NetCAT: Practical cache attacks from the network
| Autor: | Kaveh Razavi, Cristiano Giuffrida, Michael Kurth, Herbert Bos, Dennis Andriesse, Ben Gras |
|---|---|
| Přispěvatelé: | Systems and Network Security, Network Institute, Computer Systems, Computer Science |
| Jazyk: | angličtina |
| Rok vydání: | 2020 |
| Předmět: |
010302 applied physics
Random access memory SDG 16 - Peace Computer science business.industry SDG 16 - Peace Justice and Strong Institutions 02 engineering and technology 01 natural sciences Justice and Strong Institutions Microarchitecture Network interface controller Server 0103 physical sciences 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Central processing unit Cache business Direct memory access Computer network |
| Zdroj: | 2020 IEEE Symposium on Security and Privacy (SP): Proceedings, 20-38 STARTPAGE=20;ENDPAGE=38;TITLE=2020 IEEE Symposium on Security and Privacy (SP) Kurth, M, Gras, B, Andriesse, D, Giuffrida, C, Bos, H & Razavi, K 2020, NetCAT: Practical cache attacks from the network . in 2020 IEEE Symposium on Security and Privacy (SP) : Proceedings ., 9152768, Proceedings-IEEE Symposium on Security and Privacy, vol. 2020-May, Institute of Electrical and Electronics Engineers Inc., pp. 20-38, 41st IEEE Symposium on Security and Privacy, SP 2020, San Francisco, United States, 18/05/20 . https://doi.org/10.1109/SP40000.2020.00082 2020 IEEE Symposium on Security and Privacy (SP) IEEE Symposium on Security and Privacy |
| DOI: | 10.1109/SP40000.2020.00082 |
| Popis: | Increased peripheral performance is causing strain on the memory subsystem of modern processors. For example, available DRAM throughput can no longer sustain the traffic of a modern network card. Scrambling to deliver the promised performance, instead of transferring peripheral data to and from DRAM, modern Intel processors perform I/O operations directly on the Last Level Cache (LLC). While Direct Cache Access (DCA) instead of Direct Memory Access (DMA) is a sensible performance optimization, it is unfortunately implemented without care for security, as the LLC is now shared between the CPU and all the attached devices, including the network card.In this paper, we reverse engineer the behavior of DCA, widely referred to as Data-Direct I/O (DDIO), on recent Intel processors and present its first security analysis. Based on our analysis, we present NetCAT, the first Network-based PRIME+PROBE Cache Attack on the processor's LLC of a remote machine. We show that NetCAT not only enables attacks in cooperative settings where an attacker can build a covert channel between a network client and a sandboxed server process (without network), but more worryingly, in general adversarial settings. In such settings, NetCAT can enable disclosure of network timing-based sensitive information. As an example, we show a keystroke timing attack on a victim SSH connection belonging to another client on the target server. Our results should caution processor vendors against unsupervised sharing of (additional) microarchitectural components with peripherals exposed to malicious input. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|