Leaking Secrets through Compressed Caches

Po An Tsai, Andres Sanchez, Christopher Fletcher, Daniel Sanchez

Research output: Contribution to journalArticlepeer-review

Abstract

We offer the first security analysis of cache compression, a promising architectural technique that is likely to appear in future mainstream processors. We find that cache compression is insecure because the compressibility of a cache line reveals information about its contents. Compressed caches introduce a new side channel that is especially insidious, as simply storing data transmits information about it. We present two techniques that make attacks on compressed caches practical. Pack+Probe allows an attacker to learn the compressibility of victim cache lines, and Safecracker leaks secret data efficiently by strategically changing the values of nearby data. Our evaluation on a proof-of-concept application shows that, on a representative compressed cache architecture, Safecracker lets an attacker compromise an 8-byte secret key in under 10 ms. Even worse, Safecracker can be combined with latent memory safety vulnerabilities to leak a large fraction of program memory.

Original languageEnglish (US)
JournalIEEE Micro
DOIs
StateAccepted/In press - 2021

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Leaking Secrets through Compressed Caches'. Together they form a unique fingerprint.

Cite this