Cache Analysis for Security

De Ensiwiki
Aller à : navigation, rechercher
  • Where? Verimag lab, IMAG building
  • Who? Claire Maiza, Laurent Mounier and Valentin Touzeau (contact: prenom.nom@univ-grenoble-alpes.fr)
  • What?

CPUs are usually much faster than the main memory. Thus, to avoid the processor being stalled waiting for data coming from the memory, modern architectures make heavy use of small but fast memories called caches. The basic idea is to keep in the cache a copy of blocks that are frequently accessed to retrieve them faster.

Cache usage leads to important performance gain, but they can also be used by an attacker to retrieve secret data. Indeed, it has been shown that a program can spy on another program by manipulating the cache content and guessing what memory accesses the other program made.

We are currently developing a tool[1] at Verimag to statically analyze programs and caches. This tool is able to classify memory accesses into "accessed block is guaranteed to be in the cache" and "accessed block is guaranteed not to be in the cache". This information can then be used - for example - to prove that the execution time of the program can not exceed a given bound.

The objective of the internship is to exploit the classification of accesses given by our tool to deduce information related to security. For example, it is possible for an attacker to retrieve a secret key manipulated by a cryptographic program by preempting it several times and looking at the cache content at each preemption point. One could be interesting in using cache blocks classification to locate the potential preemption points leaking the key.

[1] Ascertaining Uncertainty for Efficient Exact Cache Analysis, Valentin Touzeau, Claire Maiza, David Monniaux and Jan Reineke, CAV2017 (http://www-verimag.imag.fr/TR/TR-2017-2.pdf)