AutoLock: Why Cache Attacks on ARM Are Harder Than You Think

Marc Green, Leandro Rodrigues-Lima, Gorka Irazoqui, Johann Heyszl, Thomas Eisenbarth, Andreas Zankl

Abstract

Attacks on the microarchitecture of modern processors have become a practical threat to security and privacy in desktop and cloud computing. Recently, cache attacks have successfully been demonstrated on ARM based mobile devices, suggesting they are as vulnerable as their desktop or server counterparts. In this work, we show that previous literature might have left an overly pessimistic conclusion of ARM’s security as we unveil AutoLock: an internal performance enhancement found in inclusive cache levels of ARM processors that adversely affects Evict+Time, Prime+Probe, and Evict+Reload attacks. AutoLock’s presence on system-on-chips (SoCs) is not publicly documented, yet knowing that it is implemented is vital to correctly assess the risk of cache attacks. We therefore provide a detailed description of the feature and propose three ways to detect its presence on actual SoCs. We illustrate how AutoLock impedes cross-core cache evictions, but show that its effect can also be compensated in a practical attack. Our findings highlight the intricacies of cache attacks on ARM and suggest that a fair and comprehensive vulnerability assessment requires an in-depth understanding of ARM’s cache architectures and rigorous testing across a broad range of ARM based devices.
Original languageEnglish
Title of host publication26th USENIX Security Symposium (USENIX Security 17)
Number of pages17
Place of PublicationVancouver, BC
PublisherUSENIX Association
Publication date08.2017
Pages1075-1091
ISBN (Print)978-1-931971-40-9
Publication statusPublished - 08.2017
Event26th USENIX Security Symposium (USENIX Security 17) - Vancouver, Canada
Duration: 16.08.201718.08.2017
https://www.usenix.org/conference/usenixsecurity17

Fingerprint

Dive into the research topics of 'AutoLock: Why Cache Attacks on ARM Are Harder Than You Think'. Together they form a unique fingerprint.

Cite this