Security-centric processor design
Event details
Date | 21.06.2019 |
Hour | 09:00 › 11:00 |
Speaker | Atri Bhattacharyya |
Location | |
Category | Conferences - Seminars |
EDIC candidacy exam
Exam president: Prof. Paolo Ienne
Thesis advisor: Prof. Babak Falsafi
Thesis co-advisor: Prof. Mathias Payer
Co-examiner: Prof. James Larus
Abstract
Computer architectures are generally described by a set of architecturally defined registers and instructions which operate on and modify the state defined by these registers. This abstraction, called the Instruction Set Architecture (ISA) abstracts away the microarchitectural details of processors implementing it. Details that visibly affect the timing of the defined operations are often abstracted away as well. Side-channel attacks leverage such architecturally undefined "side-effects" to leak information.
This paper describes two such attacks, targeting the caching layer and speculative execution followed by a SOTA cache implementation that better matches the ISA abstraction, preventing speculative loads from having any cache-effects. Finally, it describes a proposal for further research towards bridging the gap between microarchitecture and its abstraction, with the aim of plugging this "leaky" abstraction.
Background papers
Cache attacks and countermeasures: the case of AES, by Osvik, Dag Arne, Adi Shamir, and Eran Tromer.
Spectre attacks: Exploiting speculative execution, by Kocher, Paul, et al.
Invisispec: Making speculative execution invisible in the cache hierarchy, by Yan, Mengjia, et al.
Exam president: Prof. Paolo Ienne
Thesis advisor: Prof. Babak Falsafi
Thesis co-advisor: Prof. Mathias Payer
Co-examiner: Prof. James Larus
Abstract
Computer architectures are generally described by a set of architecturally defined registers and instructions which operate on and modify the state defined by these registers. This abstraction, called the Instruction Set Architecture (ISA) abstracts away the microarchitectural details of processors implementing it. Details that visibly affect the timing of the defined operations are often abstracted away as well. Side-channel attacks leverage such architecturally undefined "side-effects" to leak information.
This paper describes two such attacks, targeting the caching layer and speculative execution followed by a SOTA cache implementation that better matches the ISA abstraction, preventing speculative loads from having any cache-effects. Finally, it describes a proposal for further research towards bridging the gap between microarchitecture and its abstraction, with the aim of plugging this "leaky" abstraction.
Background papers
Cache attacks and countermeasures: the case of AES, by Osvik, Dag Arne, Adi Shamir, and Eran Tromer.
Spectre attacks: Exploiting speculative execution, by Kocher, Paul, et al.
Invisispec: Making speculative execution invisible in the cache hierarchy, by Yan, Mengjia, et al.
Practical information
- General public
- Free