Skip to main content
Log in

A survey of microarchitectural timing attacks and countermeasures on contemporary hardware

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Microarchitectural timing channels expose hidden hardware states though timing. We survey recent attacks that exploit microarchitectural features in shared hardware, especially as they are relevant for cloud computing. We classify types of attacks according to a taxonomy of the shared resources leveraged for such attacks. Moreover, we take a detailed look at attacks used against shared caches. We survey existing countermeasures. We finally discuss trends in attacks, challenges to combating them, and future directions, especially with respect to hardware support.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

References

  1. Acıiçmez, O.: Yet another microarchitectural attack: exploiting I-cache. In: ACM Computer Security Architecture Workshop (CSAW), Fairfax, VA, US (2007)

  2. Acıiçmez, O., Koç, Ç.K.: Trace-driven cache attacks on AES (short paper). In: International Conference on Information and Communications Security (ICICS), pp. 112–121, Raleigh, NC, US (2006)

  3. Acıiçmez, O., Koç, Ç.K.: Microarchitectural attacks and countermeasures. In: Cryptographic Engineering, pp. 475–504 (2009)

  4. Acıiçmez, O., Gueron, S., Seifert, J.-P.: New branch prediction vulnerabilities in openSSL and necessary software countermeasures. In: 11th IMA International Conference on Cryptography and Coding, pp. 185–203, Cirencester, UK (2007)

  5. Acıiçmez, O., Koç, Ç.K., Seifert, J.-P.: Predicting secret keys via branch prediction. In: Proceedings of the 2007 Crytographers’ track at the RSA Conference on Topics in Cryptology, pp. 225–242 (2007)

  6. Acıiçmez, O., Koç, Ç.K., Seifert, J.-P.: On the power of simple branch prediction analysis. In: 2nd ACM Symposium on Information, Computer and Communications Security, Singapore (2007)

  7. Acıiçmez, O., Brumley, B.B., Grabher, P.: New results on instruction cache attacks. In: Workshop on Cryptographic Hardware and Embedded Systems, Santa Barbara, CA, US (2010)

  8. Acıiçmez, O., Schindler, W.: A vulnerability in RSA implementations due to instruction cache analysis and its demonstration on OpenSSL. In: Crytographers’ Track at the RSA Conference on Topics in Cryptology, pp. 256–273, San Francisco, CA, US (2008)

  9. Acıiçmez, O., Seifert, J.-P.: Cheap hardware parallelism implies cheap security. In: Fourth International Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 80–91, Vienna, AT (2007)

  10. Acıiçmez, O., Schindler, W., Koç, Ç.K.: Cache based remote timing attack on the AES. In: Proceedings of the 2007 Crytographers’ Track at the RSA Conference on Topics in Cryptology, pp. 271–286, San Francisco, CA, US (2007)

  11. AlFardan, N.J., Paterson, K.G.: Lucky thirteen: breaking the TLS and DTLS record protocols. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 526–540, San Francisco, CA (2013). doi:10.1109/SP.2013.42

  12. Allan, T., Brumley, B.B., Falkner, K., van de Pol, J., Yarom, Y.: Amplifying side channels through performance degradation. In: Annual Computer Security Applications Conference, Los Angeles, CA, US (2016)

  13. AMD. AMD FX processors. Online: http://www.amd.com/en-us/products/processors/desktop/fx

  14. Anderson, D., Trodden, J.: Hypertransport System Architecture. (2003)

  15. Anderson, R.J.: Security Engineering: A Guide to Building Depandable Distributed Systems. 2nd edn. (2008)

  16. Andrysco, M., Kohlbrenner, D., Mowery, K., Jhala, R., Lerner, S., Shacham, H.: On subnormal floating point and abnormal timing. In: Proceedings of the IEEE Symposium on Security and Privacy, San Jose, CA, US (2015)

  17. Apache. Apache http server benchmarking tool (2013)

  18. Arcangeli, A., Eidus, I., Wright, C.: Increasing memory density by using KSM. In: Proceedings of the 2009 Ottawa Linux Symposium, pp. 19–28, Montreal, Quebec, Canada (2009)

  19. ARM. ARMv8 instruction set overview, a. https://www.element14.com/community/servlet/JiveServlet/previewBody/41836-102-1-229511/ARM.Reference_Manual.pdf

  20. ARM. Corelink level 2 cache controller L2C-310 technical reference manual, b. http://infocenter.arm.com/help/topic/com.arm.doc.ddi0246h/DDI0246H_l2c310_r3p3_trm.pdf

  21. Askarov, A., Zhang, D., Myers, A.C.: Predictive black-box mitigation of timing channels. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 520–538, Chicago, IL, US (2010)

