A cross-process Spectre attack via cache on RISC-V processor with trusted execution environment

Le, Anh-Tien; Hoang, Trong-Thuc; Dao, Ba-Anh; Tsukamoto, Akira; Suzaki, Kuniyasu; Pham, Cong‐Kha

doi:10.1016/j.compeleceng.2022.108546

Cited by 6 publications

(2 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Last Level Cache (LLC) is shared among Enclaves and operating systems without trust, requiring eapp programmers to utilize other software or hardware solutions to mitigate cache timing channel vulnerabilities. Furthermore, Anh-Tien Le and others [8] have experimentally demonstrated that Spectre [9] attack techniques can exploit Cache timing attacks to breach the isolation of the Keystone framework, extracting protected data from the LLC.…”

Section: Introductionmentioning

confidence: 99%

A keystone extension to defend against cache timing attacks

Nie,

Zhao,

Zhang

et al. 2024

International Conference on Computer Network Security and Software Engineering (CNSSE 2024)

View full text Add to dashboard Cite

Section: Introductionmentioning

confidence: 99%

A keystone extension to defend against cache timing attacks

Nie,

Zhao,

Zhang

et al. 2024

International Conference on Computer Network Security and Software Engineering (CNSSE 2024)

View full text Add to dashboard Cite

“…The attacker then uses a cache covert channel [9]- [11] to decode the data. The Spectre attack has several variants, including Spectre-PHT, Spectre-BTB, and Spectre-RSB, which differ in the branch prediction units they exploit [1], [12]- [17] Spectre-BTB and Spectre-RSB attacks differ from Spectre-PHT in their use of indirect branches instead of directional branch instructions. Since indirect branches have no target restrictions, these attacks can result in speculative arbitrary code execution, causing a more significant security risk than Spectre-PHT.…”

Section: Introductionmentioning

confidence: 99%

MicroCFI: Microarchitecture-Level Control-Flow Restrictions for Spectre Mitigation

Jang,

Shin

2023

IEEE Access

View full text Add to dashboard Cite

Spectre attack exploits the vulnerability in speculative execution, an optimization technique for modern superscalar processors. Among the attack variants, Spectre-BTB and Spectre-RSB are the most threatening because they allow adversaries to execute arbitrary code in the transient execution context. However, there are few mitigation techniques for these Spectre variants due to the high degree of implementation difficulty. In this paper, we propose MicroCFI, a hardware/software co-design approach to mitigate Spectre-BTB and Spectre-RSB. The main idea of MicroCFI is to enforce control-flow integrity (CFI) in microarchitectural level of a program's execution. Specifically, MicroCFI strictly limits possible forward and backward indirect branch targets predicted by BTB and RSB by imposing CFI properties on all potential targets. As indirect branches only have destinations to valid targets that satisfy these properties, MicroCFI significantly reduces the chance of arbitrary code execution in Spectre attacks. We implemented a prototype of MicroCFI using an LLVM compiler and performed an evaluation on MARSSx86, a simulator for x86 microarchitectures. The security evaluation shows that MicroCFI reduces the number of available Spectre gadgets by more than 90%, significantly increasing the complexity of the attack. The performance evaluation using the SPEC CPU 2017 benchmarks shows that MicroCFI introduces negligible performance overhead.

show abstract