Advanced Technology Group
in the Corporate Strategy Office

Page Cache Attacks

Daniel Gruss, Erik Kraft, Graz University of Technology; and Trishita Tiwari, Boston University; Michael Schwarz, Graz University of Technology; Ari Trachtenberg, Boston University; Jason Hennessey, NetApp; and Alex Ionescu, CrowdStrike and Anders Fogh, Intel

We present a new side-channel attack that targets one of the most fundamental software caches in modern computer systems: the operating system page cache. The page cache is a pure software cache that contains all disk-backed pages, including program binaries, shared libraries, and other files. On Windows, dynamic pages are also part of this cache and can be attacked as well, e.g., data, heap, and stacks. Our side channel permits unprivileged monitoring of accesses to these pages of other processes, with a spatial resolution of 4kB and a temporal resolution of 2µs on Linux (≤6.7 measurements per second), and 466ns on Windows 10 (≤223 measurements per second). We systematically analyze the side channel by demonstrating different hardware-agnostic local attacks, including a sandbox-bypassing high-speed covert channel, an ASLR break on Windows 10, and various information leakages that can be used for targeted extortion, spam campaigns, and more directly for UI redressing attacks. We also show that, as with hardware cache attacks, we can attack the generation of temporary passwords on vulnerable cryptographic implementations. Our hardware-agnostic attacks can be mitigated with our proposed security patches, but the basic side channel remains exploitable via timing measurements. We demonstrate this with a remote covert channel exfiltrating information from a colluding process through innocuous server requests.

On the Universally Composable Security of OpenStack

Hoda Maleki (University of Connecticut); Kyle Hogan (MIT); Reza Rahaeimehr (University of Connecticut); Ran Canetti, Mayank Varia, Jason Hennessey (Boston University and NetApp); Marten van Dijk (University of Connecticut); Haibin Zhang (UMBC)

Specifically, this work concentrates on the high-level struc-ture of OpenStack, leaving the further formalization and moredetailed analysis of specific OpenStack services to future work.Specifically, we formulate ideal functionalities that correspond tosome of the core OpenStack modules, and then proves securityof the overall OpenStack protocol given the ideal components.

More Publications

Peter Desnoyers, Northeastern University – November 2019

Zoned namespace SSDs: Challenges and Opportunities

Zoned NameSpaces (ZNS) are a mechanism proposed in the NVM Express Workgroup to provide features and functionality similar to that of Open Channel SSD, but fully integrated with the NVMe model using a zone concept similar to that in the ZAC/ZBD extensions for SMR disk. The goals of this research are to investigate applications for ZNS SSD, in particular (a) RAID-like functionality over ZNS SSD, (b) strategies for file system support for ZNS, and (c) interfaces and strategies for direct application usage of ZNS SSD.

Jian Huang, University of Illinois at Urbana-Champaign – October 2018

Hardware-Assisted Secure Flash-Based Storage

Modern storage systems have been developed for decades with the security-critical foundation provided by operating system (OS). However, they are still vulnerable to malware attacks and software defects. Adversaries can obtain the OS kernel privilege or leverage software vulnerabilities to bypass, terminate or destroy current malware detection and defense systems. For instance, encryption ransomware accounts for more than half of all malware attacks today, but current software-based defense systems often fail to enable the victims to say no to ransom collectors. Therefore, it is natural to utilize hardware techniques which have been proven effective in defending against malware attacks.

More Fellowships