Tag Archives: security

Page Cache Attacks

Daniel Gruss, Erik Kraft, Graz University of Technology; and Trishita Tiwari, Boston University; Michael Schwarz, Graz University of Technology; Ari Trachtenberg, Boston University; Jason Hennessey, NetApp; and Alex Ionescu, CrowdStrike and Anders Fogh, Intel

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
November 11 – 15, 2019
London, United Kingdom

We present a new side-channel attack that targets one of the most fundamental software caches in modern computer systems: the operating system page cache. The page cache is a pure software cache that contains all disk-backed pages, including program binaries, shared libraries, and other files. On Windows, dynamic pages are also part of this cache and can be attacked as well, e.g., data, heap, and stacks. Our side channel permits unprivileged monitoring of accesses to these pages of other processes, with a spatial resolution of 4kB and a temporal resolution of 2µs on Linux (≤6.7 measurements per second), and 466ns on Windows 10 (≤223 measurements per second). We systematically analyze the side channel by demonstrating different hardware-agnostic local attacks, including a sandbox-bypassing high-speed covert channel, an ASLR break on Windows 10, and various information leakages that can be used for targeted extortion, spam campaigns, and more directly for UI redressing attacks. We also show that, as with hardware cache attacks, we can attack the generation of temporary passwords on vulnerable cryptographic implementations. Our hardware-agnostic attacks can be mitigated with our proposed security patches, but the basic side channel remains exploitable via timing measurements. We demonstrate this with a remote covert channel exfiltrating information from a colluding process through innocuous server requests.

Resources

  • A copy of the paper can be found at: link.

Roberto Tamassia, Brown University – January 2012

tamassia.jpgPrivate Access to Cloud Storage

The proposal plans to research security issues in access to cloud storage data from enterprises. Specifically, they would like to address cases where vital information can leak even in the presence of encrypted data transfers to/from the cloud. For example, an intruder can monitor encrypted traffic to a cloud storage service provider and can glean important information just by observing the data access patterns. To address this issue, they propose the idea of “obfuscating” data accesses by the right amount to prevent detection using techniques with strict theoretical bounds. The proposed techniques may lead to an increase in data transfers to the cloud – both in the number of bytes as well as requests. So, the challenge in their proposal is to explore the different tradeoffs that arise and evaluate them.