CS/CIS Event: Cache Side-Channel Attack and Defense on Mobile and IoT Devices

November 9 @ 11:00 - 12:30

    IEEE Rochester Section: Computer and Computational Intelligence Societies Joint Chapter

It is found that existing and powerful cache side-channel attacks on Intel
architectures, including Prime+Probe, are ineffective on mobile and
Internet-of-things (IoT) devices powered by ARM architectures. The trust in
ARM’s hardware-isolated execution environments, namely TrustZone, was also
reinforced by these findings. However, those discoveries do not rule out novel
and more sophisticated cache side-channel attacks that leverage overlooked
hardware features. In this talk, I will present a novel Prime+Count attack
that can be used to build reliable covert channels between the normal and
secure world of TrustZone, which breaks one of its fundamental security

On the other hand, protections that can defeat previous cache side-channel
attacks on Intel architectures are not necessarily effective in mitigating
novel cache attacks on ARM platforms. Such solutions attempt to mitigate
attacks by explicitly or implicitly creating a private space, in which
constant-time access to sensitive data is assured. However, some of the
attempts utilize hardware features available only on certain Intel processors.
In this talk, I will also discuss a defense against cache side-channel attacks
that can protect against both dedicated cache (L1) and shared cache (L2)
attacks on mobile and IoT devices.

