Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Last-Level Cache Side-Channel Attacks Are Feasible in the Modern Public Cloud (Extended Version)

Zirui Neil Zhao, Adam Morrison, Christopher W. Fletcher, Josep Torrellas

TL;DR

This work demonstrates that last-level cache Prime+Probe side channels can be practical in noisy, multi-tenant clouds by mounting an end-to-end cross-tenant attack against a vulnerable ECDSA implementation on Cloud Run. It introduces L2-driven candidate filtering, a Binary Search-based eviction-set construction, Parallel Probing for high-resolution memory monitoring, and PSD-based victim-set identification to cope with cloud noise and short execution windows. The authors show an end-to-end attack achieving a median of $81\%$ of the secret ECDSA nonce bits extracted in about $19$ seconds, validating feasibility in production environments. The results underscore real-world risks in FaaS platforms and motivate hardware-aware mitigations to curb cross-tenant cache-based leakage in modern clouds.

Abstract

Last-level cache side-channel attacks have been mostly demonstrated in highly-controlled, quiescent local environments. Hence, it is unclear whether such attacks are feasible in a production cloud environment. In the cloud, side channels are flooded with noise from activities of other tenants and, in Function-as-a-Service (FaaS) workloads, the attacker has a very limited time window to mount the attack. In this paper, we show that such attacks are feasible in practice, although they require new techniques. We present an end-to-end, cross-tenant attack on a vulnerable ECDSA implementation in the public FaaS Google Cloud Run environment. We introduce several new techniques to improve every step of the attack. First, to speed-up the generation of eviction sets, we introduce L2-driven candidate address filtering and a Binary Search-based algorithm for address pruning. Second, to monitor victim memory accesses with high time resolution, we introduce Parallel Probing. Finally, we leverage power spectral density from signal processing to easily identify the victim's target cache set in the frequency domain. Overall, using these mechanisms, we extract a median value of 81% of the secret ECDSA nonce bits from a victim container in 19 seconds on average.

Last-Level Cache Side-Channel Attacks Are Feasible in the Modern Public Cloud (Extended Version)

TL;DR

This work demonstrates that last-level cache Prime+Probe side channels can be practical in noisy, multi-tenant clouds by mounting an end-to-end cross-tenant attack against a vulnerable ECDSA implementation on Cloud Run. It introduces L2-driven candidate filtering, a Binary Search-based eviction-set construction, Parallel Probing for high-resolution memory monitoring, and PSD-based victim-set identification to cope with cloud noise and short execution windows. The authors show an end-to-end attack achieving a median of of the secret ECDSA nonce bits extracted in about seconds, validating feasibility in production environments. The results underscore real-world risks in FaaS platforms and motivate hardware-aware mitigations to curb cross-tenant cache-based leakage in modern clouds.

Abstract

Last-level cache side-channel attacks have been mostly demonstrated in highly-controlled, quiescent local environments. Hence, it is unclear whether such attacks are feasible in a production cloud environment. In the cloud, side channels are flooded with noise from activities of other tenants and, in Function-as-a-Service (FaaS) workloads, the attacker has a very limited time window to mount the attack. In this paper, we show that such attacks are feasible in practice, although they require new techniques. We present an end-to-end, cross-tenant attack on a vulnerable ECDSA implementation in the public FaaS Google Cloud Run environment. We introduce several new techniques to improve every step of the attack. First, to speed-up the generation of eviction sets, we introduce L2-driven candidate address filtering and a Binary Search-based algorithm for address pruning. Second, to monitor victim memory accesses with high time resolution, we introduce Parallel Probing. Finally, we leverage power spectral density from signal processing to easily identify the victim's target cache set in the frequency domain. Overall, using these mechanisms, we extract a median value of 81% of the secret ECDSA nonce bits from a victim container in 19 seconds on average.
Paper Structure (32 sections, 8 figures, 6 tables)

This paper contains 32 sections, 8 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Challenges of LLC Prime+Probe in Clouds
  3. This Paper
  4. Background
  5. Cache-Based Side-Channel Attacks
  6. Eviction Sets
  7. Eviction Set Construction Algorithms
  8. Number of Eviction Sets
  9. Bulk Eviction Set Construction
  10. Non-Inclusive LLC in Intel Server CPUs
  11. Function-as-a-Service (FaaS) Platform
  12. Threat Model
  13. Existing Eviction Sets Fail in the Cloud
  14. TestEviction Primitive & Its Noise Susceptibility
  15. Noise Resilience of Existing Algorithms
  16. ...and 17 more sections

Figures (8)

  • Figure 1: Mapping addresses to Skylake-SP's L2 and LLC.
  • Figure 2: CDF of the time between accesses by background activity to a randomly chosen LLC set.
  • Figure 4: Pseudo code of our proposed algorithm. All array indexes start from $1$. Parallel $TestEviction(T_a,\, addrs,\, n)$ returns a boolean value that indicates whether the first $n$ candidate addresses from array $addrs$ can evict the target ${T_{a}}$.
  • Figure 5: Illustration of our proposed binary search-based algorithm (assuming $W=2$). Blocks with shaded pattern represent congruent candidate addresses.
  • Figure 6: Detection rate of each monitoring strategy with various access interval. The x-axis employs a logarithmic scale. The error bars represent the standard deviations.
  • ...and 3 more figures