-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathmascab-peripheral.bib
466 lines (413 loc) · 18.3 KB
/
mascab-peripheral.bib
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
% Copyright (C) 2018 Daniel Page <[email protected]>
%
% Use of this source code is restricted per the CC BY-SA license, a copy of
% which can be found via http://creativecommons.org (and should be included
% as LICENSE.txt within the associated archive or repository).
% =============================================================================
@STRING{KEYWORDS={class=peripheral,topic=cache/security}}
@inproceedings{MASCAB:Inoue:06,
keywords = KEYWORDS,
author = {K. Inoue},
title = {Lock and Unlock: A Data Management Algorithm for A Security-Aware Cache},
booktitle = {IEEE International Conference on Electronics, Circuits and Systems (ICECS)},
pages = {1093--1096},
year = {2006},
addendum = {
This paper is peripheral at best, in the sense it details a cache design
intended to prevent buffer overflow attacks; the idea is quite involved,
but basically uses the cache as a redundant, hardware-backed stack which
can detect manipulation of return addresses. The peripheral connection
to cache-based attacks stems from the inclusion of a mechanism for cache
line locking: each line can be controlled st. eviction is prevented.
}
}
% -----------------------------------------------------------------------------
@STRING{KEYWORDS={class=peripheral,topic=cache/power}}
@article{MASCAB:SubJonTop:13,
keywords = KEYWORDS,
author = {K.T. Sundararajan and T.M. Jones and N.P. Topham},
title = {The Smart Cache: An Energy-Efficient Cache Architecture Through Dynamic Adaptation},
journal = {International Journal of Parallel Programming},
volume = {41},
number = {2},
pages = {305--330},
year = {2013}
}
@inproceedings{MASCAB:KFBM:02,
keywords = KEYWORDS,
author = {N.S. Kim and K. Flautner and D. Blaauw and T.N. Mudge},
title = {Drowsy Instruction Caches: Leakage Power Reduction using Dynamic Voltage Scaling and Cache Sub-bank Prediction},
booktitle = {ACM/IEEE International Symposium on Microarchitecture (MICRO)},
pages = {219--230},
year = {2002}
}
@inproceedings{MASCAB:KKMBM:02,
keywords = KEYWORDS,
author = {K. Flautner and N.S. Kim and S. Martin and D. Blaauw and T.N. Mudge},
title = {Drowsy Caches: Simple Techniques for Reducing Leakage Power},
booktitle = {International Symposium on Computer Architecture (ISCA)},
pages = {148--157},
year = {2002}
}
@inproceedings{MASCAB:KaxHuMar:01,
keywords = KEYWORDS,
author = {S. Kaxiras and Z. Hu and M. Martonosi},
title = {Cache decay: exploiting generational behavior to reduce cache leakage power},
booktitle = {International Symposium on Computer Architecture (ISCA)},
pages = {240--251},
year = {2001}
}
@inproceedings{MASCAB:PYFRV:00,
keywords = KEYWORDS,
author = {M. Powell and S.-H. Yang and B. Falsafi and K. Roy and T. N. Vijaykumar},
title = {{Gated-Vdd}: A circuit technique to reduce leakage in deep-submicron cache memories},
booktitle = {International Symposium on Low Power Electronics and Design},
pages = {90--95},
year = {2000}
}
% -----------------------------------------------------------------------------
@STRING{KEYWORDS={class=peripheral,topic=cache/partition}}
@inproceedings{MASCAB:SanKoz:11,
keywords = KEYWORDS,
author = {D. Sanchez and C. Kozyrakis},
title = {Vantage: Scalable and efficient fine-grain cache partitioning},
booktitle = {International Symposium on Computer Architecture (ISCA)},
pages = {57--68},
year = {2011}
}
@inproceedings{MASCAB:RacPat:03,
keywords = KEYWORDS,
author = {P. Racunas and Y.N. Patt},
title = {Partitioned First-level Cache Design for Clustered Microarchitectures},
booktitle = {International Conference on Supercomputing (ICS)},
pages = {22--31},
year = {2003}
}
@inproceedings{MASCAB:PetOra:01,
keywords = KEYWORDS,
author = {P. Petrov and A. Orailoglu},
title = {Towards effective embedded processors in codesigns: customizable partitioned caches},
booktitle = {Hardware/Software Codesign (CODES)},
pages = {79--84},
year = {2001}
}
@inproceedings{MASCAB:KVKSIG:01,
keywords = KEYWORDS,
