Abstract
There is a constant evolution of technology for cloud environments, including the development of new memory storage technology, such as persistent memory.
The newly-released Intel Optane persistent memory provides high-performance, persistent, and byte-addressable access for storage-class applications in data centers.
While Optane's direct data management is fast and efficient, it is unclear whether it comes with undesirable security implications.
This is problematic, as cloud tenants are physically co-located on the same hardware.
In this paper, we present the first side-channel security analysis of Intel Optane persistent memory.
We reverse-engineer the internal cache hierarchy, cache sizes, associativity, replacement policies, and wear-leveling mechanism of the Optane memory.
Based on this reverse-engineering, we construct four new attack primitives on Optane's internal components.
We then present four case studies using these attack primitives.
First, we present local covert channels based on Optane's internal caching.
Second, we demonstrate a keystroke side-channel attack on a remote user via Intel's Optane-optimized key-value store, pmemkv.
Third, we study a fully remote covert channel through pmemkv.
Fourth, we present our Note Board attack, also through pmemkv, enabling two parties to store and exchange messages covertly across long time gaps and even power cycles of the server.
Finally, we discuss mitigations against our attacks.
The newly-released Intel Optane persistent memory provides high-performance, persistent, and byte-addressable access for storage-class applications in data centers.
While Optane's direct data management is fast and efficient, it is unclear whether it comes with undesirable security implications.
This is problematic, as cloud tenants are physically co-located on the same hardware.
In this paper, we present the first side-channel security analysis of Intel Optane persistent memory.
We reverse-engineer the internal cache hierarchy, cache sizes, associativity, replacement policies, and wear-leveling mechanism of the Optane memory.
Based on this reverse-engineering, we construct four new attack primitives on Optane's internal components.
We then present four case studies using these attack primitives.
First, we present local covert channels based on Optane's internal caching.
Second, we demonstrate a keystroke side-channel attack on a remote user via Intel's Optane-optimized key-value store, pmemkv.
Third, we study a fully remote covert channel through pmemkv.
Fourth, we present our Note Board attack, also through pmemkv, enabling two parties to store and exchange messages covertly across long time gaps and even power cycles of the server.
Finally, we discuss mitigations against our attacks.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 32nd USENIX Security Symposium |
| Publisher | USENIX Association |
| ISBN (Electronic) | 978-1-939133-37-3 |
| Publication status | Published - 2023 |
| Event | 32nd USENIX Security Symposium: USENIX Security 2023 - Anaheim, United States Duration: 9 Aug 2023 → 11 Aug 2023 |
Conference
| Conference | 32nd USENIX Security Symposium |
|---|---|
| Abbreviated title | USENIX Security '23 |
| Country/Territory | United States |
| City | Anaheim |
| Period | 9/08/23 → 11/08/23 |