  22. Aviram, A., Hu, S., Ford, B., Gummadi, R.: Determinating timing channels in compute clouds. In: ACM Workshop on Cloud Computing Security, pp. 103–108, Chicago, IL, US (2010)

  23. Aviram, A., Weng, S.-C., Hu, S., Ford, B.: Efficient system-enforced deterministic parallelism. In: Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation, pp. 1–16, Vancouver, BC (2010)

  24. Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh aah..., just a little bit”: a small amount of side channel can go a long way. In: Workshop on Cryptographic Hardware and Embedded Systems, pp. 75–92, Busan, KR (2014)

  25. Bernstein, D.J.: Cache-timing attacks on AES (2005). Preprint available at http://cr.yp.to/papers.html#cachetiming

  26. Bernstein, D.J., Schwabe, P.: A word of warning. In: Workshop on Cryptographic Hardware and Embedded Systems’13 Rump Session (2013)

  27. Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Proceedings of the 2nd Conference on Cryptology and Information Security in Latin America (LATINCRYPT), pp. 159–176, Santiago, CL (2012)

  28. Bershad, B.N., Lee, D., Romer, T.H., Bradley Chen, J.: Avoiding conflict misses dynamically in large direct-mapped caches. In: Proceedings of the 6th International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 158–170 (1994)

  29. Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a broad range of memory error exploits. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC, US (2003)

  30. Bonneau, J., Mironov, I.: Cache-collision timing attacks against AES. In: Workshop on Cryptographic Hardware and Embedded Systems, Yokohama, JP (2006)

  31. Braun, B.A., Jana, S., Boneh, D.: Robust and efficient elimination of cache and timing side channels. arXiv preprint arXiv:1506.00189 (2015)

  32. Brickell, E.: Technologies to improve platform security. In: Workshop on Cryptographic Hardware and Embedded Systems’11 Invited Talk (2011). http://www.iacr.org/workshops/ches/ches2011/presentations/Invited%201/CHES2011_Invited_1.pdf

  33. Brickell, E., Graunke, G., Neve, M., Seifert, J.-P.: Software mitigations to hedge AES against cache-based software side channel vulnerabilities. IACR Cryptology ePrint Archive 2006, 52 (2006)

    Google Scholar 

  34. Brickell, E., Graunke, G., Seifert, J.-P.: Mitigating cache/timing based side-channels in AES and RSA software implementations. In: RSA Conference 2006 Session DEV-203 (2006)

  35. Brumley, B.B., Hakala, R.M.: Cache-timing template attacks. In: Proceedings of the 15th Conference on the Theory and Application of Cryptology and Information Security (ASIACRYPT), pp. 667–684, Tokyo, JP (2009). doi:10.1007/978-3-642-10366-7_39

  36. Brumley, D., Boneh, D.: Remote timing attacks are practical. In: Proceedings of the 12th USENIX Security Symposium, pp. 1–14, Washington, DC, US (2003). doi:10.1016/j.comnet.2005.01.010

  37. Bulygin, Y.: CPU side-channels vs. virtualization malware: the good, the bad or the ugly. In: ToorCon: Seattle, Seattle, WA, US (2008)

  38. Cardenas, C., Boppana, R.V.: Detection and mitigation of performance attacks in multi-tenant cloud computing. In: 1st International IBM Cloud Academy Conference, Research Triangle Park, NC, US (2012)

  39. Chiappetta, M., Savas, E., Yilmaz, C.: Real time detection of cache-based side-channel attacks using Hardware Performance Counters. IACR Cryptology ePrint Archive, Report 2015/1034 (2015)

  40. Cock, D.: Practical probability: applying pGCL to lattice scheduling. In: Proceedings of the 4th International Conference on Interactive Theorem Proving, pp. 1–16, Rennes, France (2013). doi:10.1007/978-3-642-39634-2_23

  41. Cock, D., Ge, Q., Murray, T., Heiser, G.: The last mile: an empirical study of some timing channels on seL4. In: ACM Conference on Computer and Communications Security, pp. 570–581, Scottsdale, AZ, USA (2014)

  42. Colp, P.J., Zhang, J., Gleeson, J., Suneja, S., de Lara, E., Raj, H., Saroiu, S., Wolman, A.: Protecting data on smartphones and tablets from memory attacks. In: International Conference on Architectural Support for Programming Languages and Operating Systems, Istambul, TK (2015)

  43. Coppens, B.: Ingrid Verbauwhede, Koen De Bosschere, and Bjorn De Sutter. Practical mitigations for timing-based side-channel attacks on modern x86 processors. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 45–60, Oakland, CA, US (2009)

  44. Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19, 236–242 (1976). doi:10.1145/360051.360056

