10,276 research outputs found
On the Incomparability of Cache Algorithms in Terms of Timing Leakage
Modern computer architectures rely on caches to reduce the latency gap
between the CPU and main memory. While indispensable for performance, caches
pose a serious threat to security because they leak information about memory
access patterns of programs via execution time.
In this paper, we present a novel approach for reasoning about the security
of cache algorithms with respect to timing leaks. The basis of our approach is
the notion of leak competitiveness, which compares the leakage of two cache
algorithms on every possible program. Based on this notion, we prove the
following two results:
First, we show that leak competitiveness is symmetric in the cache
algorithms. This implies that no cache algorithm dominates another in terms of
leakage via a program's total execution time. This is in contrast to
performance, where it is known that such dominance relationships exist.
Second, when restricted to caches with finite control, the
leak-competitiveness relationship between two cache algorithms is either
asymptotically linear or constant. No other shapes are possible
Undermining User Privacy on Mobile Devices Using AI
Over the past years, literature has shown that attacks exploiting the
microarchitecture of modern processors pose a serious threat to the privacy of
mobile phone users. This is because applications leave distinct footprints in
the processor, which can be used by malware to infer user activities. In this
work, we show that these inference attacks are considerably more practical when
combined with advanced AI techniques. In particular, we focus on profiling the
activity in the last-level cache (LLC) of ARM processors. We employ a simple
Prime+Probe based monitoring technique to obtain cache traces, which we
classify with Deep Learning methods including Convolutional Neural Networks. We
demonstrate our approach on an off-the-shelf Android phone by launching a
successful attack from an unprivileged, zeropermission App in well under a
minute. The App thereby detects running applications with an accuracy of 98%
and reveals opened websites and streaming videos by monitoring the LLC for at
most 6 seconds. This is possible, since Deep Learning compensates measurement
disturbances stemming from the inherently noisy LLC monitoring and unfavorable
cache characteristics such as random line replacement policies. In summary, our
results show that thanks to advanced AI techniques, inference attacks are
becoming alarmingly easy to implement and execute in practice. This once more
calls for countermeasures that confine microarchitectural leakage and protect
mobile phone applications, especially those valuing the privacy of their users
- …