Institutional Repository [SANDBOX]
Technical University of Crete
EN  |  EL

Search

Browse

My Space

Using dynamic partial reconfiguration as a security mechanism against cache based side channel attacks

Skyvalos Alexandros

Full record


URI: http://purl.tuc.gr/dl/dias/0A5D3F4B-33BA-41B7-9AA1-0D7E4EBD1425
Year 2024
Type of Item Diploma Work
License
Details
Bibliographic Citation Alexandros Skyvalos, "Using dynamic partial reconfiguration as a security mechanism against cache based side channel attacks", Diploma Work, School of Electrical and Computer Engineering, Technical University of Crete, Chania, Greece, 2024 https://doi.org/10.26233/heallink.tuc.100470
Appears in Collections

Summary

Side Channel Attacks pose a significant threat to modern processors, since they are able to steal information by observing the normal operation of the system. Cache based SCAs are especially dangerous as they can extract vital information by simply monitoring the state of the processor’s cache, while simultaneously being used in a plethora of other well-known attacks, such as Spectre and Meltdown. Many defenses have been proposed towards the mitigation of these attacks, however they all come at a cost in either complexity, performance or resource usage. In this thesis we propose an effective solution, that is able to successfully detect and mitigate cache-based SCAs at the hardware level, without introducing performance penalties and any significant area overheads. Our solution leverages the dynamic partial reconfiguration feature of modern FPGAs to introduce a reconfigurable cache. We implement this scheme on an open source RISC-V processor (CVA6), which we modified to support multiple cache configurations that can be swapped during run-time. The cache reconfiguration is handled at the hardware level and does not interrupt the system’s normal operations, making it completely transparent to the software components running on top of the processor. We are able to detect impending attacks by monitoring accesses to timing resources, at which point we switch the cache configuration. We are able to show that by reconfiguring the cache targeted by these attacks we can successfully prevent them from extracting information. Our solution doesn’t impact the processor’s performance and requires minimal additional resources to implement, making it a viable defense against these types of attacks.

Available Files

Services

Statistics