In the last decade, multi-threaded systems and resource sharing have brought a number of technologies that simplify our daily tasks in a way we never imagined. Among others, cloud computing has emerged to offer powerful computational resources without having to physically acquire and install them, while smartphones have almost reached the same importance desktop computers had a decade ago. This has only been possible thanks to the ever evolving performance improvements made to modern microarchitectures that efficiently manage concurrent usage of hardware resources. One of the aforementioned optimizations is the usage of shared Last Level Caches (LLCs) to balance different CPU core loads and to maintain coherency between shared memory blocks utilized by different cores. The latter has enabled concurrent execution of several processes in low RAM devices such as smartphones.
Although efficient hardware resource sharing has become the de-facto model for several modern technologies, it also poses a major concern with respect to security. Some of the concurrently executed co-resident processes can be malicious and try to take advantage of hardware proximity. New technologies usually claim to be secure by implementing sandboxing techniques and executing processes in isolated software environments, called Virtual Machines (VMs). However, the design of these isolated environments aims at preventing pure software-based attacks and usually does not consider hardware leakages. The malicious utilization of these hardware resources as covert channels might have severe consequences to the privacy of the customers.
Our work demonstrates that malicious users of such technologies can utilize the LLC as the overt channel to obtain sensitive information from a co-resident victim. We show that the LLC is an attractive resource to be targeted by attackers, as it offers high resolution and, unlike previous microarchitectural attacks, does not require core-colocation. Particularly concerning are the cases in which cryptography is compromised, as it is the main component of every security solution. In this sense, the presented work does not only introduce three attack variants that can be applicable in different scenarios, but also demonstrates the ability to recover cryptographic keys (e.g. AES and RSA) and TLS session messages across VMs, bypassing sandboxing techniques.
Finally, two countermeasures to prevent microarchitectural attacks in general and LLC attacks in particular from retrieving fine-grain information are presented. Unlike previously proposed countermeasures, ours do not add permanent overheads in the system but can be utilized as preemptive defenses. The first identifies leakages in cryptographic software that can potentially lead to key extraction, and thus, can be utilized by cryptographic code designers to ensure the sanity of their libraries before deployment. The second detects microarchitectural attacks embedded into innocent-looking binaries, preventing them from being posted in official application repositories that usually have the full trust of the customer.