    Article  MathSciNet  MATH  Google Scholar 

  45. DoD. Trusted Computer System Evaluation Criteria. Department of Defence (1986). DoD 5200.28-STD

  46. Domnister, L., Jaleel, A., Loew, J., Abu-Ghazaleh, N., Ponomarev, D.: Non-monopolizable caches: low-complexity mitigation of cache side channel attacks. ACM Trans. Archit. Code Optim. 8(4) (2012)

  47. DotCloud. DotClod developer cloud platform. https://www.dotcloud.com/

  48. Doychev, G., Köpf, B., Mauborgne, L., Reineke, J.: CacheAudit: a tool for the static analysis of cache side channels. ACM Trans. Inf. Syst. Secur. 18(1), 4 (2015)

    Article  Google Scholar 

  49. Dunlap, G.W., King, S.T., Cinar, S., Basrai, M.A., Chen, P.M.: Revirt: enabling intrusion analysis through virtual-machine logging and replay. In: Proceedings of the 5th USENIX Symposium on Operating Systems Design and Implementation, Boston, MA, US (2002)

  50. Dunlap, G.W. III: Execution replay for intrusion analysis. PhD thesis, University of Michigan (2006)

  51. ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Advances in Cryptology, Santa Barbara, CA, US (1985)

  52. Evtyushkin, D., Ponomarev, D., Abu-Ghazaleh, N.: Jump over ASLR: attacking branch predictors to bypass ASLR. In: Proceedings of the 49th ACM/IEE International Symposium on Microarchitecture, Taipei, Taiwan (2016)

  53. Fiorin, L., Palermo, G., Silvano, C.: A security monitoring service for NoCs. In: Proceedings of the 6th International Conference on Hardware/Software Codesign and System Synthesis, pp. 197–202, Atlanta, GA, USA (2008)

  54. Fog, A.: The microarchitecture of Intel, AMD and VIA CPUs: an optimization guide for assembly programmers and compiler makers. http://www.agner.org/optimize/microarchitecture.pdf (2016)

  55. Ford, B.: Plugging side-channel leaks with timing information flow control. In: Proceedings of the 4th USENIX Workschop on Hot Topics in Cloud Computing, pp. 1–5, Boston, MA, USA (2012)

  56. Gallais, J.-F., Kizhvatov, I., Tunstall, M.: Improved trace-driven cache-collision attacks against embedded AES implementations. In: Workshop on Information Security Applications, pp. 243–257, Jeju Islang, KR (2010)

  57. García, C.P., Brumley, B.B., Yarom, Y.: Make sure DSA signing exponentiations really are constant-time. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, Vienna, Austria (2016)

  58. Garfinkel, T., Adams, K., Warfield, A., Franklin, J.: Compatibility is not transparency: VMM detection myths and realities. In: Workshop on Hot Topics in Operating Systems, San Diego, CA, US (2007)

  59. Godfrey, M.: On the prevention of cache-based side-channel attacks in a cloud environment. Master’s thesis, Queen’s University, Ontario, CA (2013)

  60. Godfrey, M., Zulkernine, M.: A server-side solution to cache-based side-channel attacks in the cloud. In: Proceedings of the 6th IEEE International Conference on Cloud Computing, Santa Clara, CA, US (2013)

  61. Goguen, J., Meseguer, J.: Security policies and security models. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 11–20, Oakland, California, USA (1982)

  62. Grunwald, D., Ghiasi, S.: Microarchitectural denial of service: insuring microarchitectural fairness. In: Proceedings of the 35th ACM/IEE International Symposium on Microarchitecture, pp. 409–418, Istanbul, TR (2002)

  63. Gruss, D., Spreitzer, R., Mangard, S.: Cache template attacks: automating attacks on inclusive last-level caches. In: Proceedings of the 24th USENIX Security Symposium, pp. 897–912, Washington, DC, US (2015)

  64. Gruss, D., Maurice, C., Fogh, A., Lipp, M., Mangard, S.: Prefetch side-channel attacks: bypassing SMAP and kernel ASLR. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, Vienna, Austria (2016)

  65. Gruss, D., Maurice, C., Wagner, K., Mangard, S.: Flush+Flush: a fast and stealthy cache attack. In: Proceedings of the 13th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, San Sebastián, Spain (2016)

  66. Gueron, S.: Intels new AES instructions for enhanced performance and security. In: Fast Software Encryption, pp. 51–66. Springer (2009)

  67. Gueron, S.: Intel advanced encryption standard (AES) instructions set (2010). https://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set

  68. Gueron, S.: Efficient software implementations of modular exponentiation. J. Cryptogr. Eng. 2(1), 31–43 (2012)

    Article  MathSciNet  Google Scholar 

  69. Gueron, S., Kounavis, M.: Efficient implementation of the Galois Counter Mode using a carry-less multiplier and a fast reduction algorithm. Inf. Process. Lett. 110(14–15), 549–553 (2010)

