Recent secure cache designs aim to mitigate side-channel attacks by randomizing the mapping from memory addresses to cache sets. As vendors investigate deployment of these caches, it is crucial to ...understand their actual security.In this paper, we consolidate existing randomization-based secure caches into a generic cache model. We then comprehensively analyze the security of existing designs, including CEASER-S and SCATTERCACHE, by mapping them to instances of this model. We tailor cache attacks for randomized caches using a novel PRIME+PRUNE+PROBE technique, and optimize it using burst accesses, bootstrapping, and multi-step profiling. PRIME+ PRUNE+PROBE constructs probabilistic but reliable eviction sets, enabling attacks previously assumed to be computationally infeasible. We also simulate an end-to-end attack, leaking secrets from a vulnerable AES implementation. Finally, a case study of CEASER-S reveals that cryptographic weaknesses in the randomization algorithm can lead to a complete security subversion.Our systematic analysis yields more realistic and comparable security levels for randomized caches. As we quantify how design parameters influence the security level, our work leads to important conclusions for future work on secure cache designs.
Fallout Canella, Claudio; Genkin, Daniel; Giner, Lukas ...
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security,
11/2019
Conference Proceeding
Odprti dostop
Meltdown and Spectre enable arbitrary data leakage from memory via various side channels. Short-term software mitigations for Meltdown are only a temporary solution with a significant performance ...overhead. Due to hardware fixes, these mitigations are disabled on recent processors. In this paper, we show that Meltdown-like attacks are still possible on recent CPUs which are not vulnerable to Meltdown. We identify two behaviors of the store buffer, a microarchitectural resource to reduce the latency for data stores, that enable powerful attacks. The first behavior, Write Transient Forwarding forwards data from stores to subsequent loads even when the load address differs from that of the store. The second, Store-to-Leak exploits the interaction between the TLB and the store buffer to leak metadata on store addresses. Based on these, we develop multiple attacks and demonstrate data leakage, control flow recovery, and attacks on ASLR. Our paper shows that Meltdown-like attacks are still possible, and software fixes with potentially significant performance overheads are still necessary to ensure proper isolation between the kernel and user space.
In this paper, we propose SassCache, a secure skewed associative cache with keyed index mapping. For this purpose, we design a new two-layered, low-latency cryptographic construction with ...configurable output coverage based on state-of-the-art cryptographic primitives. Based on this construction, SassCache is the first secure randomized cache with secure spacing. Victim cache lines automatically hide in locations the attacker cannot reach after less than 1 access on average. Consequently, attackers cannot evict the cache line, no matter which and how many memory accesses they perform. Our security analysis shows that all existing techniques for eviction set construction fail, and state-of-the-art attacks only apply to 1 in 3 million addresses, where SassCache is still as secure as ScatterCache. Compared to standard caches, Sass Cache has a single-threaded performance penalty of 1.75 % on the last-level cache hit rate in the SPEC2017 benchmark, and an average decrease of 11.7 p.p. in hit rate for MiBench, GAP and Scimark for our high-security settings.
