工具都采用静态分析方法.单核处理器WCET分析方法经过多年的研究已经取得较高的分析精度,然而多核处理器中加速部件的使用和共享资源干扰的存在,导致原有的单核处理器WCET分析方法无法直接适用于多核处理器,这对于多核处理器的WCET分析提出了新的挑战.
在硬件结构方面,多核处理器的WCET分析主要考虑Cache、内存、核间互联和流水线等部件的影响[3],Rapita Systems公司的实验表明,由于L3 Cache的争用导致YOLO算法的帧率降低90%左右.当前对于Cache的研究主要集中在指令Cache带来的干扰分析[4-7],并已经获得了较高的分析精度,而对于数据Cache的关注则不足,其原因有2方面:1)处理器寻址方式的不同导致数据Cache的访问地址分析更加困难;2)数据Cache在循环的不同轮次中访问的数据不同,正是由于数据Cache和指令Cache在时空特性上的差异,造成数据Cache的分析更加复杂.如果简单将指令Cache的分析技术套用到数据Cache上,会导致分析结果过于悲观[8].对于数据Cache的分析除了以上问题之外,另一个需要特别关注的影响因素就是数据一致性协议.有研究表明,由于Cache一致性协议的影响,并行程序执行比串行程序慢74%[9].但是相关的调研表明[10],极少数研究人员关注Cache一致性造成的干扰.
针对现有多核处理器WCET分析方法对数据Cache一致性协议考虑不足的问题,本文主要研究一种基于多级一致性协议的多核处理器WCET分析方法.该方法通过建立多级一致性域,抽象出一致性协议嵌套的共享数据管理机制,分别从一致性域内部、跨一致性域2个层面来分析内存访问延迟,从而实现对多核处理器中数据Cache的精确分析.
1. 相关工作
Ferdinand等人[11]提出基于抽象解释理论[12]的Cache行为分析方法,由于其具有较高的精确度和效率,在基于Cache的WCET分析中占据了统治地位[8].如图1所示,基于抽象解释的Cache分析方法对Cache的物理状态和替换策略进行抽象,得到抽象缓存状态(abstract cache state)和函数Join、函数Update,通过May分析、Must分析和Persistence分析3种方法得出Cache的“Cache命中/失效分类”(cache hit miss classification, CHMC),从而确定Cache的访问延迟.Huynh等人[13]经过分析证明了原有的Persistence分析方法存在不安全性,其原因在于更新函数
lh↦ˆs(lh−1)∪(ˆs(lh)−{m}) 未将可能被替换出去的内存块的年龄进行增加,导致分析结果不正确.为解决此问题,该小组提出Younger Set的概念,并将Younger Set引入到函数Join和函数Update中,保证了Persistence分析的安全性.在过去的20多年,研究人员对Persistence分析进行了广泛的研究,仍然不能保证其发现所有的Persistent Cache块,直到Stock[14]给出Exact Persistence分析方法,才使得Persistence分析趋于完善.模型检测[15]方法是另一个广泛研究的Cache行为分析方法,模型检测作为实时系统中常用的时序验证手段,将各类时序分析问题转化为时间自动机的可达性问题,从而实现对问题的求解.Wilhelm[16]讨论了模型检测技术在WCET分析中的优缺点,Metzner[17]认为模型检测方法能够提高分析结果的精度.Dalsgaard等人[18]基于模型检测方法实现了模块化任务执行时间分析框架;Gustavsson等人[19]的研究表明,UPPAAL可以用于多核处理器中并行任务的WCET分析,Cassez等人[20]将WCET分析问题转换为寻找最长路径的问题,并通过扩展模型检测工具UPPAAL实现了一个任务WCET分析工具WUPPAAL;Lü等人[21]在开源工具Chronos的基础上,将模型检测的方法用于Cache的行为分析,实现了一个多核处理器WCET分析工具McAiT;陈芳园等人[22]改进多核处理器中Cache冲突分析方法,在取指阶段考虑取指操作之间的时序关系,该方法能够排除部分非干扰状态,使得WCET计算精度最高提高12%.上述对于Cache行为分析多是针对指令Cache展开的,而对于数据Cache的分析研究较少,尤其是对于多核处理器中Cache一致性协议的讨论更为少见.直到2015年,Uhrig等人[23]研究数据Cache对多核处理器WCET分析的影响,并研究了基于监听的一致性协议和TDMA总线对多核处理器中延迟时间的影响,最终得出结论:采用写失效的基于总线监听的一致性协议不具备可预测性,而采用写更新双通道直接映射的bus-snarfing一致性协议配合TDMA总线能够实现时间可预测.但文献[23]未对Cache一致性协议带来的内存访问延迟进行更为细致的分析.而Hassan等人[24]的分析也得出了基于总线监听MSI一致性协议配合TDMA总线的多核处理器的WCET值不具有可预测性,重点分析了TDMA总线导致的不可预测性,而对于多核处理器中基于MESI一致性协议的WCET估计,同样未给出详细的分析方法.Tsoupidi[25]针对对称多处理器,提出一种考虑Cache一致性协议的WCET分析方法,该方法在计算共享Cache读访问延迟时认为
h′sh=max ,上述情况仅发生在Cache使用写回(write-back)策略时,对于写直达(write-through)策略,数据同时存在于私有Cache和共享Cache中,该计算方式存在较大的悲观性,且该文仅仅讨论了单级一致性协议下的WCET分析方法,而对于多核处理器中存在多级Cache一致性协议的情况,尚未见到相关的研究.为此,本文针对数据Cache中共享数据的访问,提出了基于多级一致性协议的多核处理器WCET分析方法,解决多级一致性协议嵌套情况下的WCET分析问题,完善了多核处理器Cache的分析框架,并实现一个基于MESI(modify exclusive shared invalid)协议的高精度多核处理器WCET分析工具,为多核实时系统的WCET分析提供了支撑.
2. 基于MESI协议的跨一致性域WCET分析方法
本节的核心工作在于提出一种多级一致性域的WCET分析方法,实现对多核处理器中多级一致性域的WCET分析.通过对一致性域内部的Cache访问延迟和状态转换情况进行分析,得出一致性域内部的分析结果,根据是否进行跨域数据访问决定下一步是否需要进行跨域分析,从而实现一致性协议嵌套情况下的共享数据访问延迟分析.本文将该方法与当前主要考虑指令Cache的分析方法相结合,增加了数据Cache中共享数据的访问分析,扩展了多核处理器中Cache的干扰分析框架,进一步完善了多核处理器WCET分析方法.
2.1 Cache组织结构
共享存储结构是当前应用最为广泛的多核处理器架构,此种结构对于每一个内核而言都是对等的,每一个内核的访问时间都是相同的,因此多核处理器属于对称多处理器(symmetric multi-processor,SMP).最初的多核处理器中只存在私有Cache和共享Cache,随着CPU制造工艺的发展,当前多核处理器已集成多级Cache.
采用SMP架构的多处理器需要支持共享数据的Cache,通过读写共享数据实现内核之间的通信.在缓存共享数据时,可能会存在多个内核对共享数据的争用,也可能会在多个Cache中复制共享数据,导致多个数据副本不一致,因此共享数据Cache引入了一个新的问题——Cache一致性问题,需要引入一致性协议保证数据一致性.
MESI是一种典型的Cache一致性协议,也被称为Illinois MESI协议,是在原MSI协议的基础上引入E状态,用于表示独占状态.在写入一个共享数据块时,通常有2种写策略:写直达和写回.对于图2所示的多级Cache组织结构,由于写回策略对存储器的带宽要求低,能够支持更多、更快速的处理器,所以最外层级别(簇(cluster)间)通常采用写回策略[3];而对于簇内的写入共享数据的策略,如果采用写回策略,会造成簇内L1 Cache中数据和L2 Cache中的数据不一致的情况,在维护簇内数据一致性的同时,还要考虑簇间一致性,造成一致性协议非常复杂,不利于硬件的实现,因此簇内采用写直达的策略.
