DeepAI AI Chat
Log In Sign Up

Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend

by   Ivan Puddu, et al.

We introduce a new timing side-channel attack on Intel CPU processors. Our Frontal attack exploits the way that CPU frontend fetches and processes instructions while being interrupted. In particular, we observe that in modern Intel CPUs, some instruction's execution times will depend on which operations precede and succeed them, and on their virtual addresses. Unlike previous attacks that could only profile branches if they contained different code or were based on conditional jumps, the attack allows the adversary to distinguish between instruction-wise identical branches. As the attack requires OS capabilities to set the interrupts, we use it to exploit SGX enclaves. Our attack demonstrates that a realistic SGX attacker can always observe the full enclave instruction trace, and secret-depending branching should not be used even alongside defenses to current controlled-channel attacks. We show that the adversary can use the Frontal attack to extract a secret from an SGX enclave if that secret was used as a branching condition for two instruction-wise identical branches. The attack can be exploited against several crypto libraries and affects all Intel CPUs.


Monitoring Performance Metrics is not Enough to Detect Side-Channel Attacks on Intel SGX

Side-channel vulnerabilities of Intel SGX is driving the research commun...

Attacks of the Knights: Exploiting Non Uniform Cache Access Time

Intel Knights Landing Processors have shared last level cache (LLC) acro...

Control-Flow Integrity at RISC: Attacking RISC-V by Jump-Oriented Programming

RISC-V is an open instruction set architecture recently developed for em...

CopyCat: Controlled Instruction-Level Attacks on Enclaves for Maximal Key Extraction

The adversarial model presented by trusted execution environments (TEEs)...

Leaking Control Flow Information via the Hardware Prefetcher

Modern processor designs use a variety of microarchitectural methods to ...

Attack Synthesis for Strings using Meta-Heuristics

Information leaks are a significant problem in modern computer systems a...

An Exploratory Analysis of Microcode as a Building Block for System Defenses

Microcode is an abstraction layer used by modern x86 processors that int...