Detecting and Mitigating Cache-Based Side-Channels

Open Access
- Author:
- Brotzman-Smith, Robert
- Graduate Program:
- Computer Science and Engineering
- Degree:
- Doctor of Philosophy
- Document Type:
- Dissertation
- Date of Defense:
- February 26, 2021
- Committee Members:
- Gang Tan, Dissertation Advisor/Co-Advisor
Gang Tan, Committee Chair/Co-Chair
Mahmut Taylan Kandemir, Committee Member
Dinghao Wu, Outside Member
Danfeng Zhang, Committee Chair/Co-Chair
Danfeng Zhang, Dissertation Advisor/Co-Advisor
Chitaranjan Das, Program Head/Chair - Keywords:
- side-channel
cache
static analysis
mitigation - Abstract:
- Identifying cache-based side channels in software is a particularly daunting task even for highly trained professionals. This is a consequence of side channels manifesting in a very subtle manner due to the interaction between the software and hardware. To compound the issue, once these vulnerabilities are detected, there are not many approaches available to mitigate them on commodity hardware today with reasonable overhead. To make matters worse, new attack vectors are being uncovered seemingly all the time. This is a result of new features frequently being added to hardware to improve performance. This is most apparent with the revelation of Spectre and Meltdown, demonstrating that common optimizations found on nearly all modern CPUs can be used to construct new side-channel attacks that are costly to mitigate. With every new hardware feature and optimization comes new challenges to accurately model the relationship between the software and how it interacts with hardware. Given these issues, this dissertation seeks to address the two core problems of first detecting and second mitigating cache-based side channels. To address the issue of detecting cache-based side channels, we develop a tool called CaSym that automatically detects and pinpoints cache-based side channels in software or verifies their absence. CaSym uses symbolic execution to reason about programs and introduces novel cache models to achieve a more robust modeling of the CPU cache. To address new vulnerabilities discovered leveraging speculative execution, we extended CaSym in a new tool called SpecSafe to also detect leakage caused by speculative execution. This is accomplished by introducing program transformation to soundly capture program behavior manifesting from speculative execution while still being able to identify conventional cache-based side channels. To address the issue of mitigating side-channels, we propose a novel user-space side channel mitigation targeting the CPU cache called Ghost Thread that is both reasonably efficient and works on virtually all commodity hardware. Ghost Thread uses threads to introduce noise into the CPU's cache state making it drastically more difficult to successfully launch a cache-based side channel. Lastly, we survey existing user-space mitigations for Spectre attacks to provide a roadmap to developers to select the most appropriate mitigation given their circumstances.