*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Title: New Attack and Defense Strategies For Cache Covert-Channel and Side-Channel Attacks
Committee:
Dr. Qureshi, Advisor
Dr. Krishna, Chair
Dr. Prvulovic
Dr. Kim
Dr. Fletcher
Abstract: The objective of the proposed research is to investigate the limitations of covert-channel and side-channel attacks on processor caches, and design effective low-cost defense mechanisms. Caches in modern processors help to improve performance by enabling fast access to data. However, the sharing of cache resources between different applications results in a vulnerability to side-channel attacks. In such attacks, malicious applications can infer data access patterns of sensitive applications based on changes to the shared cache state and leak sensitive data like encryption keys, user browsing histories, confidential IP like machine-learning models, etc. Shared cache interactions can also be used for covert-channel attacks, that allow covert communication between colluding malicious applications. This research has three thrusts: (a) Investigating faster covert-channel attacks with fewer limitations than existing attacks: to bound the potential for information leakage via such attacks and demonstrate their universal applicability; (b) Designing effective defenses based on cache location randomization: such defenses are promising for eliminating certain classes of cache attacks like conflict-based attacks, but recent defenses have been broken by recent advances in attacks. (c) Designing principled defenses based on cache-partitioning: such defenses can eliminate all cache attacks by sandboxing data of mistrusting applications in isolated cache regions, but recent defenses have been plagued by limited scalability or flexibility hindering their adoption. Overall, this research can enable the widespread adoption of low-cost, scalable, and effective security for processor caches.
