Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors

Lipp, Moritz; Hadzic, Vedad; Schwarz, Michael; Pérais, Arthur; Maurice, Clémentine; Gruss, Daniel

doi:10.1145/3320269.3384746

Cited by 36 publications

(23 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Göktas et al [31] introduced the concept of a speculative probing primitive that leverages Spectre to break classical and fine-grained address space layout randomization. Gras et al [34], Schwarz et al [86], and Lipp et al [63] also demonstrated that microarchitectural attacks in JavaScript can break memory randomization. Hence, memory randomization is only a small obstacle that can be deterministically circumvented using engineering.…”

Section: B Building Blocksmentioning

confidence: 99%

Dynamic Process Isolation

Schwarzl,

Borrello,

Kogler

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

In the quest for efficiency and performance, edgecomputing providers eliminate isolation boundaries between tenants, such as strict process isolation, and instead let them compute in a more lightweight multi-threaded single-process design. Edgecomputing providers support a high number of tenants per machine to reduce the physical distance to customers without requiring a large number of machines. Isolation is provided by sandboxing mechanisms, e.g., tenants can only run sandboxed V8 JavaScript code. While this is as secure as a sandbox for software vulnerabilities, microarchitectural attacks can bypass these sandboxes.In this paper, we show that it is possible to mount a Spectre attack on such a restricted environment, leaking secrets from co-located tenants. Cloudflare Workers is one of the top three edge-computing solutions and handles millions of HTTP requests per second worldwide across tens of thousands of web sites every day. We demonstrate a remote Spectre attack using amplification techniques in combination with a remote timing server, which is capable of leaking 120 bit/h. This motivates our main contribution, Dynamic Process Isolation, a processisolation mechanism that only isolates suspicious worker scripts following a detection mechanism. In the worst case of only false positives, Dynamic Process Isolation simply degrades to process isolation. Our proof-of-concept implementation augments a realworld cloud infrastructure framework, Cloudflare Workers, which is used in production at large scale.1 With a false-positive rate of only 0.61 %, we demonstrate that our solution vastly outperforms strict process isolation in terms of performance. In our security evaluation, we show that Dynamic Process Isolation statistically provides the same security guarantees as strict process isolation, fully mitigating Spectre attacks between multiple tenants.

show abstract

Section: B Building Blocksmentioning

confidence: 99%

Dynamic Process Isolation

Schwarzl,

Borrello,

Kogler

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…In simultaneous multi-threaded (SMT) processors, various hardware resources are shared between two logical threads, thus other timing channels may be potentially created. Actually, recent work presented microarchitectural attacks exploiting timing channels existing on an execution port [38], translation look-aside buffer [39], [40], memory order buffer [41], [42] and way predictors [43].…”

Section: ) Cache Timing Attacksmentioning

confidence: 99%

Multibyte Microarchitectural Data Sampling and its Application to Session Key Extraction Attacks

Shin

2021

IEEE Access

View full text Add to dashboard Cite

Microarchitectural data sampling (MDS) attacks leak secret data from the internal buffers of a processor to the attacker during transient execution. Because of the narrow window of transient execution, previous MDS attacks relied on repetitive sampling to obtain arbitrarily sized data from the buffer. However, as an MDS attacker cannot control the address for data leakage, such an approach significantly degrades the signal-to-noise ratio in the sampled data. In this paper, we propose a novel multibyte microarchitectural data sampling technique for performing MDS attacks. The proposed technique allows several continuous bytes to be captured in one execution without repetition of sampling. The implementation of the technique is quite challenging, because a transient execution window is not sufficiently large to allow multibyte sampling to be completed. We address this problem by leveraging a return stack buffer-based speculation technique, which originally was used for variants of Spectre-type attacks. We repurpose it to enlarge the transient execution window in our attack. Our implementations can capture data of up to 16 bytes in length in one execution from a line-fill buffer. To validate the effectiveness of the multibyte sampling technique, we demonstrate session key extraction attacks against secure network protocols. In particular, our objective is to extract AES-128 and AES-256 keys from TLS and SSH applications. To recover session keys in a postprocessing phase efficiently, we also propose a novel clustering-based search method that assembles the bytes of interest from the noisy sampled data. The experimental results show that our technique can successfully extract AES-128/256 session keys from victim applications with a probability of at least 98% and a reasonable search complexity. INDEX TERMS Microarchitectural data sampling, Transient execution attack, Session key extraction attackRecently, new vulnerabilities have been found on microarchitectural buffers inside some Intel processors [3], [4]. The

show abstract

“…We mainly focus on the x86 ISA (e.g., Intel and AMD) due to its wide adoption in modern PCs and servers, although some techniques can also be extended to the ARM processors [87,128]. Some works may need the processor to have additional hardware features such as Intel SGX [28,51,85,92,126,138,139,176,180,198,207,222], Intel TSX [61,108] and AMD's cache-way predictor [129]. We will mention the requirements when discussing these works.…”

Section: Threat Modelmentioning

confidence: 99%

“…Aciicmez et al [6] designed a side-channel attack against the RSA implementation in OpenSSL by distinguishing the multiplications from square operations. Flush-Reload [15,90,91,199,225] Flush-Flush [89], Reload+Refresh [33] Collide-Probe, Load-Reload [129] LRU state leaking [221] Requires KSM [129] Row buffer contention [158] Rambleed [123] Table 1. Side-channel attack vectors in hardware.…”

Section: Instruction Levelmentioning

confidence: 99%

“…Cache line states with the replacement policy can also leak side-channel information. Lipp et al [129] exploited the cache way predictor in the AMD processor to identify the victim's memory accesses with two new techniques: Collide-Probe and Load-Reload. Briongos et al [33] reverse engineered the cache replacement policies of the Intel processors and then proposed the Reload+Refresh technique to monitor memory accesses in a cache set without evicting the victim's data.…”

Section: Cache Levelmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks and Defenses in Cryptography

Lou¹,

Zhang²,

Jiang³

et al. 2021

Preprint

View full text Add to dashboard Cite

Side-channel attacks have become a severe threat to the confidentiality of computer applications and systems. One popular type of such attacks is the microarchitectural attack, where the adversary exploits the hardware features to break the protection enforced by the operating system and steal the secrets from the program. In this paper, we systematize microarchitectural side channels with a focus on attacks and defenses in cryptographic applications. We make three contributions. (1) We survey past research literature to categorize microarchitectural side-channel attacks. Since these are hardware attacks targeting software, we summarize the vulnerable implementations in software, as well as flawed designs in hardware. (2) We identify common strategies to mitigate microarchitectural attacks, from the application, OS and hardware levels. (3) We conduct a large-scale evaluation on popular cryptographic applications in the real world, and analyze the severity, practicality and impact of side-channel vulnerabilities. This survey is expected to inspire side-channel research community to discover new attacks, and more importantly, propose new defense solutions against them.CCS Concepts: • Security and privacy → Side-channel analysis and countermeasures.

show abstract

Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors

Cited by 36 publications

References 43 publications

Dynamic Process Isolation

Dynamic Process Isolation

Multibyte Microarchitectural Data Sampling and its Application to Session Key Extraction Attacks

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks and Defenses in Cryptography

Contact Info

Product

Resources

About