写直达和写回适用于访问命中的情况,当访问缺失时所采用的写策略为写分配(write allocation)和非写分配(no write allocation)两种方式,通常写回与写分配策略配合使用,写直达和非写分配策略配合使用.
2.2 一致性域
多核处理器任务调度时存在多个内核共同完成一个任务,或者将某些关键等级高的任务映射到特定的内核上,因此,这些任务之间的数据交换仅仅在特定内核之间进行,如果使用一个一致性协议维护所有内核的数据副本,将会产生大量的数据交互操作,造成网络拥塞,降低执行效率, 一种可行的方法是将所有的内核进行区域划分[26],每个区域使用独立的一致性协议管理数据副本,该方法既能充分利用局部性原理,又能降低网络负载.
定义1. 一致性域.使用相同一致性协议管理数据副本的内核集合,称之为一致性域.
一致性域的示意图如图3所示.
一致性域具有2个性质:
性质1.一致性域具有独立性,即任意2个一致性域之间不存在交集.
性质2.一致性协议在一致性域内具有唯一性.
2.3 多级一致性域
由于一致性协议只能维护域内数据的一致性,当存在跨域数据交互时,会导致无法保证域间数据的一致性,需要使用多级一致性协议进行数据维护,相应地,需要定义多级一致性域.多级一致性域采用分层划域的思想,下层一致性域是上层一致性域的一个结点(clump).
针对如图2所示的硬件架构,根据一致性域的定义,簇内为1级一致性域,整个多核处理器构成2级一致性域.处理器内核在访问数据时,首先会访问私有Cache,如果访问缺失,则会访问下一级共享Cache,即簇内共享Cache,此时数据访问范围仍在一致性域内.如果访问命中,只需进行域内WCET分析即可;如果访问缺失,根据存储器层次结构访问次序,则需要进行跨一致性域WCET分析.
2.4 关键参数说明
在进行多核处理器的Cache行为分析时,假设总线是完美的并且不存在读和写队列的限制,在此基础上分析Cache一致性协议对内存访问时间的影响.
首先假设处理器拥有私有Cache、共享Cache和内存,Cache采用写回和写分配策略,Cache的访问分为读和写,读和写都会出现访问命中或缺失,我们从读和写2个方面对Cache行为进行分析,在开始分析之前定义如下符号:
1)
{\psi _{\text{R}}}(m,m') /{\psi _{\text{W}}}(m,m') .表示域内Cache读/写访问时间延迟和状态转换情况,m表示被访问的数据,m'表示被访问数据的副本.2)
{H_{{\text{L}}i}} .表示在第i级Cache访问命中时间延迟.3)
{L_{{\text{L}}i \to {\text{L}}j}} .表示数据从第i级Cache加载到第j级Cache的时间延迟.4)
{H_{{\text{memory}}}} .表示主存访问命中时间延迟.5)
Inv /Inv' .表示域内/跨域使其他数据副本失效的时间延迟.6)
{\psi '_{\text{R}}}(m,m') /{\psi '_{\text{W}}}(m,m') .表示跨域Cache读/写访问时间延迟和状态转换情况.7)
{m_{\text{s}}} /{m'_{\text{s}}} .表示本地/远程Cache状态.8)
{\text{Replacement}} /\neg {\text{Replacement}} .表示被访问共享数据被替换出Cache,导致替换缺失发生/未发生.2.5 考虑一致性协议的WCET分析框架
现有工作对于Cache的分析主要集中在指令Cache,对于数据Cache的分析也仅限于本地数据的分析.本文在基于抽象解释的多级Cache分析框架基础上,扩展了共享数据分析这一功能.
如图4所示,该分析框架的输入为待分析程序和Cache模型.其中待分析程序提供控制流、地址信息,Cache模型中包括了Cache组织结构、替换策略、读写策略以及一致性协议,这些参数作为分析框架的输入信息,提供给Cache分析方法.Cache的分析可分为2部分:数据Cache和指令Cache,其中数据Cache中共享数据的分析为本文的主要工作,将在后文中详细介绍.最后,根据分析结果得出内存访问的分类以及访问的时间延迟,从而得出WCET的分析结果.
2.6 域内WCET分析
2.6.1 域内读访问
当内核发出读数据m的读请求时,如果m存在于L1中,其状态可能为E或者S并且未发生替换缺失,在L1中能够读命中,数据访问延迟为
{H_{{\text{L}}1}} ,所有Cache块的状态不会发生改变.如果数据m在域内,m的状态为E或者S但是发生替换缺失,此时数据访问延迟为读取L2中数据的时间
{\psi '_{\text{R}}} ,同时需要将数据从L2 Cache加载到本地L1 Cache中,考虑连贯性要求,数据访问延迟为\max ({\psi '_{\text{R}}},{L_{{\text{L}}2 \to {\text{L}}1}}) ,Cache状态不发生变化,如图5 (a)(b)所示.![]()
图 5 域内读访问时间延迟及状态转换图Figure 5. Read-visit latency and state transition diagram of intra-domain如果数据m在域内,m的状态为I,且副本m'的状态为E或者S时,此时数据访问延迟为读取L2中数据的时间
{\psi '_{\text{R}}} ,同时需要将数据从L2 Cache加载到本地L1 Cache中,考虑连贯性要求,数据访问延迟为\max ({\psi '_{\text{R}}},{L_{{\text{L}}2 \to {\text{L}}1}}) ,m的状态转换为S,副本m'的状态转换为S,如图5 (c)所示.如果数据m不在域内,在L2 Cache中会出现访问缺失,假定访问L2 Cache的时间为
{\psi '_{\text{R}}} ,对于{\psi '_{\text{R}}} 的取值我们将在2.7.1节中进行分析.此时m的状态由I转换为E,L2 Cache的状态需要根据L2的一致性协议进一步分析,如图5(d)所示.根据以上分析,可以得出Cache域内读访问时间延迟和状态转换的状态更新函数:
\begin{aligned}&{\psi }_{{{\rm{R}}}}(m,{m}^{\prime })=\\ &\left\{ {\begin{aligned} &{H}_{{{\rm{L}}}1},{m}_{{{\rm{s}}}}\mapsto {m}_{{{\rm{s}}}},{m}'_{{{\rm{s}}}}\mapsto {{m}'_{{{\rm{s}}}}}; \\ &\ \ \ m存在于\text{L}1\wedge \neg {{\rm{Replacement}}}.\\ &{{\rm{max}}}({{\psi }'_{\text{R}}},{L}_{\text{L}2\to {{\rm{L}}}1}),{m}_{{{\rm{s}}}}\mapsto {m}_{{{\rm{s}}}},{m}'_{{{\rm{s}}}}\mapsto {m}'_{{{\rm{s}}}};\\ &\ \ \ m存在于\text{L}1\wedge {{\rm{Replacement}}}.\\ &{{\rm{max}}}({{\psi }'_{\text{R}}},{L}_{{{\rm{L}}}2\to {{\rm{L}}}1}),{m}_{{{\rm{s}}}}:{{\rm{I}}}\to {{\rm{S}}},{m}'_{{{\rm{s}}}}:{{\rm{E}}}/{{\rm{S}}}\to {{\rm{S}}};\\ &\ \ \ m不存在于{{\rm{L}}}1\wedge m存在于{{\rm{L}}}2\wedge {m}^{\prime }存在于{{\rm{L}}}1.\\ &{{\psi } '_{\text{R}}},{m}_{{{\rm{s}}}}:{{\rm{I}}}\to {{\rm{E}}};m不在域内. \end{aligned}} \right.\end{aligned} (1) 2.6.2 域内写访问
当内核发出写m的请求时,如果m仅存在本地L1 Cache且状态为E时,此时会发生Cache写命中.首先需要将数据写入到L1中,由于使用写直达策略,需要同时写入到L2当中,因此数据访问时间为
{H_{{\text{L}}1}} + {\psi '_{\text{W}}} ,Cache状态不发生改变,如图6(a)所示;如果m存在于L1 Cache中且状态为S时,此时会发生Cache写命中,数据访问延迟为{H_{{\text{L}}1}} + {\psi '_{\text{W}}} ,状态转换为E,由于采用写失效的一致性协议,因此需要将副本的状态修改为I,考虑连贯性要求,数据访问最终的延迟为\max ({H_{{\text{L}}1}} + {\psi '_{\text{W}}},Inv) ,如图6(b)所示.![]()
图 6 域内写访问时间延迟及状态转换图Figure 6. Write-visit latency and state transition diagram of intra-domain如果数据m位于本地L1 Cache中,m的状态为E或者S,并且发生替换缺失,此时会出现写缺失.如果m的状态为E,此时数据访问时间为