author = {S. Kim and N. Vijaykrishnan and M. Kandemir and A. Sivasubramaniam and M.J. Irwin and E. Geethanjali},
title = {Power-aware Partitioned Cache Architectures},
booktitle = {International Symposium on Low Power Electronics and Design (ISLPED)},
pages = {64--67},
year = {2001}
}
@inproceedings{MASCAB:RanAdvJou:00,
keywords = KEYWORDS,
author = {P. Ranganathan and S. Adve and N.P. Jouppi},
title = {Reconfigurable Caches and Their Application to Media Processing},
booktitle = {International Symposium on Computer Architecture (ISCA)},
pages = {214--224},
year = {2000},
}
@inproceedings{MASCAB:GonAliVal:95,
keywords = KEYWORDS,
author = {A. Gonz\'{a}lez and C. Aliagas and M. Valero},
title = {A Data Cache with Multiple Caching Strategies Tuned to Different Types of Locality},
booktitle = {International Conference on Supercomputing (ICS)},
pages = {338--347},
year = {1995}
}
@inproceedings{MASCAB:JuaRoyNav:95,
keywords = KEYWORDS,
author = {T. Juan and D. Royo and J.J. Navarro},
title = {Dynamic Cache Splitting},
booktitle = {International Confernce of the Chilean Computational Society},
year = {1995}
}
% =============================================================================
@STRING{KEYWORDS={class=peripheral,topic=attack/rowhammer}}
@inproceedings{MASCAB:VFLGMVBRG:16,
keywords = KEYWORDS,
author = {V. van der Veen and Y. Fratantonio and M. Lindorfer and D. Gruss and C. Maurice and G. Vigna and H. Bos and K. Razavi and C. Giuffrida},
title = {Drammer: Deterministic Rowhammer Attacks on Mobile Platforms},
booktitle = {ACM Conference on Computer and Communications Security (CCS)},
pages = {1675--1689},
year = {2016}
}
@inproceedings{MASCAB:QiaSea:16,
keywords = KEYWORDS,
author = {R. Qiao and M. Seaborn},
title = {A new approach for rowhammer attacks},
booktitle = {Hardware Oriented Security and Trust (HOST)},
pages = {161--166},
year = {2016}
}
@inproceedings{MASCAB:BhaMuk:16,
keywords = KEYWORDS,
author = {S. Bhattacharya and D. Mukhopadhyay},
title = {Curious Case of Rowhammer: Flipping Secret Exponent Bits Using Timing Analysis},
booktitle = {Cryptographic Hardware and Embedded Systems (CHES)},
publisher = {Springer-Verlag},
series = {LNCS 9813},
pages = {602--624},
year = {2016}
}
@article{MASCAB:BDGLS:16,
keywords = KEYWORDS,
author = {F.F. Brasser and L. Davi and D. Gens and C. Liebchen and A.-R. Sadeghi},
title = {{CAn't Touch This}: Practical and Generic Software-only Defenses Against Rowhammer Attacks},
journal = {CoRR},
volume = {abs/1611.08396},
year = {2016},
url = {http://arxiv.org/abs/1611.08396}
}
@article{MASCAB:GruMauMan:15,
keywords = KEYWORDS,
author = {D. Gruss and C. Maurice and S. Mangard},
title = {Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript},
journal = {CoRR},
volume = {abs/1507.06955},
year = {2015},
url = {http://arxiv.org/abs/1507.06955}
}
@inproceedings{MASCAB:KDKFLLWLM:14,
keywords = KEYWORDS,
author = {Y. Kim and R. Daly and J. Kim and C. Fallin and J.H. Lee and D. Lee and C. Wilkerson and K. Lai and O. Mutlu},
title = {Flipping bits in memory without accessing them: An experimental study of {DRAM} disturbance errors},
booktitle = {International Symposium on Computer architecuture (ISCA)},
pages = {361--372},
year = {2014}
}
% -----------------------------------------------------------------------------
@STRING{KEYWORDS={class=peripheral,topic=attack/aslr}}
@inproceedings{MASCAB:JanLeeKim:16,
keywords = KEYWORDS,
author = {Y. Jang and S. Lee and T. Kim},
title = {Breaking Kernel Address Space Layout Randomization with {Intel} {TSX}},
booktitle = {Conference on Computer and Communications Security (CCS)},
pages = {380--392},
year = {2016}
}
% -----------------------------------------------------------------------------
@STRING{KEYWORDS={class=peripheral,topic=attack/debug}}
@article{MASCAB:HuaMis:17,
keywords = KEYWORDS,
author = {Y. Huang and P. Mishra},
title = {Trace Buffer Attack on the AES Cipher},
journal = {Journal of Hardware and Systems Security},
publisher = {Springer-Verlag},
volume = {1},
issue = {1},
pages = {68--84},
year = {2017},
addendum = {
See also~\cite{MASCAB:HuaChaMis:15}.
