CS/CIS Event: Cache Side-Channel Attack and Defense on Mobile and IoT Devices

Share

The presentation is sponsored by:

    IEEE Rochester Section: Computer and Computational Intelligence Societies Joint Chapter

    and RIT's GCCIS PhD Colloquium.

 

Abstract:

It is found that existing and powerful cache side-channel attacks on Intel
architectures, including Prime+Probe, are ineffective on mobile and
Internet-of-things (IoT) devices powered by ARM architectures. The trust in
ARM's hardware-isolated execution environments, namely TrustZone, was also
reinforced by these findings. However, those discoveries do not rule out novel
and more sophisticated cache side-channel attacks that leverage overlooked
hardware features. In this talk, I will present a novel Prime+Count attack
that can be used to build reliable covert channels between the normal and
secure world of TrustZone, which breaks one of its fundamental security
guarantees.

On the other hand, protections that can defeat previous cache side-channel
attacks on Intel architectures are not necessarily effective in mitigating
novel cache attacks on ARM platforms. Such solutions attempt to mitigate
attacks by explicitly or implicitly creating a private space, in which
constant-time access to sensitive data is assured. However, some of the
attempts utilize hardware features available only on certain Intel processors.
In this talk, I will also discuss a defense against cache side-channel attacks
that can protect against both dedicated cache (L1) and shared cache (L2)
attacks on mobile and IoT devices.



  Date and Time

  Location

  Contact

  Registration



  • RIT
  • 152 Lomb Memorial Dr.
  • Rochester, New York
  • United States 14623
  • Building: Golisano Hall - Bldg 70
  • Room Number: 3560
  • Click here for Map
  • Co-sponsored by RIT's GCCIS PhD Colloquium


  Speakers

Ziming Zhao
Ziming Zhao of RIT, Computing Security Department

Biography:

Ziming Zhao is an assistant professor at the computing security department of
RIT. He received the PhD degree in computer science from Arizona State
University in 2014. His research foci include system and software security,
network security, usable and user-centric security, cybercrime and threat
intelligence analytics. His research has led to
45+ publications in security conferences and journals, including IEEE
S&P, ACM CCS, USENIX Security, NDSS, ACSAC, TISSEC, etc. He won a best paper
award in ACM CODASPY 2014 and IEEE ITU Kaleidoscope 2016. He directs the
CyberspACe securiTy and forensIcs lab (CactiLab, http://cactilab.info/). He is
looking for motivated students to work on security. Shoot him an email if you
are interested.





Agenda

11:00am -- presentation

12:00pm -- pizza / networking

Note: no advance registration required

RIT visitor parking suggestions:

    1) Stop at the welcome center and obtain visitor parking permit -- [Google map]

    2) Then park at Visitor Parking in the J-lot -- [Google map]

(11/6/18 addition) Visitor's Parking:

     Visitors may park in Lots G or H using this event permit: http://ewh.ieee.org/r1/rochester/computer/2018/20181109/RIT.ParkingPermit.11-9-18.IEEE.pdf

Additional Links:

         IEEE meeting entry : https://events.vtools.ieee.org/m/176639