Supervision : Emmanuelle ENCRENAZ
Co-supervision : MEUNIER Quentin, GARCIA PÉREZ Daniel
Securing access to and from devices in a RISC-V multicore architecture used for virtualization
Today, computer security is a major topic in various fields such as healthcare, transport, industry or defense. Systems integrated an ever-increasing number of components developed by untrusted sources. Covert channel attacks subvert system mechanism to create a communication channel between entities that otherwise shouldn't be able to communicate thus breaching data confidentiality. These attacks circumvent classical isolation mechanisms by allowing processes or virtual machines to exchange and exfiltrate data. Most attacks target the processor and its neighboring components.
We propose a new side-channel attack exploiting the temporal variations due to the memory hierarchy to implement a communication channel. This attack breaks the isolation between peripherals of a virtualized system opening a communication channel between two malicious devices. This attack relies on the adaptation of principles exploited by covert channels on processors with specificities of peripherals. We show that it is possible to exchange data between two devices isolated by an IOMMU.
Secondly, we modify the microarchitecture of the IOMMU to reduce the impact of such attacks. The defense strategy is to decorrelate the operations performed by the peripherals and the internal state of its components. We show in simulations and on a system incorporating a processor running Linux implemented on a board FPGA the effects of this countermeasure on the isolation as well as on the device performance. This countermeasure reduces the throughput covert channel without, however, negating it fully. The impact on performance of peripheral memory accesses is limited.
Defence : 03/15/2023
Jury members :
Guy Gogniat (Lab-STICC, Université Bretagne Sud) [Rapporteur]
Sébastien Pillement (IETR, Nantes Université) [Rapporteur]
Alix Munier (LIP6, Sorbonne Université) - Examinatrice
Jean-Luc Danger (Télécom Paris) - Examinateur
Daniel Gracia Pérez (Thales) - Co-encadrant
Quentin Meunier (LIP6, Sorbonne Université)
Emmanuelle Encrenaz (LIP6, Sorbonne Université)