    Article  MathSciNet  MATH  Google Scholar 

  70. Gueron, S., Kounavis, M.E.: Intel carry-less multiplication instruction and its usage for computing the GCM mode. Intel White Paper 323640-001 Revision 2.0 (2010)

  71. Gullasch, D., Bangerter, E., Krenn, S.: Cache games—bringing access-based cache attacks on AES to practice. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 490–505, Oakland, CA, US (2011)

  72. Hu, W.-M.: Reducing timing channels with fuzzy time. In: Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 8–20, Oakland, CA, US (1991)

  73. Hu, W.-M.: Lattice scheduling and covert channels. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 52–61, Oakland, CA, US (1992)

  74. Hund, R., Willems, C., Holz, T.: Practical timing side channel attacks against kernel space ASLR. In: IEEE Symposium on Security and Privacy, pp. 191–205, San Francisco, CA (2013)

  75. Inam, R., Mahmud, N., Behnam, M., Nolte, T., Sjödin, M.: The multi-resource server for predictable execution on multi-core platforms. In: IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pp. 1–10, Berlin, DE (2014)

  76. Inci, M.S., Gulmezoglu, B., Irazoqui, G., Eisenbarth, T., Sunar, B.: Cache attacks enable bulk key recovery on the cloud. In: Workshop on Cryptographic Hardware and Embedded Systems (2016)

  77. Intel 64 & IA-32 AORM. Intel 64 and IA-32 Architectures Optimization Reference Manual. Intel Corporation (2012)

  78. Intel 64 & IA-32 ASDM. Intel 64 and IA-32 Architectures Software Developer’s Manual Volume 3B: System Programming Guide, Part 2. Intel Corporation (2014)

  79. Intel 64 & IA-32 ASDM. Intel 64 and IA-32 Architecture Software Developer’s Manual Volume 1: Basic Architecture. Intel Corporation (2015) http://www.intel.com.au/content/www/au/en/architecture-and-technology/64-ia-32-architectures-software-developer-vol-1-manual.html

  80. Intel CAT: Improving Real-Time Performance by Utilizing Cache Allocation Technology. Intel Corporation (2015)

  81. Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Wait a minute! a fast, cross-VM attack on AES. Symposium on Research in Attacks. Intrusions and Defenses (RAID), pp. 299–319, Gothenburg, Sweden (2014)

  82. Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Fine grain cross-VM attacks on Xen and VMware. In: Proceedings of the 4th IEEE International Conference on Big Data and Cloud Computing, Sydney, Australia (2014)

  83. Irazoqui, G., Eisenbarth, T., Sunar, B.: S$A: a shared cache attack that works across cores and defies VM sandboxing—and its application to AES. In: IEEE Symposium on Security and Privacy, San Jose, CA, US (2015)

  84. Irazoqui, G., Eisenbarth, T., Sunar, B.: Systematic reverse engineering of cache slice selection in Intel processors. In: Euromicro Conference on Digital System Design, Funchal, Madeira, Portugal (2015)

  85. Irazoqui, G., Inci, M.S., Eisenbarth, T., Sunar, B.: Lucky 13 strikes back. In: Asia Conference on Computer and Communication Security (ASIA CCS), pp. 85–96, Singapore (2015)

  86. Irazoqui, G., Eisenbarth, T., Sunar, B.: Cross processor cache attacks. In: Asia Conference on Computer and Communication Security (ASIA CCS), pp. 353–364, Xi’an, CN (2016)

  87. Jang, Y., Lee, S., Kim, T.: Breaking kernel address space layout randomization with intel TSX. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, Vienna, Austria (2016)

  88. Kaiser, R., Wagner, S.: Evolution of the PikeOS microkernel. In: International Workshop on Microkernels for Embedded Systems, pp. 50–57, Sydney, AU (2007)

  89. Kayaalp, M., Abu-Ghazaleh, N., Ponomarev, D., Jaleel, A.: A high-resolution side-channel attack on last-level cache. In: Proceedings of the 53rd Design Automation Conference (DAC), Austin, TX, US (2016)

  90. Kemerlis, V.P., Polychronakis, M., Keromytis, A.D.: ret2dir: rethinking kernel isolation. In: Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, US (2014)

  91. Page placement algorithms for large real-indexed caches: Kessler, R.E., Hill, Mark D. ACM Trans. Comput. Syst. 10, 338–359 (1992)

    Article  Google Scholar 

  92. Kim, T., Peinado, M., Mainar-Ruiz, G.: StealthMem: system-level protection against cache-based side channel attacks in the cloud. In: Proceedings of the 21st USENIX Security Symposium, pp. 189–204, Bellevue, WA, US (2012)

