Title: Attacks and Mitigation Opportunities for Timing Side-channels in Modern Processor Systems
Date: 2023-04-21 14:30-15:30
Location: CSIE R103
Speaker: Trevor E. Carlson, National University of Singapore
Hosted by: Prof. Shihwei Li
Modern CPUs achieve extremely high performance using a number of techniques, from high clock frequencies and other technology-level enhancements, as well as through microarchitecture updates, like predictors, prefetchers and speculation in many forms. While these microarchitectural improvements have been allowed for significant performance improvement, they come at a cost; the very shared state that is used in these processors to learn and predict the application behavior can now be used to as a side-channel to leak data in unexpected ways.
In this talk, I will discuss two tracks of our recent security research. First, we will discuss our recently presented work, AfterImage, a new prefetcher-based side-channel that exists on modern Intel processor systems. We demonstrate how the prefetcher can be used to extract secret information between applications, between the kernel and user space, and also between an SGX enclave and user space. In the second part of this talk, we will discuss new methodologies that we have been developing that can detect side-channels to minimize the need for high-overhead, always-on defenses. While it is safe to always enable defenses on our systems today for speculative cache-based side-channels, it can see a significant impact on application performance. By detecting when an attack occurs, and preventing data leakage early, one can then decide to enable these protection mechanisms only in the presence of attacks, limiting the overall slowdown seen by these systems.
Trevor E. Carlson is an Assistant Professor at the School of Computing at the National University of Singapore, and previously worked as a computer architect at IBM and as a postdoctoral researcher at Uppsala University. He studied at Carnegie Mellon University (BS, MS) and Ghent University (PhD). His interests include secure and efficient computing and accelerator design, as well as simulation and sampling methodologies. His recent works include AfterImage, a novel prefetcher side-channel and covert-channel (ASPLOS 2023), Specify, a new method for side-channel detection (ICCAD 2022), Capstone, a foundation for trustless, secure memory access (USENIX Security 2023) and Elasticlave, a high-performance TEE (USENIX Security 2022). He co-develops the Sniper Multi-Core Simulator, which is being used by hundreds of researchers in academia and industry to evaluate the performance and power-efficiency of next generation systems. He has recently been awarded Amazon, Intel and VMWare Research Awards. His work has received six Best Paper or Best Paper Nominations in conferences such as the International Symposium on Microarchitecture (MICRO) and the International Symposium on Performance Analysis of Systems and Software (ISPASS).