Modern applications often consist of different security domains that require isolation from each other. While several solutions exist, most of them rely on specialized hardware, hardware extensions, ...or require less-efficient software instrumentation of the application. In this paper, we propose Domain Page-Table Isolation (DPTI), a novel mechanism for hardware-enforced security domains that can be readily used on commodity off-the-shelf CPUs. DPTI uses two novel techniques for dynamic, time-limited changes to the memory isolation at security-critical points, called memory freezing and stashing. We demonstrate the versatility and efficacy of DPTI in two scenarios: First, DPTI freezes or stashes memory to support faster and more fine-grained syscall filtering than state-of-the-art seccomp-bpf. With the provided memory safety guarantees, DPTI can even securely support deep argument filtering, such as string comparisons. Second, DPTI freezes or stashes memory to efficiently confine potentially untrusted SGX enclaves, outperforming existing solutions by 14.6%-22% while providing the same security guarantees. Our results show that DPTI is a viable mechanism to isolate domains within applications using only existing mechanisms available on modern CPUs, without relying on special hardware instructions or extensions
Meltdown and Spectre exploit microarchitectural changes the CPU makes during transient out-of-order execution. Using side-channel techniques, these attacks enable leaking arbitrary data from memory. ...As state-of-the-art software mitigations for Meltdown may incur significant performance overheads, they are only seen as a temporary solution. Thus, software mitigations are disabled on more recent processors, which are not susceptible to Meltdown anymore. In this paper, we show that Meltdown-like attacks are still possible on recent CPUs which are not vulnerable to the original Meltdown attack. We show that the store buffer - a microarchitectural optimization to reduce the latency for data stores - in combination with the TLB enables powerful attacks. We present several ASLRrelated attacks, including a KASLR break from unprivileged applications, and breaking ASLR from JavaScript. We can also mount side-channel attacks, breaking the atomicity of TSX, and monitoring control flow of the kernel. Furthermore, when combined with a simple Spectre gadget, we can leak arbitrary data from memory. Our paper shows that Meltdown-like attacks are still possible, and software fixes are still necessary to ensure proper isolation between the kernel and user space. This updated extended version of the original paper includes new results and explanations on the root cause of the vulnerability and shows how it is different to MDS attacks like Fallout.
We identified two unrelated consanguineous families with three children affected by the rare association of congenital nephrotic syndrome (CNS) diagnosed in the first days of life, of hypogonadism, ...and of prenatally detected adrenal calcifications, associated with congenital adrenal insufficiency in one case. Using exome sequencing and targeted Sanger sequencing, two homozygous truncating mutations, c.1513C>T (p.Arg505*) and c.934delC (p.Leu312Phefs*30), were identified in SGPL1‐encoding sphingosine‐1‐phosphate (S1P) lyase 1. SGPL1 catalyzes the irreversible degradation of endogenous and dietary S1P, the final step of sphingolipid catabolism, and of other phosphorylated long‐chain bases. S1P is an intracellular and extracellular signaling molecule involved in angiogenesis, vascular maturation, and immunity. The levels of SGPL1 substrates, S1P, and sphingosine were markedly increased in the patients’ blood and fibroblasts, as determined by liquid chromatography–tandem mass spectrometry. Vascular alterations were present in a patient's renal biopsy, in line with changes seen in Sgpl1 knockout mice that are compatible with a developmental defect in vascular maturation. In conclusion, loss of SGPL1 function is associated with CNS, adrenal calcifications, and hypogonadism.
Sphingosine‐1‐phosphate (SiP) is an intra and extracellular signaling molecule involved in angiogenesis, vascular maturation, and immunity. SiP is irreversibly degraded by sphingosine‐1‐phosphate lyase 1, encoded by SGPL1.
Formate can be directly produced from CO2 and renewable electricity, making it a promising microbial feedstock for sustainable bioproduction. Cupriavidus necator is one of the few ...biotechnologically-relevant hosts that can grow on formate, but it uses the Calvin cycle, the high ATP cost of which limits biomass and product yields. Here, we redesign C. necator metabolism for formate assimilation via the synthetic, highly ATP-efficient reductive glycine pathway. First, we demonstrate that the upper pathway segment supports glycine biosynthesis from formate. Next, we explore the endogenous route for glycine assimilation and discover a wasteful oxidation-dependent pathway. By integrating glycine biosynthesis and assimilation we are able to replace C. necator's Calvin cycle with the synthetic pathway and achieve formatotrophic growth. We then engineer more efficient glycine metabolism and use short-term evolution to optimize pathway activity. The final growth yield we achieve (2.6 gCDW/mole-formate) nearly matches that of the WT strain using the Calvin Cycle (2.9 gCDW/mole-formate). We expect that further rational and evolutionary optimization will result in a superior formatotrophic C. necator strain, paving the way towards realizing the formate bio-economy.
•Cupriavidus necator is a promising host for realizing the formate bio-economy.•C. necator uses the ATP-inefficient Calvin cycle for formatotrophic growth.•The synthetic reductive glycine pathway (rGlyP) could increase yield on formate.•The rGlyP was introduced to C. necator using a modular engineering approach.•Formatotrophic growth via the rGlyP was realized and improved by short-term evolution.