The ARM trace buffer is essentially an on-chip test and debug mechanism:
one can configure it to capture a subset of signals for some period, and
then export the result for analysis. In a sense, this yields a problem
of the same style as scan-chain based attacks, namely a tension between
the needs of observability and security.
}
}
@inproceedings{MASCAB:HuaChaMis:15,
keywords = KEYWORDS,
author = {Y. Huang and A. Chattopadhyay and P. Mishra},
title = {Trace Buffer Attack: Security versus observability study in post-silicon debug},
booktitle = {Very Large Scale Integration (VLSI-SoC)},
pages = {355--360},
year = {2015}
}
% -----------------------------------------------------------------------------
@STRING{KEYWORDS={class=peripheral,topic=attack/degrade}}
@inproceedings{MASCAB:TsaEtsFei:07,
keywords = KEYWORDS,
author = {D. Tsafrir and Y. Etsion and D.G. Feitelson},
title = {Secretly Monopolizing the {CPU} Without Superuser Privileges},
booktitle = {USENIX Security Symposium},
pages = {17:1--17:18},
year = {2007}
}
% -----------------------------------------------------------------------------
@STRING{KEYWORDS={class=peripheral,topic=attack/recover}}
@inproceedings{MASCAB:PoeSib:15,
keywords = KEYWORDS,
author = {B. Poettering and D.L. Sibborn},
title = {Cold Boot Attacks in the Discrete Logarithm Setting},
booktitle = {Topics in Cryptology (CT-RSA)},
publisher = {Springer-Verlag},
series = {LNCS 9048},
pages = {449--465},
year = {2015}
}
@inproceedings{MASCAB:PatPolSib:12,
keywords = KEYWORDS,
author = {K.G. Paterson and A. Polychroniadou and D.L. Sibborn},
title = {A Coding-Theoretic Approach to Recovering Noisy {RSA} Keys},
booktitle = {Advances in Cryptology (ASIACRYPT)},
publisher = {Springer-Verlag},
series = {LNCS 7658},
pages = {386--403},
year = {2012}
}
@inproceedings{MASCAB:HenSha:09,
keywords = KEYWORDS,
author = {N. Heninger and H. Shacham},
title = {Reconstructing {RSA} Private Keys from Random Key Bits},
booktitle = {Advances in Cryptology (CRYPTO)},
publisher = {Springer-Verlag},
series = {LNCS 5677},
pages = {1--17},
year = {2009}
}
@inproceedings{MASCAB:Walter:03,
keywords = KEYWORDS,
author = {C.D. Walter},
title = {Longer Keys May Facilitate Side Channel Attacks},
booktitle = {Selected Areas in Cryptography (SAC)},
publisher = {Springer-Verlag},
series = {LNCS 3006},
pages = {42--57},
year = {2003}
}
% -----------------------------------------------------------------------------
@STRING{KEYWORDS={class=peripheral,topic=attack/paradigm}}
@inproceedings{MASCAB:GBHP:16,
keywords = KEYWORDS,
author = {S. Ghandali and G.T. Becker and D. Holcomb and C. Paar},
title = {A Design Methodology for Stealthy Parametric Trojans and Its Application to Bug Attacks},
booktitle = {Cryptographic Hardware and Embedded Systems (CHES)},
publisher = {Springer-Verlag},
series = {LNCS 9813},
pages = {625--647},
year = {2016}
}
@inproceedings{MASCAB:RNRDBS:15,
keywords = KEYWORDS,
author = {L. Rivi\'{e}re and Z. Najm and P. Rauzy and J.-L. Danger and J. Bringer and L. Sauvage},
title = {High precision fault injections on the instruction cache of {ARMv7-M} architectures},
booktitle = {IEEE International Symposium on Hardware Oriented Security and Trust (HOST)},
pages = {62--67},
year = {2015}
}
@inproceedings{MASCAB:GruGhi:02,
keywords = KEYWORDS,
author = {D. Grunwald and S. Ghiasi},
title = {Microarchitectural Denial of Service: Insuring Microarchitectural Fairness},
booktitle = {ACM/IEEE International Symposium on Microarchitecture (MICRO)},
pages = {409--418},
year = {2002}
}
@inproceedings{MASCAB:TanSetSto:17,
keywords = KEYWORDS,
author = {A. Tang and S. Sethumadhavan and S. Stolfo},
title = {{CLKSCREW}: Exposing the Perils of Security-Oblivious Energy Management},
booktitle = {USENIX Security Symposium},
pages = {1057--1074},
year = {2017},
addendum = {
Dynamic Frequency and Voltage Scaling (DVFS) is a mechanism to manage the
energy consumption of, for example, processor cores; the idea is the core
voltage level and/or clock frequency can be dynamically controlled, which
allows them to be reduced during periods of relative inactivy in order to
reduce energy consumption.
