CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

When Side Channel Meets Row Hammer: Cache-Memory Attacks in Clouds and Mobile Devices

Yinqian Zhang

Yinqian Zhang - The Ohio State University

Dec 07, 2016

Size: 168.8MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

Processor caches and memory chips are hardware components used by all software programs on a computer system. They are designed, and thereafter fine-tuned over the years, for better performance and power efficiency, but not for strong isolation between mutually distrustful software programs. However, modern computing paradigm has been shifting towards resource sharing without full trust: In multi-tenant public clouds, virtual machines controlled by different customers are scheduled to run on the same cloud servers; in mobile devices, untrusted third-party apps, though isolated using sandboxes, share the same devices with sensitive apps. Our research question is whether sharing of memory resources will introduce new security threats to these systems.

In this talk, we highlight a type of security threats that we call cache-memory attacks. These attacks are possible due to insufficient isolation in hardware memory resources (e.g., various levels of caches, memory controllers, buses and chips, etc.) that are shared between malevolent and sensitive software programs. We coin cache-memory attacks as the umbrella terms of side-channel attacks (i.e., confidentiality attacks), row-hammer attacks (i.e., integrity attacks) and resource contention attacks (i.e., availability attacks). We will discuss the root vulnerabilities of these attacks and their exploitation in the context of clouds and mobile devices. We will also cover some defense techniques against these attacks that we have developed over the past few years.

About the Speaker

Dr. Yinqian Zhang is an assistant professor of the Department of Computer Science and Engineering at The Ohio State University. His research topics range over various fields in security, including cloud and mobile security, hardware-assisted security, user authentication and anonymous communication. He is known for his work in side-channel attacks and defenses in multi-tenant cloud computing.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.