DeepAI AI Chat
Log In Sign Up

SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

by   Yuan Xiao, et al.

SPEculative Execution side Channel Hardware (SPEECH) Vulnerabilities have enabled the notorious Meltdown, Spectre, and L1 terminal fault (L1TF) attacks. While a number of studies have reported different variants of SPEECH vulnerabilities, they are still not well understood. This is primarily due to the lack of information about microprocessor implementation details that impact the timing and order of various micro-architectural events. Moreover, to date, there is no systematic approach to quantitatively measure SPEECH vulnerabilities on commodity processors. This paper introduces SPEECHMINER, a software framework for exploring and measuring SPEECH vulnerabilities in an automated manner. SPEECHMINER empirically establishes the link between a novel two-phase fault handling model and the exploitability and speculation windows of SPEECH vulnerabilities. It enables testing of a comprehensive list of exception-triggering instructions under the same software framework, which leverages covert-channel techniques and differential tests to gain visibility into the micro-architectural state changes. We evaluated SPEECHMINER on 9 different processor types, examined 21 potential vulnerability variants, confirmed various known attacks, and identified several new variants.


Empirical Analysis of Software Vulnerabilities Causing Timing Side Channels

Timing attacks are considered one of the most damaging side-channel atta...

Leaky Frontends: Micro-Op Cache and Processor Frontend Vulnerabilities

This paper demonstrates a new class of security vulnerabilities due to t...

This is How You Lose the Transient Execution War

A new class of vulnerabilities related to speculative and out-of-order e...

Real time Detection of Spectre and Meltdown Attacks Using Machine Learning

Recently discovered Spectre and meltdown attacks affects almost all proc...

LEASH: Enhancing Micro-architectural Attack Detection with a Reactive Process Scheduler

Micro-architectural attacks use information leaked through shared resour...

Spectre is here to stay: An analysis of side-channels and speculative execution

The recent discovery of the Spectre and Meltdown attacks represents a wa...

InSpectre: Breaking and Fixing Microarchitectural Vulnerabilities by Formal Analysis

The recent Spectre attacks has demonstrated the fundamental insecurity o...