CISPA
Browse
ccs23-fetchbench.pdf (1.14 MB)

FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers

Download (1.14 MB)
Version 2 2024-02-01, 08:20
Version 1 2023-11-29, 18:24
conference contribution
posted on 2024-02-01, 08:20 authored by Till SchlüterTill Schlüter, Amit Choudhari, Lorenz Hetterich, Leon TrampertLeon Trampert, Hamed Nemati, Ahmad Ibrahim, Michael SchwarzMichael Schwarz, Christian RossowChristian Rossow, Nils Ole TippenhauerNils Ole Tippenhauer

Prefetchers speculatively fetch memory using predictions on future memory use by applications. Different CPUs may use different prefetcher types, and two implementations of the same prefetcher can differ in details of their characteristics, leading to distinct runtime behavior. For a few implementations, security researchers showed through manual analysis how to exploit specific prefetchers to leak data. Identifying such vulnerabilities required tedious reverse-engineering, as prefetcher implementations are proprietary and undocumented. So far, no systematic study of prefetchers in common CPUs is available, preventing further security assessment. In this work, we address the following question: How can we systematically identify and characterize under-specified prefetchers in proprietary processors? To answer this question, we systematically analyze approaches to prefetching, design cross-platform tests to identify and characterize prefetchers on a given CPU, and demonstrate that our implementation FetchBench can characterize prefetchers on 19 different ARM and x86-64 CPUs. For example, FetchBench uncovers and characterizes a previously unknown replay-based prefetcher on the ARM Cortex-A72 CPU. Based on these findings, we demonstrate two novel attacks that exploit this undocumented prefetcher as a side channel to leak secret information, even from the secure TrustZone into the normal world.

History

Preferred Citation

Till Schlüter, Amit Choudhari, Lorenz Hetterich, Leon Trampert, Hamed Nemati, Ahmad Ibrahim, Michael Schwarz, Christian Rossow and Nils Tippenhauer. FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers. In: ACM Conference on Computer and Communications Security (CCS). 2023.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

ACM Conference on Computer and Communications Security (CCS)

Legacy Posted Date

2023-07-24

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3991, title = "FetchBench: Systematic Identification and Characterization of Proprietary Prefetchers", author = "Schlüter, Till and Choudhari, Amit and Hetterich, Lorenz and Trampert, Leon and Nemati, Hamed and Ibrahim, Ahmad and Schwarz, Michael and Rossow, Christian and Tippenhauer, Nils Ole", booktitle="{ACM Conference on Computer and Communications Security (CCS)}", year="2023", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC