DeepAI
Log In Sign Up

Selectively Delaying Instructions to Prevent Microarchitectural Replay Attacks

03/19/2021
by   Christos Sakalis, et al.
0

MicroScope, and microarchitectural replay attacks in general, take advantage of the characteristics of speculative execution to trap the execution of the victim application in an infinite loop, enabling the attacker to amplify a side-channel attack by executing it indefinitely. Due to the nature of the replay, it can be used to effectively attack security critical trusted execution environments (secure enclaves), even under conditions where a side-channel attack would not be possible. At the same time, unlike speculative side-channel attacks, MicroScope can be used to amplify the correct path of execution, rendering many existing speculative side-channel defences ineffective. In this work, we generalize microarchitectural replay attacks beyond MicroScope and present an efficient defence against them. We make the observation that such attacks rely on repeated squashes of so-called "replay handles" and that the instructions causing the side-channel must reside in the same reorder buffer window as the handles. We propose Delay-on-Squash, a technique for tracking squashed instructions and preventing them from being replayed by speculative replay handles. Our evaluation shows that it is possible to achieve full security against microarchitectural replay attacks with very modest hardware requirements, while still maintaining 97 insecure baseline performance.

READ FULL TEXT

page 10

page 11

03/18/2020

Detecting Replay Attacks Using Multi-Channel Audio: A Neural Network-Based Method

With the rapidly growing number of security-sensitive systems that use v...
06/13/2018

SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation

Speculative execution which is used pervasively in modern CPUs can leave...
04/05/2020

Security Analysis and Fault Detection Against Stealthy Replay Attacks

This paper investigates the security issue of the data replay attacks on...
07/23/2021

Mitigating Power Attacks through Fine-Grained Instruction Reordering

Side-channel attacks are a security exploit that take advantage of infor...
09/22/2021

"It's a Trap!"-How Speculation Invariance Can Be Abused with Forward Speculative Interference

Speculative side-channel attacks access sensitive data and use transmitt...
02/17/2022

CHEX: Multiversion Replay with Ordered Checkpoints

In scientific computing and data science disciplines, it is often necess...
05/22/2018

You Shall Not Bypass: Employing data dependencies to prevent Bounds Check Bypass

A recent discovery of a new class of microarchitectural attacks called S...