  93. Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: seL4: formal verification of an OS kernel. In: ACM Symposium on Operating Systems Principles, pp. 207–220, Big Sky, MT, USA (2009)

  94. Klein, G., Andronick, J., Elphinstone, K., Murray, T., Sewell, T., Kolanski, R., Heiser, G.: Comprehensive formal verification of an OS microkernel. ACM Trans. Comput. Syst. 32(1), 2:1–2:70 (2014). doi:10.1145/2560537

  95. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: International Cryptology Conference—CRYPTO, Lecture Notes in Computer Science, Vol. 1666, pp. 388–397 (1999). doi:10.1007/3-540-48405-1_25

  96. Kocher, P., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptogr. Eng. 1, 5–27 (2011)

    Article  Google Scholar 

  97. Kong, J., Acıiçmez, O., Seifert, J.-P., Zhou, H.: Hardware-software integrated approaches to defend against software cache-based side channel attacks. In: Proceedings of the 15th IEEE Symposium on High-Performance Computer Architecture, Raleigh, NC, US (2009)

  98. Köpf, B., Dürmuth, M.: A provably secure and efficient countermeasure against timing attacks. In: Proceedings of the 22nd IEEE Computer Security Foundations Symposium, New York, NY, US (2009)

  99. Köpf, B., Mauborgne, L., Ochoa, M.: Automatic quantification of cache side-channels. In: Proceedings of the 24th International Conference on Computer Aided Verification, pp. 564–580 (2012)

  100. Lampson, B.W.: A note on the confinement problem. Commun. ACM 16, 613–615 (1973). doi:10.1145/362375.362389

    Article  Google Scholar 

  101. Langley, A.: ctgrind (2010). https://github.com/agl/ctgrind

  102. Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis and transformation. In: International Symposium on Code Generation and Optimization, pp. 75–86, Palo Alto, CA, US (2004)

  103. Li, P., Gao, D., Reiter, M.K.: Mitigating access-driven timing channels in clouds using StopWatch. In: Proceedings of the 43rd International Conference on Dependable Systems and Networks (DSN), pp. 1–12, Budapest, HU (2013)

  104. Liedtke, J., Härtig, H., Hohmuth, M.: OS-controlled cache predictability for real-time systems. In: IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), Montreal, CA (1997). doi:10.1109/RTTAS.1997.601360

  105. Lipp, M., Gruss, D., Spreitzer, R., Maurice, C., Mangard, S.: ARMageddon: cache attacks on mobile devices. In: Proceedings of the 25th USENIX Security Symposium, pp. 549–564, Austin, TX, US (2016)

  106. Liu, F., Lee, R.B.: Random fill cache architecture. In: Proceedings of the 47th ACM/IEE International Symposium on Microarchitecture, Cambridge, UK (2014)

  107. Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: IEEE Symposium on Security and Privacy, pp. 605–622, San Jose, CA, US (2015)

  108. Liu, F., Ge, Q., Yarom, Y., Mckeen, F., Rozas, C., Heiser, G., Lee, R.B.: CATalyst: defeating last-level cache side channel attacks in cloud computing. In: IEEE Symposium on High-Performance Computer Architecture, pp. 406–418, Barcelona, Spain (2016)

  109. Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: revealing the secrets of smart cards. Vol. 31 (2008)

  110. Marshall, A., Howard, M., Bugher, G., Harden, B.: Security best practices for developing windows azure applications. Microsoft Corp, Brian (2010)

    Google Scholar 

  111. Martin, R., Demme, J., Sethumadhavan, S.: TimeWarp: rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. In: Proceedings of the 39th International Symposium on Computer Architecture, pp. 118–129, Portland, OR, US (2012). doi:10.1145/2366231.2337173

  112. Maurice, C., Le Scouarnec, N., Neumann, C., Heen, O., Francillon, A.: Reverse engineering Intel last-level cache complex addressing using performance counters. In: Symposium on Research in Attacks, Intrusions and Defenses (RAID), Kyoto, Japan (2015)

  113. Maurice, C., Neumann, C., Heen, O., Francillon, A.: C5: cross-cores cache covert channel. In: Proceedings of the 12th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, Milano, Italy (2015)

  114. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  115. Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)

    Article  MathSciNet  MATH  Google Scholar 

  116. Moon, S.-J., Sekar, V., Reiter, M.K.: Nomad: mitigating arbitrary cloud side channels via provider-assisted migration. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, pp. 1595–1606, Denver, CO, US (2015)

  117. Moscibroda, T., Mutlu, O.: Memory performance attacks: denial of memory service in multi-core systems. In: Proceedings of the 16th USENIX Security Symposium, Boston, MA, US (2007)

