Accurately predicting software cache attacks

De Ensiwiki
Aller à : navigation, rechercher

Supervisors: Cristian Ene, Claire Maiza, Valentin Touzeau (contact:

Cache attacks are a specific kind of side-channel attacks where an intruder manages to gain some confidential information on a program execution by observing and/or interacting with a shared cache memory (for instance in a virtualized environment, or in the cloud). Recent works show how much such attacks can be successful [1,2], and it is therefore important to design techniques and tools able to predict if a piece of code is vulnerable to this kind of threat.

Two prototypes have been recently developed in Verimag to analyze a program with respect to the cache behavior:

  • The first tool [4] is able to predict, on a given program and for a given cache management policy, whether each instruction will be "always in the cache" (hit), "never in the cache" (missed), either hit or missed, or unknown.
  • The second tool [5] is able to predict whether a jump address depends or not on a sensible data and may leak some information (beyond the ones provided by the regular program outputs).

These two tools use static analysis techniques on the LLVM intermediate representation. The objective of this internship is to merge these two techniques in order to get precise results on the information leakage a cache attack may provide, taking into account both the cache management policy and the internal program information flow.

Expected results:

  • a survey of the most common cache attack techniques, leading to some dedicated attacker models;
  • a combination of the two existing prototypes to accurately detect potential (instruction) cache attacks on C programs;
  • an evaluation of the results on a benchmark.


[1] Efficient Cache Attacks on AES, and Countermeasures Eran Tromer, Dag Arne Osvik and Adi Shamir Journal of Cryptology, 2010

[2] ARMageddon: Cache Attacks on Mobile Devices Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clementine Maurice, Stefan Mangard Usenix Security 2016

[3] Ascertaining Uncertainty for Efficient Exact Cache Analysis Valentin Touzeau, Claire Maïza, David Monniaux, Jan Reineke Computer-Aided Verification, 2017

[4] Output-Sensitive Information Flow Analysis Cristian Ene, Sahar Berro, Laurent Mounier, Marie-Laure Potet Verimag research report, to appear