DeepAI AI Chat
Log In Sign Up

Microarchitectural Leakage Templates and Their Application to Cache-Based Side Channels

by   Ahmad Ibrahim, et al.
Stanford University

The complexity of modern processor architectures has given rise to sophisticated interactions among their components. Such interactions may result in potential attack vectors in terms of side channels, possibly available to user-land exploits to leak secret data. Exploitation and countering of such side channels require a detailed understanding of the target component. However, such detailed information is commonly unpublished for many CPUs. In this paper, we introduce the concept of Leakage Templates to abstractly describe specific side channels and identify their occurrences in binary applications. We design and implement Plumber, a framework to derive the generic Leakage Templates from individual code sequences that are known to cause leakage (e.g., found by prior work). Plumber uses a combination of instruction fuzzing, instructions' operand mutation and statistical analysis to explore undocumented behavior of microarchitectural optimizations and derive sufficient conditions on vulnerable code inputs that, if hold can trigger a distinguishing behavior. Using Plumber we identified novel leakage primitives based on Leakage Templates (for ARM Cortex-A53 and -A72 cores), in particular related to previction (a new premature cache eviction), and prefetching behavior. We show the utility of Leakage Templates by re-identifying a prefetcher-based vulnerability in OpenSSL 1.1.0g first reported by Shin et al. [40].


An Attack on The Speculative Vectorization: Leakage from Higher Dimensional Speculation

This paper argues and shows that speculative vectorization, where a loop...

The Conditional Information Leakage Given Eavesdropper's Received Signals in Wiretap Channels

Information leakage in Wyner's wiretap channel model is usually defined ...

Speculative Leakage in ARM Cortex-A53

The recent Spectre attacks have demonstrated that modern microarchitectu...

Layered Binary Templating: Efficient Detection of Compiler- and Linker-introduced Leakage

Cache template attacks demonstrated automated leakage of user input in s...

Towards a Better Indicator for Cache Timing Channels

Recent studies highlighting the vulnerability of computer architecture t...

PILOT: Password and PIN Information Leakage from Obfuscated Typing Videos

This paper studies leakage of user passwords and PINs based on observati...

Speculative Dereferencing of Registers:Reviving Foreshadow

Since 2016, multiple microarchitectural attacks have exploited an effect...