  118. Murray, T., Matichuk, D., Brassil, M., Gammie, P., Bourke, T., Seefried, S., Lewis, C., Gao, X., Klein, G.: seL4: from general purpose to a proof of information flow enforcement. In: IEEE Symposium on Security and Privacy, pp. 415–429, San Francisco, CA (2013). doi:10.1109/SP.2013.35

  119. Neve, M.: Cache-based vulnerabilities and SPAM analysis. PhD thesis, Université catholique de Louvain, Louvain-la-Neuve, Belgium (2006)

  120. Neve, M., Seifert, J.-P.: Advances on access-driven cache attacks on AES. In: 13th International Workshop on Selected Areas in Cryptography, Montreal, CA (2006)

  121. Neve, M., Seifert, J.-P.: Advances on access-driven cache attacks on AES. In: Selected Areas in Cryptography, pp. 147–162, Montreal, CA (2006)

  122. ORACLE. SPARC T4 processor. http://www.oracle.com/us/products/servers-storage/servers/sparc-enterprise/t-series/sparc-t4-processor-ds-497205.pdf

  123. Oren, Y., Kemerlis, V.P., Sethumadhavan, S., Keromytis, A.D.: The spy in the sandbox: practical cache attacks in JavaScript and their implications. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security, pp. 1406–1418, Denver, CO, US (2015)

  124. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. (2005) http://www.cs.tau.ac.il/~tromer/papers/cache.pdf

  125. Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Proceedings of the 2006 Crytographers’ track at the RSA Conference on Topics in Cryptology (2006)

  126. Page, D.: Theoretical use of cache memory as a cryptanalytic side-channel. IACR Cryptology ePrint Archive, Report 2002/169 (2002)

  127. Page, D.: Defending against cache-based side-channel attacks. Inf. Secur. Tech. Rep. 8(1), 30–44 (2003)

    Article  Google Scholar 

  128. Page, D.: Partitioned cache architecture as a side-channel defence mechanism. IACR Cryptol. ePrint Arch. 2005, 280 (2005)

    Google Scholar 

  129. Percival, C.: Cache missing for fun and profit. In: BSDCan 2005, Ottawa, CA (2005)

  130. Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting DRAM addressing for cross-CPU attacks. In: Proceedings of the 25th USENIX Security Symposium, Austin, TX, US (2016)

  131. Rane, A., Lin, C., Tiwari, M.: Secure, precise, and fast floating-point operations on x86 processors. In: Proceedings of the 25th USENIX Security Symposium, Austin, TX, US (2016)

  132. Richter, A., Herber, C., Rauchfuss, H., Wild, T., Herkersdorf, A.: Performance isolation exposure in virtualized platforms with PCI passthrough I/O sharing. In: Architecture of Computing Systems, pp. 171–182 (2014)

  133. Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 199–212, Chicago, IL, US (2009)

  134. Schaefer, M., Gold, B., Linde, R., Scheid, J.: Program confinement in KVM/370. In: Proceedings of the annual ACM Conference, pp. 404–410 (1977)

  135. Schramm, K., Leander, G., Felke, P., Paar, C.: A collision-attack on AES. In: Workshop on Cryptographic Hardware and Embedded Systems, pp. 163–175, Boston, MA, US (2004)

  136. Shi, J., Song, X., Chen, H., Zang, B.: Limiting cache-based side-channel in multi-tenant cloud using dynamic page coloring. In: International Conference on Dependable Systems and Networks Workshops (DSN-W), pp. 194–199, HK (2011)

  137. Silva, B.R., Aranha, D., Pereira, F.M.Q.: Uma técnica de análise estática para detecção de canais laterais baseados em tempo. In: Brazilian Symposium on Information and Computational Systems Security, pp. 16–29, Florianópolis, SC, BR (2015)

  138. Song, W.-J., Kim, J., Lee, J.-W., Abts, D.: Security vulnerability in processor-interconnect router design. In: Proceedings of the 21st ACM Conference on Computer and Communications Security, Scottsdale, AZ, US (2014)

  139. Stefan, D., Buiras, P., Yang, E.Z., Levy, A., Terei, D., Russo, A., Mazières, D.: Eliminating cache-based timing attacks with instruction-based scheduling. In: Proceedings of the 18th European Symposium On Research in Computer Security, pp. 718–735, Egham, UK (2013). doi:10.1007/978-3-642-40203-6_40

  140. Tan, Y., Wei, J., Guo, W.: The micro-architectural support countermeasures against the branch prediction analysis attack. In: Proceedings of the 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Beijing, China (2014)

