Leaking Secrets through Compressed Caches

Po An Tsai, Andres Sanchez, Christopher W. Fletcher, Daniel Sanchez

Research output: Contribution to journalArticlepeer-review

Abstract

We offer the first security analysis of cache compression, a promising architectural technique that is likely to appear in future mainstream processors. We find that cache compression has novel security implications because the compressibility of a cache line reveals information about its contents. Compressed caches introduce a new side channel that is especially insidious, as simply storing data transmits information about the data. We present two techniques that make attacks on compressed caches practical. Pack+Probe allows an attacker to learn the compressibility of victim cache lines, and Safecracker leaks secret data efficiently by strategically changing the values of nearby data. Our evaluation on a proof-of-concept application shows that, on a representative compressed cache architecture, Safecracker lets an attacker compromise an 8-byte secret key in under 10 ms. Even worse, Safecracker can be combined with latent memory safety vulnerabilities to leak a large fraction of program memory.

Original languageEnglish (US)
Article number9387557
Pages (from-to)27-33
Number of pages7
JournalIEEE Micro
Volume41
Issue number3
DOIs
StatePublished - May 1 2021

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Electrical and Electronic Engineering

Cite this