Transient Execution of Non-Canonical Accesses

08/24/2021
by   Saidgani Musaev, et al.
0

Recent years have brought microarchitectural security intothe spotlight, proving that modern CPUs are vulnerable toseveral classes of microarchitectural attacks. These attacksbypass the basic isolation primitives provided by the CPUs:process isolation, memory permissions, access checks, andso on. Nevertheless, most of the research was focused on In-tel CPUs, with only a few exceptions. As a result, few vulner-abilities have been found in other CPUs, leading to specula-tions about their immunity to certain types of microarchi-tectural attacks. In this paper, we provide a black-box anal-ysis of one of these under-explored areas. Namely, we inves-tigate the flaw of AMD CPUs which may lead to a transientexecution hijacking attack. Contrary to nominal immunity,we discover that AMD Zen family CPUs exhibit transient ex-ecution patterns similar for Meltdown/MDS. Our analysisof exploitation possibilities shows that AMDs design deci-sions indeed limit the exploitability scope comparing to In-tel CPUs, yet it may be possible to use them to amplify othermicroarchitectural attacks.

READ FULL TEXT
research
05/27/2020

Survey of Transient Execution Attacks

Transient execution attacks, also called speculative execution attacks, ...
research
05/14/2019

Store-to-Leak Forwarding: Leaking Data on Meltdown-resistant CPUs

Meltdown and Spectre exploit microarchitectural changes the CPU makes du...
research
06/07/2021

Osiris: Automated Discovery of Microarchitectural Side Channels

In the last years, a series of side channels have been discovered on CPU...
research
11/13/2018

A Systematic Evaluation of Transient Execution Attacks and Defenses

Modern processor optimizations such as branch prediction and out-of-orde...
research
05/14/2019

ZombieLoad: Cross-Privilege-Boundary Data Sampling

In early 2018, Meltdown first showed how to read arbitrary kernel memory...
research
11/25/2020

SurFree: a fast surrogate-free black-box attack

Machine learning classifiers are critically prone to evasion attacks. Ad...
research
02/22/2021

On Value Recomputation to Accelerate Invisible Speculation

Recent architectural approaches that address speculative side-channel at...

Please sign up or login with your details

Forgot password? Click here to reset