  141. Tiwari, M., Li, X., Wassel, H.M., Chong, F.T., Sherwood, T.: Execution leases: a hardware-supported mechanism for enforcing strong non-interference. In: Proceedings of the 42nd ACM/IEE International Symposium on Microarchitecture, New York, NY, US (2009)

  142. Tiwari, M., Oberg, J.K., Li, X., Valamehr, J., Levin, T., Hardekopf, B., Kastner, R., Chong, F.T., Sherwood, T.: Crafting a usable microkernel, processor, and I/O system with strict and provable information flow security. In: Proceedings of the 38th International Symposium on Computer Architecture, San Jose, CA, US (2011)

  143. Tromer, Eran: Osvik, Dag Arne, Shamir, Adi: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)

    Article  MathSciNet  Google Scholar 

  144. Tsunoo, Y., Tsujihara, E., Minematsu, K., Hiyauchi, H.: Cryptanalysis of block ciphers implemented on computers with cache. In: International Symposium on Information Theory and Its Applications, Xi’an, CN (2002)

  145. Tsunoo, Y., Saito, T., Suzaki, T., Shigeri, M., Miyauchi, H.: Cryptanalysis of DES implemented on computers with cache. In: Workshop on Cryptographic Hardware and Embedded Systems, pp. 62–76, Cologne, DE (2003)

  146. Valgrind. http://valgrind.org/

  147. van de Pol, J., Smart, N.P., Yarom, Y.: Just a little bit more. In: Proceedings of the 2015 Crytographers’ track at the RSA Conference on Topics in Cryptology, pp. 3–21, San Francisco, CA, USA (2015)

  148. Varadarajan, V., Kooburat, T., Farley, B., Ristenpart, T., Swift, M.M.: Resource-freeing attacks: improve your cloud performance (at your neighbor’s expense). In: Proceedings of the 19th ACM Conference on Computer and Communications Security, Raleigh, NC, US (2012)

  149. Varadarajan, V., Ristenpart, T., Swift, M.: Scheduler-based defenses against cross-VM side-channels. In: Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, US (2014)

  150. Vateva-Gurova, T., Suri, N., Mendelson, A.: The impact of hypervisor scheduling on compromising virtualized environments. In: IEEE International Conference on Computer and Information Technology, pp. 1910–1917 (2015)

  151. Vattikonda, B.C., Das, S., Shacham, H.: Eliminating fine grained timers in Xen. In: ACM Workshop on Cloud Computing Security, pp. 41–46, Chicago, IL, ACM (2011)

  152. VMware Inc. Security considerations and disallowing inter-virtual machine transparent page sharing. VMware Knowledge Base 2080735 (2014). http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2080735

  153. VMware Knowledge Base. Security considerations and disallowing inter-virtual machine transparent page sharing. VMware Knowledge Base 2080735. (2014) http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2080735

  154. Waldspurger, C.A.: Memory resource management in VMware ESX server. In: Proceedings of the 5th USENIX Symposium on Operating Systems Design and Implementation, Boston, MA, US (2002)

  155. Wang, Y., Suh, G.E.: Efficient timing channel protection for on-chip networks. In: Proceedings of the 6th ACM/IEEE International Symposium on Networks on Chip, pp. 142–151, Lyngby, Denmark (2012)

  156. Wang, Y., Ferraiuolo, A., Suh, G.E.: Timing channel protection for a shared memory controller. In: Proceedings of the 20th IEEE Symposium on High-Performance Computer Architecture, Orlando, FL, US (2014)

  157. Wang, Z., Lee, R.B.: Covert and side channels due to processor architecture. In: 22nd Annual Computer Security Applications Conference, Miami Beach, FL, US (2006)

  158. Wang, Z., Lee, R.B.: New cache designs for thwarting software cache-based side channel attacks. In: Proceedings of the 34th International Symposium on Computer Architecture, San Diego, CA, US (2007)

  159. Wassel, H.M.G., Gao, Y., Oberg, J.K., Huffmire, T., Kastner, R., Chong, F.T., Sherwood, T.: SurfNoC: a low latency and provably non-interfering approach to secure networks-on-chip. In: Proceedings of the 40th International Symposium on Computer Architecture, pp. 583–594 (2013)

  160. Weiß, M., Heinz, B., Stumpf, F.: A cache timing attack on AES in virtualization environments. In: Financial Cryptography and Data Security, Bonaire, Dutch Caribbean (2012)

  161. Weiß, M., Weggenmann, B., August, M., Sigl, G.: On cache timing attacks considering multi-core aspects in virtualized embedded systems. In: Proceedings of the 6th International Conference on Trustworthy Systems, Beijing, China (2014)

  162. Woo, D.H., Lee, H.-H.: Analyzing performance vulnerability due to resource denial of service attack on chip multiprocessors. In: Workshop on Chip Multiprocessor Memory Systems and Interconnects, Phoenix, AZ, US (2007)

