CrySP Speaker Series on Privacy

This speaker series is made possible by an anonymous charitable donation in memory of cypherpunks and privacy advocates Len Sassaman, Hugh Daniel, Hal Finney, and Caspar Bowden.

View the list of past and upcoming speakers

Micro-Architectural Side-Channel Attacks and Defenses: CPU Caches, Schedulers, and Beyond!

Gururaj Saileshwar, University of Toronto

[Download (MP4)] [View on Youtube]

September 25, 2023 11:00am, in DC 1302 and Zoom


In recent years, micro-architectural side-channels have emerged as a unique and potent threat to security and privacy of systems. Identifying these side-channels is difficult as they originate from structures which are often undocumented and hidden from the software. Moreover, they originate from crucial hardware performance optimizations, making low overhead mitigations challenging. This talk will focus on both discovery of new attacks and new low-cost defenses.

First, I will discuss cache-side-channel attacks and defenses, focusing on set-conflict based cache side-channels like Prime + Probe. Such attacks can leak keys from encryption algorithms, cause privacy breaches including user activity fingerprinting, etc. Recently, many randomized cache defenses have been proposed as mitigations, but they have been broken by adaptive attacks. To fundamentally address this problem, we propose MIRAGE [SEC’21], a randomized cache defense that eliminates set-conflicts with an abstraction of a fully associative cache. It achieves this practically with set-associative caches using Power-of-2-Choices-based indexing. MIRAGE makes set-conflicts improbable in system lifetime to eliminate such attacks at less than 2% slowdown. While 2018 to 2020 saw 5 different defenses broken by 6 new attacks, MIRAGE has remained unbroken since 2020.

Next, I will discuss a new side-channel vulnerability we discovered in AMD CPUs (Zen 2 & 3, EPYC 1st-3rd generation), called SQUIP [SP’23]. This work discovered the existence of shared scheduler queues in multi-threaded AMD CPUs, which have been relatively unexplored. We reverse-engineered these structures and demonstrated a side-channel attack exploiting CPU scheduler queue contention that can leak a 4096-bit RSA key across SMT-threads. The vulnerability was acknowledged by AMD and assigned a CVE-2021- 46778. We will also discuss mitigations in this talk.

Finally, I will conclude with a brief description of on-going work on automated tools for side-channel detection, making ML models resilient to micro-architectural attacks, and more.


Gururaj Saileshwar is an Assistant Professor in the University of Toronto, Dept of Computer Science. His research bridges computer architecture and systems security, with interests including micro-architectural side-channels, DRAM Rowhammer attacks, trusted execution environments, and memory safety. Saileshwar’s work has been awarded an IEEE HPCA Best Paper Award, an IEEE Micro Top Picks Honorable Mention, and his dissertation has been recognized with an IEEE HOST Best PhD Dissertation Award and an IEEE TCCA / ACM SIGARCH Best Dissertation Award Honorable Mention. His work appears in top computer architecture and systems venues like ASPLOS, MICRO, HPCA, ISCA, and security venues like USENIX Security, S&P and CCS.