Selectively Delaying Instructions to Prevent Microarchitectural Replay Attacks

03/19/2021
by   Christos Sakalis, et al.
0

MicroScope, and microarchitectural replay attacks in general, take advantage of the characteristics of speculative execution to trap the execution of the victim application in an infinite loop, enabling the attacker to amplify a side-channel attack by executing it indefinitely. Due to the nature of the replay, it can be used to effectively attack security critical trusted execution environments (secure enclaves), even under conditions where a side-channel attack would not be possible. At the same time, unlike speculative side-channel attacks, MicroScope can be used to amplify the correct path of execution, rendering many existing speculative side-channel defences ineffective. In this work, we generalize microarchitectural replay attacks beyond MicroScope and present an efficient defence against them. We make the observation that such attacks rely on repeated squashes of so-called "replay handles" and that the instructions causing the side-channel must reside in the same reorder buffer window as the handles. We propose Delay-on-Squash, a technique for tracking squashed instructions and preventing them from being replayed by speculative replay handles. Our evaluation shows that it is possible to achieve full security against microarchitectural replay attacks with very modest hardware requirements, while still maintaining 97 insecure baseline performance.

READ FULL TEXT

page 10

page 11

research
03/18/2020

Detecting Replay Attacks Using Multi-Channel Audio: A Neural Network-Based Method

With the rapidly growing number of security-sensitive systems that use v...
research
06/13/2018

SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation

Speculative execution which is used pervasively in modern CPUs can leave...
research
04/05/2020

Security Analysis and Fault Detection Against Stealthy Replay Attacks

This paper investigates the security issue of the data replay attacks on...
research
06/13/2023

SafeBet: Secure, Simple, and Fast Speculative Execution

Spectre attacks exploit microprocessor speculative execution to read and...
research
07/23/2021

Mitigating Power Attacks through Fine-Grained Instruction Reordering

Side-channel attacks are a security exploit that take advantage of infor...
research
09/14/2023

TGh: A TEE/GC Hybrid Enabling Confidential FaaS Platforms

Trusted Execution Environments (TEEs) suffer from performance issues whe...
research
09/22/2021

"It's a Trap!"-How Speculation Invariance Can Be Abused with Forward Speculative Interference

Speculative side-channel attacks access sensitive data and use transmitt...

Please sign up or login with your details

Forgot password? Click here to reset