Information Leakage Due to Cache and Processor Architectures
Speaker: Zhenghong Wang
Series: Final Public Orals
Location: Engineering Quadrangle B205
Date/Time: Tuesday, October 23, 2012, 3:00 p.m. - 4:30 p.m.
In modern information systems, information leakage is a major security threat that allows the disclosure of critical information to unauthorized users or even attackers who should not learn the information. In the past, various software and hardware protection mechanisms have been proposed and deployed to ensure the security of the information. However, recent research has shown that microprocessors, which are the central processing units of essentially all modern computer systems, can lead to new information leakage channels that are much faster and more reliable than traditional software-based and system-level channels. These new channels can bypass existing software-based protection and isolation mechanisms, and can nullify any confidentiality or integrity protections provided by strong cryptography. Because of the ubiquitous deployment of microprocessors and the fact that the attacks are effective on essentially all modern processors, such microprocessor-level information leakage has become a serious security threat to a wide spectrum of platforms and users.
Motivated by the increasing importance of the processor and cache information leakage problem, this dissertation aims to investigate the information leakage problem in microprocessors in a more generalized manner. The dissertation starts with concrete practical issues that are of high importance. It first analyzes the recent cache-based software side-channel attacks, revealing their common root cause, then proposing novel cache designs that can effectively defend against all attacks in this category without compromising performance, power efficiency and cost. The dissertation also analyzes existing processor architectures, identifies several new covert channels that are much faster than traditional channels, and discusses alternative countermeasures. The dissertation then generalizes the problem of covert channels with abstract modeling and analysis. It tries to clarify the ambiguity in traditional classifications of covert storage versus timing channels, and presents a new classification. It further recognizes, for the first time, that asynchronism is an inherent characteristic of covert channels that should be properly captured in channel capacity estimation. Quantitative results are presented based on the modeling of fundamental synchronization mechanisms and information-theoretic analysis.