{\psi '_{\text{W}}} ,并且状态转换为I,如图6(c)所示;如果m的状态为S,在进行L2 Cache写操作之后,需要对其他副本进行写失效,所以访问时间为\max ({\psi '_{\text{W}}},Inv) ,m和副本m'的状态都转换为I,如图6(d)所示.如果数据m在域内, m的状态为I且副本m'的状态为E或者S时,此时会对L2进行写操作, 并将其他副本中的数据写失效, 考虑数据连贯性要求, 数据的写延迟为
\max ({\psi '_{\text{W}}},Inv) , 由于采用非写分配的方式, 本地L1的状态不发生改变,其他副本的状态从E/S转换为I, 如图6(e)所示.如果数据m不在域内,类比读访问的情况,假定写L2 Cache的访问时间为
{\psi '_{\text{W}}} .由于域内采用非写分配法,所以此时m的状态不发生任何变化,如图6(f)所示.根据以上分析,可以得出Cache域内写访问时间延迟和状态转换的状态更新函数:
\begin{aligned}&{\psi }_{{{\rm{W}}}}(m,{m}^{\prime })=\\ &\left\{ {\begin{aligned} &{H}_{\text{L}1}+{\psi }'_{\text{W}},{m}_{\text{s}}\mapsto {m}_{\text{s}},{{m}}'_{\text{s}}\mapsto {{m}}'_{\text{s}};\\ &\ \ \ m存在于\text{L}1\wedge {m}^{\prime }不存在于\text{L}1\wedge \neg \text{Replacement}.\\ &\mathrm{max}({H}_{\text{L}1}+{{\psi }}'_{\text{W}},Inv),{m}_{\text{s}}:\text{S}\to \text{E},{{m}}'_{\text{s}}:\text{S}\to \text{I};\\ &\ \ \ m存在于\text{L}1\wedge {m}^{\prime }存在于\text{L}1\wedge \neg \text{Replacement}.\\ &{{\psi }}'_{\text{W}},{m}_{\text{s}}:\text{E}\to \text{I};\\ &\ \ \ m存在于\text{L}1\wedge {m}^{\prime }不存在于\text{L}1\wedge \text{Replacement}.\\ &\mathrm{max}({{\psi }}'_{\text{W}},Inv),{m}_{\text{s}}:\text{S}\to \text{I},{{m}}'_{\text{s}}:\\ &\ \ \ m存在于\text{L}1\wedge {m}^{\prime }存在于\text{L}1\wedge \text{Replacement}.\\ &\mathrm{max}({{\psi }}'_{\text{W}},Inv),{m}_{\text{s}}\mapsto {m}_{\text{s}},{{m}}'_{\text{s}}:\text{E}/\text{S}\to \text{I};\\ &\ \ \ m存在于\text{L}1\wedge {m}^{\prime }存在于\text{L}1.\\ &{{\psi }}'_{\text{W}},{m}_{\text{s}}\mapsto {m}_{\text{s}};m不在域内. \end{aligned}} \right.\end{aligned} (2) 2.7 跨域WCET分析
2.7.1 跨域读访问
当内核发出读数据m的读请求时,如果需要对L2 Cache进行读访问,此时将会由上级一致性协议管理共享数据.
如果数据m存在于域内,并且位于本地L2 Cache中,对应域内读访问的图5(a)~(c),此时数据访问时间为
{H_{{\text{L}}2}} ,域间所有的Cache的状态都不发生变化,如图7(a)所示.![]()
图 7 跨域读访问时间延迟及状态转换图Figure 7. Read-visit latency and state transition diagram of cross-domain当被访问数据m存在于L2 Cache中并且发生替换缺失,对应域内读访问的图5(d),此时数据访问延迟为
{H_{{\text{L}}3}} ,同时需要将数据加载到L1 Cache中,考虑到连贯性要求,数据访问的延时为\mathrm{max}({H}_{\text{L}3},{L}_{\text{L}3\to \text{L}1}) ,如果m的状态为M或者E,则状态会转换为E,如果m的状态为S,则状态不发生改变,副本m'的状态不发生改变,如图7(b)(c)所示.如果被访问数据m不存在于域内,对应域内读访问的图5(d),存在2种可能性:1)数据m本身不存在Cache中;2)数据m存在于其他域的Cache中.如果数据m不存在Cache中,此时需要通过内存来读取数据m,数据访问延迟为
H_\text{memory} ,同时需要将数据从内存中写回到L1 Cache中,考虑连贯性要求,数据访问延迟为\max ({H_\text{memory}},{L_{m \to {\text{L}}1}}) ,L2的状态从I转换为E,如图7(d)所示.如果数据存在于其他域中,即存在数据副本m',如果其状态是M,首先要将数据从其他域的L2 Cache中加载到本地域的L2中,然后再加载到L1中,最后从L1中读取数据,其访问延迟为
{L_{{\text{L}}2 \to {\text{L}}2}} + {L_{{\text{L}}2 \to {\text{L}}1}} + {H_{{\text{L}}1}} ,此时L2中数据m的状态从I转换为S,其他域L2中数据副本m'状态从M转换为S,如图7(e)所示.如果数据副本m'的状态为E或者S,将会在L3中读取命中数据,此时数据访问延迟为
{H_{{\text{L}}3}} ,与此同时,数据将会加载到L1中,考虑连贯性要求,此时数据访问延迟应取\max ({H_{{\text{L}}3}},{L_{{\text{L}}3 \to {\text{L}}1}}) ,此时L2中数据m的状态从I转换为S,其他域L2中数据副本m'状态换为S,如图7(f)所示.根据以上分析,可以得出Cache跨域读访问时间和状态转换的状态更新函数:
\begin{aligned}&{{\psi }}_{\text{R}}^{\prime }(m,{m}^{\prime })=\\ &\left\{ {\begin{aligned} &{H}_{\text{L}2},{m}_{\text{s}}\mapsto {m}_{\text{s}},{{m}}'_{\text{s}}\mapsto {{m}}'_{\text{s}}; \\ &\ \ \ m存在于\text{L}2\wedge \neg \text{Replacement}.\\ &\mathrm{max}({H}_{\text{L}3},{L}_{\text{L}3\to \text{L}1}),{m}_{\text{s}}:\text{M}/\text{E}\to \text{E};\\ &\ \ \ m存在于\text{L}2\wedge {m}^{\prime }不存在于\text{L}2\wedge \text{Replacement}.\\ &\mathrm{max}({H}_{\text{L}3},{L}_{\text{L}3\to \text{L}1}),{m}_{\text{s}}\mapsto {m}_{\text{s}},{{m}}'_{\text{s}}\mapsto {{m}}'_{\text{s}};\\ &\ \ \ m存在于\text{L}2\wedge {m}^{\prime }存在于\text{L}2\wedge \text{Replacement}.\\ &\mathrm{max}({H}_\text{memory},{L}_{m\to \text{L}1}),{m}_{\text{s}}:\text{I}\to \text{E};\\ &\ \ \ m不存在于\text{Cache}中.\\ &{L}_{\text{L}2\to \text{L}2}+{L}_{\text{L}2\to \text{L}1}+{H}_{\text{L}1},{m}_{\text{s}}:\text{I}\to \text{S},{{m}}'_{\text{s}}:\text{M}\to \text{S};\\ &\ \ \ m不存在于\text{L}2\wedge {m}^{\prime }存在于\text{L}2\wedge {m}^{\prime }不存在于\text{L}3.\\ &\mathrm{max}({H}_{\text{L}3},{L}_{\text{L}3\to \text{L}1}),{m}_{\text{s}}:\text{I}\to \text{S},{{m}}'_{\text{s}}:\text{E}/\text{S}\to \text{S};\\ &\ \ \ m不存在于\text{L}2\wedge {m}^{\prime }存在于\text{L}2\wedge m存在于\text{L}3. \end{aligned}} \right.\end{aligned} (3) 2.7.2 跨域写访问
当内核发出写数据m的写请求时,如果需要对L2 Cache进行写访问,此时将由上级一致性协议管理共享数据.
