Shield Bash: Abusing Defensive Coherence State Retrieval to Break Timing Obfuscation

• URL: http://arxiv.org/abs/2504.10318v1
• Date: Mon, 14 Apr 2025 15:27:32 GMT
• Title: Shield Bash: Abusing Defensive Coherence State Retrieval to Break Timing Obfuscation
• Authors: Kartik Ramkrishnan, Antonia Zhai, Stephen McCamant, Pen Chung Yew,
• Abstract summary: We study an interaction between two state-of-the art defenses in this paper.<n>TORC mitigates cache-hit based attacks and DSRC mitigates speculative coherence state change attacks.<n>We demonstrate a new covert channel attack is possible using this vulnerability.
• Score: 2.03921019862868
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Microarchitectural attacks are a significant concern, leading to many hardware-based defense proposals. However, different defenses target different classes of attacks, and their impact on each other has not been fully considered. To raise awareness of this problem, we study an interaction between two state-of-the art defenses in this paper, timing obfuscations of remote cache lines (TORC) and delaying speculative changes to remote cache lines (DSRC). TORC mitigates cache-hit based attacks and DSRC mitigates speculative coherence state change attacks. We observe that DSRC enables coherence information to be retrieved into the processor core, where it is out of the reach of timing obfuscations to protect. This creates an unforeseen consequence that redo operations can be triggered within the core to detect the presence or absence of remote cache lines, which constitutes a security vulnerability. We demonstrate that a new covert channel attack is possible using this vulnerability. We propose two ways to mitigate the attack, whose performance varies depending on an application's cache usage. One way is to never send remote exclusive coherence state (E) information to the core even if it is created. The other way is to never create a remote E state, which is responsible for triggering redos. We demonstrate the timing difference caused by this microarchitectural defense assumption violation using GEM5 simulations. Performance evaluation on SPECrate 2017 and PARSEC benchmarks of the two fixes show less than 32\% average overhead across both sets of benchmarks. The repair which prevented the creation of remote E state had less than 2.8% average overhead.

Related papers

• Mind the Gap: Detecting Black-box Adversarial Attacks in the Making through Query Update Analysis [3.795071937009966]
  Adrial attacks can jeopardize the integrity of Machine Learning (ML) models.<n>We propose a framework that detects if an adversarial noise instance is being generated.<n>We evaluate our approach against 8 state-of-the-art attacks, including adaptive attacks.
  arXiv  Detail & Related papers  (2025-03-04T20:25:12Z)
• SMaCk: Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts [5.942801930997087]
  Self-modifying code (SMC) allows programs to alter their own instructions. SMC introduces unique microarchitectural behaviors that can be exploited for malicious purposes.
  arXiv  Detail & Related papers  (2025-02-08T03:35:55Z)
• The VLLM Safety Paradox: Dual Ease in Jailbreak Attack and Defense [56.32083100401117]
  The vulnerability of Vision Large Language Models (VLLMs) to jailbreak attacks appears as no surprise.<n>Recent defense mechanisms against these attacks have reached near-saturation performance on benchmark evaluations.
  arXiv  Detail & Related papers  (2024-11-13T07:57:19Z)
• HSF: Defending against Jailbreak Attacks with Hidden State Filtering [14.031010511732008]
  We propose a jailbreak attack defense strategy based on a Hidden State Filter (HSF) HSF enables the model to preemptively identify and reject adversarial inputs before the inference process begins. It significantly reduces the success rate of jailbreak attacks while minimally impacting responses to benign user queries.
  arXiv  Detail & Related papers  (2024-08-31T06:50:07Z)
• PCG: Mitigating Conflict-based Cache Side-channel Attacks with Prefetching [6.884097465523025]
  This paper proposes a novel prefetching-based scheme, called PCG. It combines adding victim-irrelevant cache occupancy changes and reducing victim-relevant cache occupancy changes to disrupt attackers. PCG shows an average performance improvement of about 1.64% and incurs only 1.26% overhead on hardware resource consumption.
  arXiv  Detail & Related papers  (2024-05-06T07:26:53Z)
• Towards Robust Semantic Segmentation against Patch-based Attack via Attention Refinement [68.31147013783387]
  We observe that the attention mechanism is vulnerable to patch-based adversarial attacks. In this paper, we propose a Robust Attention Mechanism (RAM) to improve the robustness of the semantic segmentation model.
  arXiv  Detail & Related papers  (2024-01-03T13:58:35Z)
• BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive Learning [85.2564206440109]
  This paper reveals the threats in this practical scenario that backdoor attacks can remain effective even after defenses. We introduce the emphtoolns attack, which is resistant to backdoor detection and model fine-tuning defenses.
  arXiv  Detail & Related papers  (2023-11-20T02:21:49Z)
• Random and Safe Cache Architecture to Defeat Cache Timing Attacks [5.142233612851766]
  Caches have been exploited to leak secret information due to the different times they take to handle memory accesses. We present a systematic view of the attack and defense space and show that no existing defense has addressed all cache timing attacks. We propose Random and Safe (RaS) cache architectures to decorrelate cache state changes from memory requests.
  arXiv  Detail & Related papers  (2023-09-28T05:08:16Z)
• MCU-Wide Timing Side Channels and Their Detection [5.504422513647801]
  Microarchitectural timing side channels have been thoroughly investigated as a security threat. Recent activities demonstrate that this threat is real even in microcontrollers without such features. We present a new formal method to close this gap.
  arXiv  Detail & Related papers  (2023-09-22T15:23:57Z)
• DRSM: De-Randomized Smoothing on Malware Classifier Providing Certified Robustness [58.23214712926585]
  We develop a certified defense, DRSM (De-Randomized Smoothed MalConv), by redesigning the de-randomized smoothing technique for the domain of malware detection. Specifically, we propose a window ablation scheme to provably limit the impact of adversarial bytes while maximally preserving local structures of the executables. We are the first to offer certified robustness in the realm of static detection of malware executables.
  arXiv  Detail & Related papers  (2023-03-20T17:25:22Z)
• Attack Agnostic Adversarial Defense via Visual Imperceptible Bound [70.72413095698961]
  This research aims to design a defense model that is robust within a certain bound against both seen and unseen adversarial attacks. The proposed defense model is evaluated on the MNIST, CIFAR-10, and Tiny ImageNet databases. The proposed algorithm is attack agnostic, i.e. it does not require any knowledge of the attack algorithm.
  arXiv  Detail & Related papers  (2020-10-25T23:14:26Z)
• A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
  Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems. This paper proposes a self-supervised adversarial training mechanism in the input space. It provides significant robustness against the textbfunseen adversarial attacks.
  arXiv  Detail & Related papers  (2020-06-08T20:42:39Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.