  163. Wray, J.C.: An analysis of covert timing channels. In: Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 2–7, Oakland, CA, US (1991)

  164. Wu, W., Zhai, E., Jackowitz, D., Wolinsky, D.I., Gu, L., Ford, B.: Warding off timing attacks in Deterland. arXiv preprint arXiv:1504.07070 (2015)

  165. Wu, Z., Xu, Z., Wang, H.: Whispers in the hyper-space: high-speed covert channel attacks in the cloud. In: Proceedings of the 21st USENIX Security Symposium, Bellevue, WA, US (2012)

  166. Xu, L.: Securing the enterprise with intel AES-NI (2010). http://www.intel.com/content/www/us/en/enterprise-security/enterprise-security-aes-ni-white-paper.html

  167. Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., Schlichting, R.: An exploration of L2 cache covert channels in virtualized environments. In: ACM Workshop on Cloud Computing Security, pp. 29–40 (2011)

  168. Yarom, Y., Benger, N.: Recovering OpenSSL ECDSA nonces using the Flush+Reload cache side-channel attack. IACR Cryptology ePrint Archive, Report 2014/140 (2014)

  169. Yarom, Y., Falkner, K.: Flush+Reload: a high resolution, low noise, L3 cache side-channel attack. In: Proceedings of the 23rd USENIX Security Symposium, pp. 719–732, San Diego, CA, US (2014)

  170. Yarom, Y., Ge, Q., Liu, F., Lee, R.B., Heiser, G.: Mapping the Intel last-level cache (2015). http://eprint.iacr.org/

  171. Yarom, Y., Genkin, D., Heninger, N.: CacheBleed: a timing attack on OpenSSL constant time RSA. In: Conference on Cryptographic Hardware and Embedded Systems 2016 (CHES 2016), Santa Barbara, CA, US (2016)

  172. Yoder, K.: POWER7+ accelerated encryption and random number generation for Linux (2013)

  173. Yun, H., Yao, G., Pellizzoni, R., Caccamo, M., Sha, L.: MemGuard: memory bandwidth reservation system for efficient performance isolation in multi-core platforms. In: IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), pp. 55–64, Philadelphia, PA, US (2013)

  174. Zhang, D., Askarov, A., Myers, A.C.: Predictive mitigation of timing channels in interactive systems. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 563–574, Chicago, IL, US (2011)

  175. Zhang, D., Askarov, A., Myers, A.C.: Language-based control and mitigation of timing channels. In: Proceedings of the 2012 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 99–110, Beijing, CN (2012)

  176. Zhang, R., Su, X., Wang, J., Wang, C., Liu, W., Rynson, W.H.L.: On mitigating the risk of cross-VM covert channels in a public cloud. IEEE Trans. Parallel Distrib. Syst. 26, 2327–2339 (2014)

    Article  Google Scholar 

  177. Zhang, T., Zhang, Y., Lee, R.B.: Memory DoS attacks in multi-tenant clouds: Severity and mitigation. arXiv preprint arXiv:1603.03404v2 (2016)

  178. Zhang, T., Zhang, Y., Lee, R.B: Cloudradar: a real-time side-channel attack detection system in clouds. In: Proceedings of the 19th Symposium on Research in Attacks, Intrusions and Defenses (RAID), Telecom SudParis, France (2016)

  179. Zhang, Y., Reiter, M.: Düppel: Retrofitting commodity operating systems to mitigate cache side channels in the cloud. In: Proceedings of the 20th ACM Conference on Computer and Communications Security, pp. 827–838, Berlin, DE (2013)

  180. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-VM side channels and their use to extract private keys. In: Proceedings of the 19th ACM Conference on Computer and Communications Security, pp. 305–316, Raleigh, NC, US (2012)

  181. Zhang, Y., Juels, A., Reiter, M.K., Ristenpart, T.: Cross-Tenant side-channel attacks in PaaS clouds. In: Proceedings of the 21st ACM Conference on Computer and Communications Security, Scottsdale, AZ, US (2014)

  182. Zhou, Z., Reiter, M.K., Zhang, Y.: A software approach to defeating side channels in last-level caches. In: Proceedings of the 23rd ACM Conference on Computer and Communications Security, Vienna, Austria (2016)

Download references

Acknowledgements

We would like to thank Toby Murray for his comments and feedback.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Qian Ge.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ge, Q., Yarom, Y., Cock, D. et al. A survey of microarchitectural timing attacks and countermeasures on contemporary hardware. J Cryptogr Eng 8, 1–27 (2018). https://doi.org/10.1007/s13389-016-0141-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-016-0141-6

Keywords

Navigation