Identification and synthesis of intramolecularly donor‐stabilized aluminium(III) complexes, which contain a 3‐(dimethylamino)propyl (DMP) ligand, as novel atomic layer deposition (ALD) precursors has ...enabled the development of new and promising ALD processes for Al2O3 thin films at low temperatures. Key for this promising outcome is the nature of the ligand combination that leads to heteroleptic Al complexes encompassing optimal volatility, thermal stability and reactivity. The first ever example of the application of this family of Al precursors for ALD is reported here. The process shows typical ALD like growth characteristics yielding homogeneous, smooth and high purity Al2O3 thin films that are comparable to Al2O3 layers grown by well‐established, but highly pyrophoric, trimethylaluminium (TMA)‐based ALD processes. This is a significant development based on the fact that these compounds are non‐pyrophoric in nature and therefore should be considered as an alternative to the industrial TMA‐based Al2O3 ALD process used in many technological fields of application.
Easy to handle Al precursors: A new class of 3‐(dimethylamino)propylaluminium(III) complexes were developed as novel atomic layer deposition (ALD) precursors, which were successfully applied for low‐temperature thermal and plasma ALD of Al2O3 thin films. The non‐pyrophoric nature of these compounds, as well as the outstanding process characteristics, render them as a real alternative to the industrially used trimethylaluminium process for Al2O3.
Vapor phase deposited iron oxide nanostructures are promising for fabrication of solid state chemical sensors, photoelectrodes for solar water splitting, batteries, and logic devices. The deposition ...of iron oxide via chemical vapor deposition (CVD) or atomic layer deposition (ALD) under mild conditions necessitates a precursor that comprises good volatility, stability, and reactivity. Here, a versatile iron precursor, namely bis(N‐isopropylketoiminate) iron(II), which possesses ideal characteristics both for low‐temperature CVD and water‐assisted ALD processes, is reported. The films are thoroughly investigated toward phase, composition, and morphology. As‐deposited ALD grown Fe2O3 layers are amorphous, while the CVD process in the presence of oxygen leads to polycrystalline hematite layers. The nanostructured iron oxide grown via CVD consists of nanoplatelets that are appealing for photoelectrochemical applications. Preliminary tests of the photoelectrocatalytic activity of CVD‐grown Fe2O3 layers show photocurrent densities up to 0.3 mA cm−2 at 1.2 V versus reversible hydrogen electrode (RHE) and 1.2 mA cm−2 at 1.6 V versus RHE under simulated sunlight (1 sun). Surface modification by cobalt oxyhydroxide (Co‐Pi) co‐catalyst is found to have a highly beneficial effect on photocurrent, leading to maximum monochromatic quantum efficiencies of 10% at 400 nm and 4% at 500 nm at 1.5 V versus RHE.
The iron (II) isopropyl‐ketomiminate complex is applicable as chemical vapor deposition (CVD) and atomic layer deposition (ALD) precursor. The mixed oxygen nitrogen coordination atmosphere enables sufficient stability and reactivity for water‐assisted ALD processes, but is in turn labile enough to work as CVD precursor in oxygen atmosphere from 350 °C onward.
Identification and synthesis of intramolecularly donor-stabilized aluminium(III) complexes, which contain a 3-(dimethylamino)propyl (DMP) ligand, as novel atomic layer deposition (ALD) precursors has ...enabled the development of new and promising ALD processes for Al
O
thin films at low temperatures. Key for this promising outcome is the nature of the ligand combination that leads to heteroleptic Al complexes encompassing optimal volatility, thermal stability and reactivity. The first ever example of the application of this family of Al precursors for ALD is reported here. The process shows typical ALD like growth characteristics yielding homogeneous, smooth and high purity Al
O
thin films that are comparable to Al
O
layers grown by well-established, but highly pyrophoric, trimethylaluminium (TMA)-based ALD processes. This is a significant development based on the fact that these compounds are non-pyrophoric in nature and therefore should be considered as an alternative to the industrial TMA-based Al
O
ALD process used in many technological fields of application.
PDF