On ARM-based platforms using Android, DVFS is managed by the kernel. The
paper shows that {\em if} a malicious kernel driver can gain control over
DVFS, this abilility can be leverage to drive the core beyond the stated
operational limits; the result is fault(s) during execution, which can be
capitalised upon per traditional fault attacks (e.g., based on clock or
power glitching: in essence, this is a software-defined fault vs. a fault
injected by physical means).
}
}
% =============================================================================
@STRING{KEYWORDS={class=peripheral,topic=verify}}
@inproceedings{MASCAB:ABBDE:16,
keywords = KEYWORDS,
author = {J.B. Almeida and M. Barbosa and G. Barthe and F. Dupressoir and M. Emmi},
title = {Verifying Constant-Time Implementations},
booktitle = {USENIX Security Symposium},
pages = {53--70},
year = {2016}
}
@inproceedings{MASCAB:CGMH:14,
keywords = KEYWORDS,
author = {D. Cock and Q. Ge and T. Murray and G. Heiser},
title = {The last mile: An empirical study of some timing channels on {seL4}},
booktitle = {Computer and Communications Security (CCS)},
pages = {570--581},
year = {2014},
addendum = {
Although this paper is interesting for other reasons, a (subtle) point to
note is use of the (information theory based) channel matrix to visualise
timing channels: points in the matrix (visualised as a heat map) capture
the probability of observing each output symbol, given transmission of an
input symbol.
}
}
@inproceedings{MASCAB:MMBGBSLGK:13,
keywords = KEYWORDS,
author = {T. Murray and D. Matichuk and M. Brassil and P. Gammie and T. Bourke and S. Seefried and C. Lewis and X. Gao and G. Klein},
title = {{seL4}: from general purpose to a proof of information flow enforcement},
booktitle = {IEEE Symposium on Security \& Privicy (S\&P)},
pages = {415--429},
year = {2013}
}
@inproceedings{MASCAB:KEHACDEEKNSTW:09,
author = {G. Klein and K. Elphinstone and G. Heiser and J. Andronick and D. Cock and P. Derrin and D. Elkaduwe and K. Engelhardt and R. Kolanski and M. Norrish and T. Sewell and H. Tuch and S. Winwood},
title = {{seL4}: Formal Verification of an {OS} Kernel},
booktitle = {ACM Symposium on Operating Systems Principles (SOSP)},
pages = {207--220},
year = {2009}
}
% =============================================================================
@STRING{KEYWORDS={class=peripheral,topic=misc}}
@inproceedings{MASCAB:AraThu:07,
keywords = KEYWORDS,
author = {S. Aravamuthan and V.R. Thumparthy},
title = {A Parallelization of {ECDSA} Resistant to Simple Power Analysis Attacks},
booktitle = {Communication Systems Software and Middleware (COMSWARE)},
pages = {1--7},
year = {2007}
}
@article{MASCAB:PieLomVil:16,
keywords = KEYWORDS,
author = {R. Di Pietro and F. Lombardi and A. Villani},
title = {{CUDA} Leaks: A Detailed Hack for {CUDA} and a (Partial) Fix},
journal = {ACM Transactions on Embedded Computing Systems (TECS)},
volume = {15},
number = {1},
pages = {15:1--15:25},
year = {2016},
addendum = {
This paper is included mainly to highlight the fact it is {\em not}
about information leakage in the sense of side-channel attacks: the
leakage here is (arguably) closer aligned with the concept of data
remnants, stemming from inadequate access controlled to various GPU
memory structures (by hardware and/or driver infrastructure).
}
}
@inproceedings{MASCAB:DKLMQW:98,
keywords = KEYWORDS,
author = {J.-F. Dhem and F. Koeune and P.-A. Leroux and P. Mestr\'{e} and J.-J. Quisquater and J.-L. Willems},
title = {A Practical Implementation of the Timing Attack},
booktitle = {Smart Card Research and Advanced Applications (CARDIS)},
publisher = {Springer-Verlag},
series = {LNCS 1820},
pages = {167--182},
year = {1998}
}
@unpublished{MASCAB:CosDev:16,
keywords = KEYWORDS,
author = {V. Costan and S. Devadas},
title = {Intel {SGX} Explained},
howpublished = {Cryptology ePrint Archive, Report 2016/086},
year = {2016},
url = {http://eprint.iacr.org/2016/086}
}
@inproceedings{MASCAB:MulDewFre:10,
keywords = KEYWORDS,
author = {T. M\"{u}ller and A. Dewald and F.C. Freiling},
title = {{AESSE}: A Cold-boot Resistant Implementation of {AES}},
booktitle = {European Workshop on System Security (EUROSEC)},
pages = {42--47},
year = {2010}
}
% =============================================================================