如果数据m在域内(对应域内写访问图6(a)~(e)的情况),并且位于本地L2 Cache中,状态为S,需要将其他副本中的数据写失效,考虑连贯性要求,数据访问时间为
\max ({H_{{\text{L}}2}},Inv') ,状态转换为M,副本的状态由S转换为I,如图8(a)所示;如果m的状态为M或者E,此时数据访问时间为{H_{{\text{L}}2}} ,状态转换为M,其他Cache状态不变,如图8(b)所示.如果被访问数据m不存在于域内(对应域内写访问图6(f)的情况), 存在2种可能性:1)数据m本身不存在Cache中;2)数据m存在于其他域的Cache中.如果数据m不存在Cache中, 由于域间采用写分配,首先要将数据从内存加载到L2 Cache中, 然后在L2 Cache中修改数据, 此时数据访问延迟为
{H_{{\text{L}}2}} + {L_{m \to {\text{L}}2}} ,L2 Cache的状态从I转换为M, 如图8(c)所示.如果数据存在于其他域内,数据m的状态为I,如果数据副本m'的状态为M,首先要将数据从其他域加载到本地L2中,然后修改本地L2 Cache中的数据,状态转换为M,并且要将其他副本写失效,考虑连贯性要求,数据访问延迟为
\max ({H_{{\text{L}}2}} + {L_{{\text{L}}2 \to {\text{L}}2}},Inv') ,其他副本的状态转换为I,如图8(d)所示;如果副本的状态为E或者S,此时需要将数据从L3 Cache加载到本地L2 Cache中,状态转换为M,并且要将其他副本写失效,考虑连贯性要求,数据访问延迟为\max ({H_{{\text{L}}2}} + {L_{{\text{L}}3 \to {\text{L}}2}},Inv') ,副本的状态准换为I,如图8(e)所示.如果m为M, E, S状态并且发生替换缺失时(对应域内写访问图6(f)的情况), 此时会发生Cache写缺失.首先将数据从L3 Cache加载到L2 Cache, 然后执行写操作.对于m的状态为M和E的情况, 此时数据访问延迟为
{H_{{\text{L}}2}} + {L_{{\text{L}}3 \to {\text{L}}2}} , m的状态转换为M, 如图8(f)所示;如果m的状态为S, 需要将其他副本中的数据写失效, 考虑连贯性要求, 数据访问延迟为\max ({H_{{\text{L}}2}} + {L_{{\text{L}}3 \to {\text{L}}2}},Inv') , m的状态由S变为I, 如图8(g)所示.根据以上分析,可以得出Cache跨域写访问时间和状态转换的状态更新函数:
\begin{aligned} &{{\psi }}'_{\text{W}}(m,{m}')=\\ &\left\{ {\begin{aligned} &\mathrm{max}({H}_{\text{L}2},In{v}'),{m}_{\text{s}}:\text{S}\to \text{M},{{m}}'_{\text{s}}:\text{S}\to \text{I}; \\ & \ \ \ m{存在于}\text{L}2\wedge {m}'{存在于}\text{L}2\wedge \neg \text{Replacement}.\\ &{H}_{\text{L}2},{m}_\text{s}:\text{M}/\text{E}\to \text{M},{m}'_{\text{s}}\mapsto {m}'_{\text{s}};\\ &\ \ \ m{存在于}\text{L}2\wedge {m}'{不存在于}\text{L}2\wedge \neg \text{Replacement}.\\ &{H}_{\text{L}2}+{L}_{m\to \text{L}2},{m}_{\text{s}}:\text{I}\to \text{M};\\ &\ \ \ m{不存在}\text{Cache}{中}.\\ &\mathrm{max}({H}_{\text{L}2}+{L}_{\text{L}2\to \text{L}2},In{v}'),{m}_{\text{s}}:\text{I}\to \text{M},{m}'_{\text{s}}:\text{M}\to \text{I};\\ &\ \ \ m{不存在于}\text{L}2\wedge {m}'{存在于}\text{L}2\wedge m{不存在于}\text{L}3.\\ &\mathrm{max}({H}_{\text{L}2}+{L}_{\text{L}3\to \text{L}2},In{v}'),{m}_{\text{s}}:\text{I}\to \text{M},{m}'_{\text{s}}:\text{E}/\text{S}\to \text{I};\\ &\ \ \ m{不存在于}\text{L}2\wedge {m}'{存在于}\text{L}2\wedge m{存在于}\text{L}3.\\ &{H}_{\text{L}2}+{L}_{\text{L}3\to \text{L}2},{m}_{\text{s}}:\text{M}/\text{E}\to \text{M};\\ &\ \ \ m{存在于}\text{L}2\wedge {m}'{不存在于}\text{L}2\wedge \text{Replacement}.\\ &\mathrm{max}({H}_{\text{L}2}+{L}_{\text{L}3\to \text{L}2},In{v}''),{m}_{\text{s}}:\text{S}\to \text{M},{m}'_{\text{s}}:\text{S}\to \text{I};\\ &\ \ \ m{存在于}\text{L}2\wedge {m}'{存在于}\text{L}2\wedge \text{Replacement}. \end{aligned}} \right.\end{aligned} (4) 3. 实验评估
3.1 实验参数设置
本文在实验室原有多核处理器WCET分析工具的基础上,扩展其中数据Cache的分析方法,增加了对MESI一致性协议的支持,设计并实现了一个支持Cache一致性协议的多核处理器WCET分析工具Roban.通过该工具对多核处理器进行WCET分析,并将分析结果与GEM5仿真工具模拟执行得到的时间进行对比,从而验证分析方法的有效性.
实验针对4核处理器展开分析,每2个内核组成1簇,即2个1级一致性域和1个2级一致性域,处理器存储结构参照图2,关键参数配置如表1所示.从Mälardalen大学WCET研究小组测试用例集中选取典型测试用例进行测试.
表 1 多核处理器参数配置Table 1. Parameters Configuration of Multi-Core ProcessorCache
层次结构数据访问延时/cycle 一致性
协议替换策略 L1 L2 L3 4 核, 2 簇 4 14 42 MESI LRU 注:LRU为最近最少使用(least recently used)替换策略. 3.2 实验结果与分析
实验一共分为2组,第1组Cache相联度为4路组相联,第2组Cache相联度为8路组相联.分别调整L1,L2,L3 Cache的容量,得出在不同Cache配置情况下的WCET值,结果如图9所示.
![]()
图 9 GEM5仿真结果与分析结果对比Figure 9. Comparison of GEM5 simulation results and analysis results从图9可以看出, Roban工具得到的WCET分析结果均大于GEM5仿真得到的结果,证明了本文方法的安全性.
为了验证本文方法的有效性,采用Spearman相关性分析法对图9中Roban分析结果与GEM5仿真结果进行相关性分析,得出的相关性系数矩阵如图10所示,其中横坐标为Roban分析工具对应的测试结果,纵坐标表示GEM5仿真结果.从图10中可以看出,带有数字标签的矩阵元素为相同测试用例在不同Cache参数配置情况下得到WCET结果的相关性系数,相关性系数不小于0.98,说明Roban和GEM5两种工具得出的结果显著相关,同时表明了图9中的曲线变化趋势基本一致.
![]()
图 10 GEM5与Roban相关性系数矩阵图Figure 10. Correlation coefficient matrix diagram of GEM5 and Roban为了验证本文提出分析方法的精确性,采用过估计率这一指标对分析结果进行评估,过估计率
\mathcal{R} 计算方式为\mathcal{R} = \frac{{T_{{\text{WCET}}}^{{\text{estimation}}}}}{{T_{{\text{WCET}}}^{{\text{simulation}}}}} , (5) 其中,
{{T_{{\text{WCET}}}^{{\text{estimation}}}}} 和{{T_{{\text{WCET}}}^{{\text{simulation}}}}} 分别表示WCET的估计结果和仿真结果.过估计率的统计结果如图11所示.由图11可知,本文方法分析得出的过估计率最大值为1.476,最小值为1.158,平均值为1.30,对比瑞典皇家理工学院[25]设计实现的WCET分析工具KTA(KTH’s timing analysis),其平均过估计率为2.08,本文方法的过估计率降低了0.78.
4. 结 论
本文通过分析多级一致性协议体系架构下的Cache状态转换和内存访问延迟,得出多级一致性域WCET分析方法.实验表明,本文方法能够精确估算出多核处理器任务WCET,在改变Cache配置参数的情况下,GEM5仿真结果与本文工具Roban分析结果相关性系数不低于0.98,表明本文方法分析结果的变化趋势与GEM5仿真结果一致;通过与当前分析方法进行对比,证明本文方法相比现有方法的过估计率降低了0.78.
本文在进行Cache行为分析时,将总线假设为理想状态,而在实际的一致性协议中,如果存在大量的数据交互,将会导致总线发生阻塞,在以后的工作中,应将Cache之间共享总线纳入到分析范围中,进一步提高WCET分析结果的准确性.另外本文在考虑一致性协议时仅考虑了MESI协议,而在实际工程领域存在多种一致性协议,如Intel i7使用的MESIF协议、AMD Opteron使用的MOESI协议等,在后续的工作中将针对不同的一致性协议展开分析.
作者贡献声明:朱怡安提出研究思路和指导意见;史先琛提出了算法并撰写论文;姚烨、李联负责实现算法并设计实验方案;任鹏远、董威振、李佳钰参与实验方案设计并整理实验数据.
SGX允许应用程序初始化一个Enclave,Enclave是一块硬件隔离的可信内存区域,可以为应用程序的敏感部分提供硬件增强的机密性和完整性保护,实现不同程序间的隔离运行。文献主要来自dblp数据库,此外还有部分其他在线资源。在实践中,T表通常是提前算出然后作为一个常量数组编码在密码算法软件的实现代码中。这样,就可将繁琐的运算过程变成对于计算机而言简单高效的查表和按位运算。 -
![]()
图 3 缓存侧信道攻击场景和层次的发展
Figure 3. The development of scenarios and levels of cache side-channel attacks
![]()
图 4 缓存侧信道攻击目标统计分析
Figure 4. Statistical analysis of targets of cache side-channel attacks
表 1 不同缓存侧信道攻击技术的综合比较
Table 1 Comprehensive Comparison of Cache Side-Channel Attacks
攻击方法 出现年份 攻击条件 优点 缺点 Evict-Time 2006 攻击者和目标运行在同一处理器,实现查表操作的加密算法攻击.攻击进程可以触发目标进程执行加密操作,并对目标进程加密操作时间进行测量.攻击为已知明文攻击,且通过先验测试获取目标进程T表或者S盒加载缓存空间 只需要测试加密操作整体时间 不适用于实际攻击场景,需要多次测试 Prime-Probe 2006 攻击进程需要精确把握“等待”间隔,才能准确监测目标进程缓存变化;攻击进程需要事先测好缓存命中的阈值,以便精确判断 细粒度的监测,可以基于缓存组粒度来监测 需提前对缓存状态进行建模,噪声较多,需要多次测试获取缓存状态 Flush-Reload 2014 攻击进程和目标进程共享内存,且支持clflush指令.需要提前对程序地址空间进行分析(反汇编等),获取目标函数地址 细粒度的监测,可以进行函数粒度的监控,干扰较少 需要在共享内存的前提下攻击,攻击条件较为苛刻 Evict-Reload 2015 属于Flush-Reload攻击变种,在限制clflush指令的场景中可以利用Evict-Reload方法实现攻击,需要了解缓存映射和替换策略 与Flush-Reload攻击相比,不受clflush指令的限制 需要在共享内存的前提下攻击,攻击条件较为苛刻 Flush-Flush 2016 属于Flush-Reload攻击变种,攻击进程和目标进程共享内存,需支持clflush指令 与Flush-Reload相比,具有更快速和更隐蔽的特点.细粒度的监测,可以进行函数粒度的监控,干扰较少 需要在共享内存的前提下攻击,攻击条件较为苛刻 Prime-Abort 2017 基于Intel TSX的非计时攻击,攻击者需要将要监控的内存空间利用TSX机制保护起来,当目标监控的缓存集中有缓存换出,触发Abort事件发生 不受高精度计数器的限制,在不具有计时分析条件的场景下也可以实现攻击,不依赖中断保持攻击者进程与目标进程同步 依赖于硬件TSX机制 Reload-Refresh 2020 需要知道处理器的缓存替换策略和要监控的目标地址在缓存中的位置,能够构造出该目标地址的驱逐集,并且攻击者和受害者在同一处理器上运行 不需要强制驱逐受害者缓存数据,攻击隐蔽性强 需要在共享内存和明确缓存替换策略的前提下攻击,攻击条件较为苛刻 
下载: 导出CSV
-
[1] Kocher P C. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems[C] //Proc of the 16th Annual Int Cryptology Conf on Advances in Cryptology. Berlin: Springer, 1996: 104−113
[2] Zhang Yinqian. Cache side channels: State of the art and research opportunities[C] //Proc of the 24th ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2017: 2617−2619
[3] Acıiçmez O, Schindler W, Koç Ç K. Cache based remote timing attack on the AES[C] //Proc of the 7th Cryptographers’ Track at the RSA Conf on Topics in Cryptology. Berlin: Springer, 2007: 271−286
[4] Bernstein D J. Cache-timing attacks on AES[EB/OL]. [2021-05-27]. http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=01774A09A6B2A49EC3AAB74B4EC8705B?doi=10.1.1.67.1622&rep=rep1&type=pdf
[5] Weiß M, Heinz B, Stumpf F. A cache timing attack on AES in virtualization environments[C] //Proc of the 16th Int Conf on Financial Cryptography and Data Security. Berlin: Springer, 2012: 314−328
[6] Aciiçmez O, Koç Ç K. Trace-driven cache attacks on AES[C] //Proc of the 8th Int Conf on Information & Communications Security. Berlin: Springer, 2006: 112−121
[7] Zhang Yinqian, Juels A, Reiter M K, et al. Cross-VM side channels and their use to extract private keys[C] //Proc of the 19th ACM Conf on Computer and Communications Security. New York: ACM, 2012: 305−316
[8] Osvik D A, Shamir A, Tromer E. Cache attacks and countermeasures: The case of AES[C] //Proc of the 6th Topics in Cryptology—the Cryptographers’ Track at the RSA Conf. Berlin: Springer, 2006: 1−20
[9] Percival C. Cache missing for fun and profit[C/OL]. [2021-05-27]. http://css.csail.mit.edu/6.858/2014/readings/ht-cache.pdf
[10] Ristenpart T, Tromer E, Shacham H, et al. Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds[C] //Proc of the 16th ACM Conf on Computer and Communications Security. New York: ACM, 2009: 199−212
[11] Gullasch D, Bangerter E, Krenn S. Cache games: Bringing access-based cache attacks on AES to practice[C] //Proc of the 32nd IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2011: 490−505
[12] Bryant R E, O'Hallaron D R. Computer Systems: A Programmer’s Perspective[M]. 2nd ed. New York: Addison-Wesley Educational Publishers Inc, 2010
[13] Gras B, Razavi K, Bos H, et al. Translation leak-aside buffer defeating cache side-channel protections with TLB attacks[C] //Proc of the 27th USENIX Security Symp. Berkeley, CA: USENIX Association, 2018: 955−972
[14] Disselkoen C, Kohlbrenner D, Porter L. Prime+abort: A timer-free high-precision L3 cache attack using Intel TSX[C] //Proc of the 26th USENIX Security Symp. Berkeley, CA: USENIX Association, 2017: 51−67
[15] Lipp M, l Schwarz M, Gruss D, et al. Meltdown: Reading kernel memory from user space[C] //Proc of the 27th USENIX Security Symp. Berkeley, CA: USENIX Association, 2018: 973−990
[16] Paul K, Daniel G, Daniel G, et al. Spectre attacks: Exploiting speculative execution[J]. arXiv preprint, arXiv: 1801.01203, 2018
[17] Lenovo. Reading privileged memory with a side-channel[EB/OL]. [2021-05-27]. https://support.lenovo.com/us/en/solutions/ps500151-reading-privileged-memory-with-a-side-channel
[18] Intel. Speculative store bypass[EB/OL]. [2021-05-27]. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/speculative-store-bypass.html
[19] Intel. Q3 2018 speculative execution side channel update[EB/OL]. [2021-05-27]. https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
[20] Kiriansky V, Waldspurger C. Speculative buffer overflows: Attacks and defenses[J]. arXiv preprint, arXiv: 1807.03757, 2018
[21] Koruyeh E M, Khasawneh K N, Song Chengyu, et al. Spectre returns! Speculation attacks using the return stack buffer[C/OL]. [2021-05-27]. https://www.usenix.org/system/files/conference/woot18/woot18-paper-koruyeh.pdf
[22] Yarom Y, Falkner K. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack[C] //Proc of the 23rd USENIX Security Symp. Berkeley, CA: USENIX Association, 2014: 719–732
[23] Page D. Theoretical use of cache memory as a cryptanalytic side-channel[J/OL]. [2021-05-25]. http://eprint.iacr.org/2002/169
[24] Kelsey J, Schneier B, Wagner D, et al. Side channel cryptanalysis of product ciphers[C] //Proc of the 5th European Symp on Research in Computer Security. Berlin: Springer, 1998: 97–110
[25] Irazoqui G, Eisenbarth T, Sunar B. Cross processor cache attacks[C] //Proc of the 11th ACM on Asia Conf on Computer and Communications Security. New York: ACM, 2016: 353–364
[26] Lipp M, Gruss D, Spreitzer R, et al. ARMageddon: Last-level cache attacks on mobile devices[C] //Proc of the 25th USENIX Security Symp. Berkeley, CA: USENIX Association, 2016: 549–564
[27] Intel. Intel software guard extensions[EB/OL]. [2021-05-27].https://software.intel.com/content/www/cn/zh/develop/topics/software-guard-extensions.html
[28] Brasser F, Müller U, Dmitrienko A, et al. Software grand exposure: SGX cache attacks are practical[C/OL]. [2021-05-25]. https://arxiv.org/abs/1702.07521
[29] Schwarz M, Weiser S, Gruss D, et al. Malware guard extension: Using SGX to conceal cache attacks[C] //Proc of the 13th Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment. Berlin: Springer, 2017: 3–24
[30] Hähnel M, Cui Weidong, Peinado M. High-resolution side channels for untrusted operating systems[C] //Proc of the 26th USENIX Annual Technical Conf. Berkeley, CA: USENIX Association, 2017: 299–312
[31] Moghimi A, Irazoqui G, Eisenbarth T. CacheZoom: How SGX amplifies the power of cache attacks[C] //Proc of the 19th Int Conf on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2017: 69–90
[32] Xu Yuanzhong, Cui Weidong, Peinado M. Controlled-channel attacks: Deterministic side channels for untrusted operating systems[C] //Proc of the 36th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2015: 640–656
[33] Bulck J V, Weichbrodt N, Kapitza R, et al. Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution[C] //Proc of the 26th USENIX Security Symp. Berkeley, CA: USENIX Association, 2017: 1041–1056
[34] Lee S, Shih MW, Gera P, et al. Inferring fine-grained control flow inside SGX enclaves with branch shadowing[C] //Proc of the 26th USENIX Security Symp. Berkeley, CA: USENIX Association, 2017: 556–574
[35] Pessl P, Gruss D, Maurice C, et al. DRAMA: Exploiting DRAM addressing for cross-CPU attacks[C] //Proc of the 24th USENIX Security Symp. Berkeley, CA: USENIX Association, 2015: 564–581
[36] Wang Wenhao, Chen Guoxing, Pan Xiaorui, et al. Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX[C] //Proc of the 24th ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2017: 2421–2434
[37] Schaik S V, Milburn A, Österlund S, et al. RIDL: Rogue in-flight data load[C] //Proc of the 40th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2019: 88–105
[38] Schwarz M, Lipp M, Moghimi D, et al. ZombieLoad: Cross-privilege-boundary data sampling[C] //Proc of the 26th ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2019: 753–768
[39] Schaik S V, Minkin M, Kwong A, et al. CacheOut: Leaking data on Intel CPUs via cache evictions[EB/OL]. [2021-10-05]. https://cacheoutattack.com/files/CacheOut.pdf
[40] Schaik S V, Kwong A, Genkin D, et al. SGAxe: How SGX fails in practice[EB/OL]. [2021-10-05]. https://cacheoutattack.com/files/SGAxe.pdf
[41] Bulck J V, Minkin Ma, Weisse O, et al. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution[C] //Proc of the 27th USENIX Security Symp. Berkeley, CA: USENIX Association, 2018: 991–1008
[42] Chen Guoxing, Chen Sanchuan, Xiao Yuan, et al. SgxPectre: Stealing Intel secrets from SGX enclaves via speculative execution[C] //Proc of the 4th IEEE European Symp on Security and Privacy. Piscataway, NJ: IEEE, 2019: 142–157
[43] Aciiçmez O. Yet another micro architectural attack: Exploiting I-Cache[C] //Proc of the 1st ACM Workshop on Computer Security Architecture. New York: ACM, 2007: 11–18
[44] Aciicmez O, Schindler W. A major vulnerability in RSA implementations due to microarchitectural analysis threat[J/OL]. [2021-05-27]. http://eprint.iacr.org/2007/336
[45] Acıiçmez O, Brumley B B, Grabher P. New results on instruction cache attacks[C] //Proc of the 12th Int Conf on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2010: 110–124
[46] Neve M, Seifert J P. Advances on access-driven cache attacks on AES[C] //Proc of the 13th Int Workshop on Selected Areas in Cryptography. Berlin: Springer, 2006: 147–162
[47] Benger N, Pol J, Smart N P, et al. “Ooh aah. . . Just a little bit”: A small amount of side channel can go a long way[C] //Proc of the 16th Int Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2014: 75–92
[48] Yarom Y, Benger N. Recovering OpenSSL ECDSA nonces using the FLUSH+RELOAD cache side-channel attack[J/OL]. [2021-05-27]. https://eprint.iacr.org/2014/140.pdf
[49] Zhang Yinqian, Juels A, Reiter M K, et al. Cross-tenant side-channel attacks in PaaS clouds[C] //Proc of the 21st ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2014: 990–1003
[50] Inci M S, Gulmezoglu B, Irazoqui Go, et al. Seriously, get off my cloud! Cross-VM RSA key recovery in a public cloud[J/OL]. [2021-05-27]. https://eprint.iacr.org/2015/898
[51] Apecechea G I, Eisenbarth T, Sunar B. S$A: A shared cache attack that works across cores and defies VM sandboxing and its application to AES[C] //Proc of the 36th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE 2015: 591–604
[52] Zhang Xiaokuan, Xiao Yuan, Zhang Yinqian. Return-oriented Flush-Reload side channels on ARM and their implications for Android devices[C] //Proc of the 23rd ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2016: 858–870
[53] Oren Y, Kemerlis V P, Sethumadhavan S, et al. The spy in the sandbox: Practical cache attacks in JavaScript and their implications[C] //Proc of the 22nd ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2015: 1406–1418
[54] Liu Fangfei, Yarom Y, Ge Qian, et al. Last-level cache side-channel attacks are practical[C] //Proc of the 36th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2015: 605–622
[55] Gruss D, Spreitzer R, Mangard S. Cache template attacks: Automating attacks on inclusive last-level caches[C] //Proc of the 24th USENIX Security Symp. Berkeley, CA: USENIX Association, 2015: 897–912
[56] Kayaalp M, Abu-Ghazaleh N, Ponomarev D. A high-resolution side-channel attack on last-level cache[C/OL]. [2021-05-25]. https://dl.acm.org/doi/10.1145/2897937.2897962
[57] Gras B, Razavi K, Bosman E, et al. ASLR on the line: Practical cache attacks on the MMU[C/OL]. [2021-05-26]. https://www.ndss-symposium.org/wp-content/uploads/2017/09/ndss2017_09-1_Gras_paper.pdf
[58] Schaik S V, Giuffrida C, Bos H, et al. Malicious management unit: Why stopping cache attacks in software is harder than you think[C] //Proc of the 27th USENIX Security Symp. Berkeley, CA: USENIX Association, 2018: 937–954
[59] Canella C, Genkin D, Giner L, et al. Fallout: Leaking data on meltdown-resistant CPUs[C] //Proc of the 26th ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2019: 769–784
[60] Yan Mengjia, Sprabery R, Gopireddy B, et al. Attack directories, not caches: Side channel attacks in a non-inclusive world[C] //Proc of the 40th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2019: 888–904
[61] Zhou Yongbin , Feng Dengguo. Side-channel attacks: Ten years after its publication and the impacts on cryptographic module security testing[J/OL]. [2021-05-27]. https://eprint.iacr.org/2005/388.pdf
[62] Irazoqui G, Inci M S, Eisenbarth T, et al. Wait a minute! A fast, cross-VM attack on AES[C] //Proc of the 17th Int Workshop on Recent Advances in Intrusion Detection. Berlin: Springer, 2014: 299–319
[63] Tromer E, Osvik D A, Shamir A. Efficient cache attacks on AES and countermeasures[J]. Journal of Cryptology, 2010, 23(1): 37−71 doi: 10.1007/s00145-009-9049-y
[64] Tóth R, Faigl Z, Szalay M, et al. An advanced timing attack scheme on RSA[C] //Proc of the 13th Int Telecommunications Network Strategy and Planning Symp. Piscataway, NJ: IEEE, 2008: 1–24
[65] Hund R, Willems Ca, Holz T. Practical timing side channel attacks against kernel space ASLR[C] //Proc of the 34th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2013: 191–205
[66] Evtyushkin D, Ponomarev D, Abu-Ghazaleh N. Jump over ASLR: Attacking branch predictors to bypass ASLR[C] //Proc of the 49th IEEE/ACM Int Symp on Microarchitecture. Piscataway, NJ: IEEE, 2016: 40:1–40:13
[67] Irazoqui G, Inci M S, Eisenbarth T, et al. Know thy neighbor: Crypto library detection in cloud[J]. Proceedings on Privacy Enhancing Technologies, 2015, 2015(1): 25−40 doi: 10.1515/popets-2015-0003
[68] Shusterman A, Kang L, Haskal Y, et al. Robust website fingerprinting through the cache occupancy channel[C] //Proc of the 28th USENIX Security Symp. Berkeley, CA: USENIX Association, 2019: 639–656
[69] Gruss D, Clémentine M, Wagner K, et al. Flush+Flush: A fast and stealthy cache attack[C] //Proc of the 13th Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment. Berlin: Springer, 2016: 279–299
[70] Intel. Intel development manual[EP/OL]. [2021-05-27]. https://software.intel.com/en-us/download/intel-64-and-ia-32-architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4
[71] Briongos S, Malagón P, Moya J M, et al. RELOAD+REFRESH: Abusing cache replacement policies to perform stealthy cache attacks[C] //Proc of the 29th USENIX Security Symp. Berkeley, CA: USENIX Association, 2020: 1966–1984
[72] Zhang Yinqian, Juels A, Oprea A, et al. HomeAlone: Co-residency detection in the cloud via side-channel analysis[C] //Proc of the 32nd IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2011: 313–328
[73] Demme J, Maycock M, Schmitz J, et al. On the feasibility of online malware detection with performance counters[C] //Proc of the 40th Annual Int Symp on Computer Architecture. New York: ACM, 2013: 559–570
[74] Chiappetta M, Savas E, Yilmaz C. Real time detection of cache-based side-channel attacks using hardware performance counters[J]. Applied Soft Computing, 2016, 49(C): 1162−1174
[75] Zhang Tianwei, Zhang Yinqian, Lee R B. CloudRadar: A real-time side-channel attack detection system in clouds[C] //Proc of the 19th Int Symp on Research in Attacks, Intrusions, and Defenses. Berlin: Springer, 2016: 118–140
[76] Chen Jie, Venkataramani G. CC-Hunter: Uncovering covert timing channels on shared processor hardware[C] //Proc of the 47th Annual IEEE/ACM Int Symp on Microarchitecture. Piscataway, NJ: IEEE, 2014: 216–228
[77] Guo Shengjian, Chen Yueqi, Li Peng, et al. SpecuSym: Speculative symbolic execution for cache timing leak detection[C] //Proc of the 42nd ACM/IEEE Int Conf on Software Engineering. New York: ACM, 2020: 1235–1247
[78] Kim H, Hahn C, Hur J. Real-time detection of cache side-channel attack using non-cache hardware events[C] //Proc of the 35th Int Conf on Information Networking. Piscataway, NJ: IEEE. 2021: 28–31
[79] Chen Guoxing, Wang Wenhao, Chen Tianyu, et al. Racing in hyperspace: Closing hyper-threading side channels on SGX with contrived data races[C] //Proc of the 39th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2018: 178–194
[80] Chen Sanchuan, Liu Fangfei, Mi Zeyu, et al. Leveraging hardware transactional memory for cache side-channel defenses[C] //Proc of the 13th on Asia Conf on Computer and Communications Security. New York: ACM, 2018: 601–608
[81] Chen Sanchuan, Zhang Xiaokuan, Reiter M K, et al. Detecting privileged side-channel attacks in shielded execution with Déjà Vu[C] //Proc of the 12th Asia Conf on Computer and Communications Security. New York: ACM, 2017: 7–18
[82] Shih M W, Lee S, Kim T, et al. T-SGX: Eradicating controlled-channel attacks against enclave programs[C/OL]. [2021-05-27]. https://www.ndss-symposium.org/wp-content/uploads/2017/09/ndss2017_07-2_Shih_paper.pdf
[83] Page D. Partitioned cache architecture as a aide-channel defence mechanism[J/OL]. [2021-05-27]. https://eprint.iacr.org/2005/280
[84] Wang Zhenghong, Lee R B. New cache designs for thwarting software cache-based side channel attacks[C] //Proc of the 34th Annual Int Symp on Computer Architecture. Piscataway, NJ: IEEE, 2007: 494–505
