IMDEA Software

Iniciativa IMDEA

Inicio > Eventos > Charlas Invitadas > 2020 > RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks
Esta página aún no ha sido traducida. A continuación se muestra la página en inglés.

Samira Briongos

martes 14 de enero de 2020

10:45am Meeting room 302 (Mountain View), level 3

Samira Briongos, Post-doctoral Researcher, Universidad Politécnica de Madrid, España

RELOAD+REFRESH: Abusing Cache Replacement Policies to Perform Stealthy Cache Attacks


Caches have become the prime method for unintended information extraction across logical isolation boundaries. They are widely available on all major CPU platforms and, as a side-channel, caches provide great resolution, making them the most convenient channel for Spectre and Meltdown. As a consequence, several methods to stop cache attacks by detecting them have been proposed. Detection is strongly aided by the fact that observing cache activity of co-resident processes is not possible without altering the cache state and thereby forcing evictions on the observed processes. In this work, we show that this widely held assumption is incorrect. Through clever usage of the cache replacement policy, it is possible to track cache accesses of a victim’s process without forcing evictions on the victim’ s data. Hence, online detection mechanisms that rely on these evictions can be circumvented as they would not detect the introduced RELOAD+REFRESH attack. The attack requires a profound understanding of the cache replacement policy. We present a methodology to recover the replacement policy and apply it to the last five generations of Intel processors. We further show empirically that the performance of RELOAD+REFRESH on cryptographic implementations is comparable to that of other widely used cache attacks, while detection methods that rely on L3 cache events are successfully thwarted.