CISPA
Browse
- No file added yet -

CPU Port Contention Without SMT

Download (342.17 kB)
conference contribution
posted on 2023-11-29, 18:22 authored by Thomas Rokicki, Clémentine Maurice, Michael SchwarzMichael Schwarz
CPU port contention has been used in the last years as a stateless side channel to perform side-channel attacks and transient execution attacks. One drawback of this channel is that it heavily relies on simultaneous multi-threading, which can be absent from some CPUs or simply disabled by the OS. In this paper, we present sequential port contention, which does not require SMT. It exploits sub-optimal scheduling to execution ports for instruction-level parallelization. As a result, specifically-crafted instruction sequences on a single thread suffer from an increased latency. We show that sequential port contention can be exploited from web browsers in WebAssembly. We present an automated framework to search for instruction sequences leading to sequential port contention for specific CPU generations, which we evaluated on 50 different CPUs. An attacker can use these sequences from the browser to determine the CPU generation within 12 second with a 95% accuracy. This fingerprint is highly stable and resistant to system noise, and we show that mitigations are either expensive or only probabilistic.

History

Preferred Citation

Thomas Rokicki, Clémentine Maurice and Michael Schwarz. CPU Port Contention Without SMT. In: European Symposium on Research in Computer Security (ESORICS). 2022.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

European Symposium on Research in Computer Security (ESORICS)

Legacy Posted Date

2022-08-26

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3752, title = "CPU Port Contention Without SMT", author = "Rokicki, Thomas and Maurice, Clémentine and Schwarz, Michael", booktitle="{European Symposium on Research in Computer Security (ESORICS)}", year="2022", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC