A benchmark suite for evaluating caches' vulnerability to timing attacks

Shuwen Deng; Wenjie Xiong; Jakub Szefer

doi:10.1145/3373376.3378510

A benchmark suite for evaluating caches' vulnerability to timing attacks

Shuwen Deng, Wenjie Xiong, Jakub Szefer

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

20 Scopus citations

Abstract

Based on improvements to an existing three-step model for cache timing-based attacks, this work presents 88 Strong types of theoretical timing-based vulnerabilities in processor caches. It also presents and implements a new benchmark suite that can be used to test if processor cache is vulnerable to one of the attacks. In total, there are 1094 automatically-generated test programs which cover the 88 Strong theoretical vulnerabilities. The benchmark suite generates the Cache Timing Vulnerability Score (CTVS) which can be used to evaluate how vulnerable a specific cache implementation is to different attacks. A smaller CTVS means the design is more secure. Evaluation is conducted on commodity Intel and AMD processors and shows how the differences in processor implementations can result in different types of attacks that they are vulnerable to. Further, the benchmarks and the CTVS can be used in simulation to help designers of new secure processors and caches evaluate their designs' susceptibility to cache timing-based attacks.

Original language	English (US)
Title of host publication	ASPLOS 2020 - 25th International Conference on Architectural Support for Programming Languages and Operating Systems
Publisher	Association for Computing Machinery
Pages	683-697
Number of pages	15
ISBN (Electronic)	9781450371025
DOIs	https://doi.org/10.1145/3373376.3378510
State	Published - Mar 9 2020
Event	25th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2020 - Lausanne, Switzerland Duration: Mar 16 2020 → Mar 20 2020

Publication series

Name	International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

Conference

Conference	25th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2020
Country/Territory	Switzerland
City	Lausanne
Period	3/16/20 → 3/20/20

Funding

We would like to thank the anonymous reviewers for their valuable feedback. This work was supported by NSF grants 1651945 and 1813797, and through SRC award number 2844.001.

Keywords

Benchmark
Caches
Security
Timing attacks

ASJC Scopus subject areas

Software
Information Systems
Hardware and Architecture

Access to Document

10.1145/3373376.3378510

Cite this

Deng, S., Xiong, W., & Szefer, J. (2020). A benchmark suite for evaluating caches' vulnerability to timing attacks. In ASPLOS 2020 - 25th International Conference on Architectural Support for Programming Languages and Operating Systems (pp. 683-697). (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS). Association for Computing Machinery. https://doi.org/10.1145/3373376.3378510

Deng, Shuwen ; Xiong, Wenjie ; Szefer, Jakub. / A benchmark suite for evaluating caches' vulnerability to timing attacks. ASPLOS 2020 - 25th International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery, 2020. pp. 683-697 (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS).

@inproceedings{8ba701196a7347acae43d4a41372ccb7,

title = "A benchmark suite for evaluating caches' vulnerability to timing attacks",

abstract = "Based on improvements to an existing three-step model for cache timing-based attacks, this work presents 88 Strong types of theoretical timing-based vulnerabilities in processor caches. It also presents and implements a new benchmark suite that can be used to test if processor cache is vulnerable to one of the attacks. In total, there are 1094 automatically-generated test programs which cover the 88 Strong theoretical vulnerabilities. The benchmark suite generates the Cache Timing Vulnerability Score (CTVS) which can be used to evaluate how vulnerable a specific cache implementation is to different attacks. A smaller CTVS means the design is more secure. Evaluation is conducted on commodity Intel and AMD processors and shows how the differences in processor implementations can result in different types of attacks that they are vulnerable to. Further, the benchmarks and the CTVS can be used in simulation to help designers of new secure processors and caches evaluate their designs' susceptibility to cache timing-based attacks.",

keywords = "Benchmark, Caches, Security, Timing attacks",

author = "Shuwen Deng and Wenjie Xiong and Jakub Szefer",

note = "Publisher Copyright: {\textcopyright} 2020 Copyright held by the owner/author(s). Publication rights licensed to ACM.; 25th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2020 ; Conference date: 16-03-2020 Through 20-03-2020",

year = "2020",

month = mar,

day = "9",

doi = "10.1145/3373376.3378510",

language = "English (US)",

series = "International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS",

publisher = "Association for Computing Machinery",

pages = "683--697",

booktitle = "ASPLOS 2020 - 25th International Conference on Architectural Support for Programming Languages and Operating Systems",

}

Deng, S, Xiong, W & Szefer, J 2020, A benchmark suite for evaluating caches' vulnerability to timing attacks. in ASPLOS 2020 - 25th International Conference on Architectural Support for Programming Languages and Operating Systems. International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS, Association for Computing Machinery, pp. 683-697, 25th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2020, Lausanne, Switzerland, 3/16/20. https://doi.org/10.1145/3373376.3378510

A benchmark suite for evaluating caches' vulnerability to timing attacks. / Deng, Shuwen; Xiong, Wenjie; Szefer, Jakub.
ASPLOS 2020 - 25th International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery, 2020. p. 683-697 (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A benchmark suite for evaluating caches' vulnerability to timing attacks

AU - Deng, Shuwen

AU - Xiong, Wenjie

AU - Szefer, Jakub

PY - 2020/3/9

Y1 - 2020/3/9

N2 - Based on improvements to an existing three-step model for cache timing-based attacks, this work presents 88 Strong types of theoretical timing-based vulnerabilities in processor caches. It also presents and implements a new benchmark suite that can be used to test if processor cache is vulnerable to one of the attacks. In total, there are 1094 automatically-generated test programs which cover the 88 Strong theoretical vulnerabilities. The benchmark suite generates the Cache Timing Vulnerability Score (CTVS) which can be used to evaluate how vulnerable a specific cache implementation is to different attacks. A smaller CTVS means the design is more secure. Evaluation is conducted on commodity Intel and AMD processors and shows how the differences in processor implementations can result in different types of attacks that they are vulnerable to. Further, the benchmarks and the CTVS can be used in simulation to help designers of new secure processors and caches evaluate their designs' susceptibility to cache timing-based attacks.

AB - Based on improvements to an existing three-step model for cache timing-based attacks, this work presents 88 Strong types of theoretical timing-based vulnerabilities in processor caches. It also presents and implements a new benchmark suite that can be used to test if processor cache is vulnerable to one of the attacks. In total, there are 1094 automatically-generated test programs which cover the 88 Strong theoretical vulnerabilities. The benchmark suite generates the Cache Timing Vulnerability Score (CTVS) which can be used to evaluate how vulnerable a specific cache implementation is to different attacks. A smaller CTVS means the design is more secure. Evaluation is conducted on commodity Intel and AMD processors and shows how the differences in processor implementations can result in different types of attacks that they are vulnerable to. Further, the benchmarks and the CTVS can be used in simulation to help designers of new secure processors and caches evaluate their designs' susceptibility to cache timing-based attacks.

KW - Benchmark

KW - Caches

KW - Security

KW - Timing attacks

UR - http://www.scopus.com/inward/record.url?scp=85082385009&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85082385009&partnerID=8YFLogxK

U2 - 10.1145/3373376.3378510

DO - 10.1145/3373376.3378510

M3 - Conference contribution

AN - SCOPUS:85082385009

T3 - International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS

SP - 683

EP - 697

BT - ASPLOS 2020 - 25th International Conference on Architectural Support for Programming Languages and Operating Systems

PB - Association for Computing Machinery

T2 - 25th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2020

Y2 - 16 March 2020 through 20 March 2020

ER -

Deng S, Xiong W, Szefer J. A benchmark suite for evaluating caches' vulnerability to timing attacks. In ASPLOS 2020 - 25th International Conference on Architectural Support for Programming Languages and Operating Systems. Association for Computing Machinery. 2020. p. 683-697. (International Conference on Architectural Support for Programming Languages and Operating Systems - ASPLOS). doi: 10.1145/3373376.3378510

A benchmark suite for evaluating caches' vulnerability to timing attacks

Abstract

Publication series

Conference

Funding

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this