Adversarial Prefetch: New Cross-Core Cache Side Channel Attacks

10/24/2021
by   Yanan Guo, et al.
0

On modern x86 processors, data prefetching instructions can be used by programmers to boost performance. Although good for performance, we found that PREFETCHW, which is a data prefetching instruction to accelerate future write operations, has two significant security flaws on Intel processors: first, this instruction can execute on data with read-only permission; second, the execution time of this instruction leaks the current coherence state of the target data. Based on these two design flaws, we build the first two cross-core cache timing attacks that can work on private caches. Specifically, we first propose two covert channel attacks that can achieve a 864KB/s transmission rate which is higher than all existing cache covert channel attacks. Then we further propose two side channel attacks that can be used to monitor the access pattern of the victim running on the same processor. We demonstrate the efficacy of our attacks by using them to leak private information from daily applications. Finally, we show that our prefetch based attacks can be used in transient execution attacks to leak more secrets within one speculative window.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
04/21/2023

Timing the Transient Execution: A New Side-Channel Attack on Intel CPUs

The transient execution attack is a type of attack leveraging the vulner...
research
06/19/2023

New Cross-Core Cache-Agnostic and Prefetcher-based Side-Channels and Covert-Channels

In this paper, we reveal the existence of a new class of prefetcher, the...
research
11/20/2020

SIMF: Single-Instruction Multiple-Flush Mechanism for Processor Temporal Isolation

Microarchitectural timing attacks are a type of information leakage atta...
research
01/03/2018

Spectre Attacks: Exploiting Speculative Execution

Modern processors use branch prediction and speculative execution to max...
research
05/28/2020

Flushgeist: Cache Leaks from Beyond the Flush

Flushing the cache, using instructions like clflush and wbinvd, is commo...
research
01/25/2023

Clueless: A Tool Characterising Values Leaking as Addresses

Clueless is a binary instrumentation tool that characterises explicit ca...
research
06/07/2021

Osiris: Automated Discovery of Microarchitectural Side Channels

In the last years, a series of side channels have been discovered on CPU...

Please sign up or login with your details

Forgot password? Click here to reset