5 research outputs found
On the Incomparability of Cache Algorithms in Terms of Timing Leakage
Modern computer architectures rely on caches to reduce the latency gap
between the CPU and main memory. While indispensable for performance, caches
pose a serious threat to security because they leak information about memory
access patterns of programs via execution time.
In this paper, we present a novel approach for reasoning about the security
of cache algorithms with respect to timing leaks. The basis of our approach is
the notion of leak competitiveness, which compares the leakage of two cache
algorithms on every possible program. Based on this notion, we prove the
following two results:
First, we show that leak competitiveness is symmetric in the cache
algorithms. This implies that no cache algorithm dominates another in terms of
leakage via a program's total execution time. This is in contrast to
performance, where it is known that such dominance relationships exist.
Second, when restricted to caches with finite control, the
leak-competitiveness relationship between two cache algorithms is either
asymptotically linear or constant. No other shapes are possible
Understanding multidimensional verification: Where functional meets non-functional
Abstract Advancements in electronic systems' design have a notable impact on design verification technologies. The recent paradigms of Internet-of-Things (IoT) and Cyber-Physical Systems (CPS) assume devices immersed in physical environments, significantly constrained in resources and expected to provide levels of security, privacy, reliability, performance and low-power features. In recent years, numerous extra-functional aspects of electronic systems were brought to the front and imply verification of hardware design models in multidimensional space along with the functional concerns of the target system. However, different from the software domain such a holistic approach remains underdeveloped. The contributions of this paper are a taxonomy for multidimensional hardware verification aspects, a state-of-the-art survey of related research works and trends enabling the multidimensional verification concept. Further, an initial approach to perform multidimensional verification based on machine learning techniques is evaluated. The importance and challenge of performing multidimensional verification is illustrated by an example case study
Security Analysis of Cache Replacement Policies
Modern computer architectures share physical resources between different
programs in order to increase area-, energy-, and cost-efficiency.
Unfortunately, sharing often gives rise to side channels that can be exploited
for extracting or transmitting sensitive information. We currently lack
techniques for systematic reasoning about this interplay between security and
efficiency. In particular, there is no established way for quantifying security
properties of shared caches.
In this paper, we propose a novel model that enables us to characterize
important security properties of caches. Our model encompasses two aspects: (1)
The amount of information that can be absorbed by a cache, and (2) the amount
of information that can effectively be extracted from the cache by an
adversary. We use our model to compute both quantities for common cache
replacement policies (FIFO, LRU, and PLRU) and to compare their isolation
properties. We further show how our model for information extraction leads to
an algorithm that can be used to improve the bounds delivered by the CacheAudit
static analyzer