[85] Kong Jingfei, Aciiçmez O, Seifert J, et al. Hardware-software integrated approaches to defend against software cache-based side channel attacks[C] //Proc of the 15th Int Conf on High Performance Computer Architecture. Piscataway, NJ: IEEE, 2009: 393–404
[86] Zhou Ziqiao, Reiter M K, Zhang Yinqian. A software approach to defeating side channels in last-level caches[C] //Proc of the 23rd ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2016: 871–882
[87] Liu Fangfei, Ge Qian, Yarom Y, et al. CATalyst: Defeating last-level cache side channel attacks in cloud computing[C]//Proc of the 22nd IEEE Int Symp on High Performance Computer Architecture. Piscataway, NJ: IEEE, 2016: 406–418
[88] Yan Mengjia, Gopireddy B, Shull T, et al. Secure hierarchy-aware cache replacement policy (SHARP): Defending against cache-based side channel attacks[C] //Proc of the 44th Annual Int Symp on Computer Architecture. New York: ACM, 2017: 347–360
[89] Werner M, Unterluggauer T, Giner L, et al. SCATTERCACHE: Thwarting cache attacks via cache set randomization[C] //Proc of the 28th USENIX Security Symp. Berkeley, CA: USENIX Association, 2019: 675–692
[90] Raj H, Nathuji R, Singh A, et al. Resource management for isolation enhanced cloud services[C] //Proc of the 1st ACM Workshop on Cloud Computing Security. New York: ACM, 2009: 77–84
[91] Shi Jicheng, Song Xiang, Chen Haibo, et al. Limiting cache-based side channel in multi-tenant cloud using dynamic page coloring[C] //Proc of the 41st IEEE/IFIP Int Conf on Dependable Systems and Networks Workshops. Piscataway, NJ: IEEE, 2011: 194–199
[92] Kim T, Peinado M, Mainar-Ruiz G. STEALTHMEM: System-level protection against cache-based side channel attacks in the cloud[C] //Proc of the 21st USENIX Security Symp. Berkeley, CA: USENIX Association, 2012: 189–204
[93] Liu Fangfei, Lee R B. Random fill cache architecture[C] //Proc of the 47th Annual IEEE/ACM Int Symp on Microarchitecture. Piscataway, NJ: IEEE, 2014: 203–215
[94] Crane S, Homescu A, Brunthaler S, et al. Thwarting cache side-channel attacks through dynamic software diversity[C/OL]. [2021-05-27]. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.714.3408&rep=rep1&type=pdf
[95] Rane A, Lin C, Tiwari M. Raccoon: Closing digital side-channels through obfuscated execution[C] //Proc of the 24th USENIX Security Symp. Berkeley, CA: USENIX Association, 2015: 431–446
[96] Vattikonda B C, Das S, Shacham H. Eliminating fine grained timers in Xen[C] //Proc of the 3rd ACM Cloud Computing Security Workshop. New York: ACM, 2011: 41–46
[97] Martin R, Demme J, Sethumadhavan S. TimeWarp: Rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks[C] //Proc of the 39th Int Symp on Computer Architecture. Piscataway, NJ: IEEE, 2012: 118–129
[98] Andrysco M, Kohlbrenner D, Mowery K, et al. On subnormal floating point and abnormal timing[C] //Proc of the 36th IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2015: 623–639
[99] Doychev G, Köpf B, Mauborgne L, et al. CacheAudit: A tool for the static analysis of cache side channels[J]. ACM Transactions on Information & System Security, 2015, 18(1): 4:1−4:32
[100] Wang Shuai, Bao Yuyan, Liu Xiao, et al. Identifying cache-based side channels through secret-augmented abstract interpretation[C] //Proc of the 28th USENIX Security Symp. Berkeley, CA: USENIX Association, 2019: 657–674
[101] Hassan S U, Gridin I, Delgado-Lozano I M, et al. Déjà vu: Side-channel analysis of Mozilla’s NSS[C] //Proc of the 27th ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2020: 1887–1902
[102] Gras B, Giuffrida C, Kurth M, et al. ABSynthe: Automatic blackbox side-channel synthesis on commodity microarchitectures[C/OL]. [2021-05-28]. https://www.ndss-symposium.org/wp-content/uploads/2020/02/23018-paper.pdf
[103] Andrea M, Neugschwandtner M, Sorniotti A, et al. Speculator: A tool to analyze speculative execution attacks and mitigations[C] //Proc of the 35th Annual Computer Security Applications Conf. New York: ACM, 2019: 747–761
[104] Yu Jiyong, Hsiung L, Hajj M E, et al. Data oblivious ISA extensions for side channel-resistant and high performance computing[C/OL]. [2021-05-28]. https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_05B-4_Yu_paper.pdf
[105] Koruyeh E M, Shirazi S, Khasawneh K N, et al. SpecCFI: Mitigating spectre attacks using CFI informed speculation[C] //Proc of the 41st IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2020: 39–53
[106] Gruss D, Lettner J, Schuster F, et al. Strong and efficient cache side- channel protection using hardware transactional memory[C] //Proc of the 26th USENIX Security Symp. Berkeley, CA: USENIX Association, 2017: 217–233
[107] Weiser S, Mayr L, Schwarz M, et al. SGXJail: Defeating enclave malware via confinement[C] //Proc of the 22nd Int Symp on Research in Attacks, Intrusions, and Defenses. Berkeley, CA: USENIX Association, 2019: 353–366
[108] Ahmad A, Joe B, Xiao Yuan, et al. OBFUSCURO: A commodity obfuscation engine on Intel SGX[C/OL]. [2021-05-27]. https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_10-1_Ahmad_paper.pdf
[109] Weichbrodt N, Aublin PL, Kapitza R. SGX-perf: A performance analysis tool for Intel SGX enclaves[C] //Proc of the 19th Int Middleware Conf. New York: ACM, 2018: 201–213
[110] Green M, Rodrigues-Lima L, Zankl A, et al. AutoLock: Why cache attacks on ARM are harder than you think[C] //Proc of the 26th USENIX Security Symp. Berkeley, CA: USENIX Association, 2017: 1075–1091
[111] Intel. 6th Gen Intel Core X-Series Processor Family Datasheet[EP/OL]. [2021-05-26]. https://www.intel.com/content/www/us/en/products/processors/core/6thgen-x-series-datasheet-vol-1.html
-
期刊类型引用(6)
1. 李萍,王昕. 控制网络节点可重构无线通讯协议性能仿真. 计算机仿真. 2021(04): 129-133 . 
百度学术
2. 陈亮,李峰,任保全,杨建喜. 软件定义物联网研究综述. 电子学报. 2021(05): 1019-1032 . 百度学术
3. 谢可,郭文静,祝文军,张楠,琚贇. 面向电力物联网海量终端接入技术研究综述. 电力信息与通信技术. 2021(09): 57-69 . 百度学术
4. 张淑清. 基于哈希计算的大数据冗余消除算法设计. 微型电脑应用. 2021(12): 68-70 . 百度学术
5. 彭新玉. 基于未来网络关键技术的工业互联网平台方案研究及应用. 通讯世界. 2020(01): 37-38 . 百度学术
6. 刘思,张德干,刘晓欢,张婷,吴昊. 一种基于判定区域的AODV路由的自适应修复算法. 计算机研究与发展. 2020(09): 1898-1910 . 本站查看
其他类型引用(3)
计量
- 文章访问数: 374
- HTML全文浏览量: 35
- PDF下载量: 168
- 被引次数: 9
