The complexity of modern processor architectures has given rise to sophisticated interactions among their components. Such interactions may result in potential attack vectors in terms of side channels, possibly available to userland exploits to leak secret data. Exploitation and countering of such side channels requires a detailed understanding of the target component. However, such detailed information is commonly unpublished for many CPUs.
In this paper, we introduce the concept of Leakage Templates to abstractly describe specific side channels and identify their occurrences in binary applications. We design and implement PLUMBER, a framework to derive the generic Leakage Templates from individual code sequences that are known to cause leakage (e.g., found by prior work). PLUMBER uses a combination of instruction fuzzing, instructions' operand mutation and statistical analysis to explore undocumented behavior of microarchitectural optimizations and derive sufficient conditions on vulnerable code inputs that if hold can trigger a distinguishing behavior. Using PLUMBER we identified novel leakage primitives based on Leakage Templates (for ARM Cortex-A53 and -A72 cores), in particular related to previction (a new premature cache eviction), and prefetching behavior. We show the utility of Leakage Templates by re-identifying a prefetcher-based vulnerability in OpenSSL 1.1.0g first reported by Shin et al. [40].
History
Preferred Citation
Ahmad Ibrahim, Hamed Nemati, Till Schlüter, Nils Tippenhauer and Christian Rossow. Microarchitectural Leakage Templates and Their Application to Cache-Based Side Channels. In: ACM Conference on Computer and Communications Security (CCS). 2022.
Primary Research Area
Threat Detection and Defenses
Name of Conference
ACM Conference on Computer and Communications Security (CCS)
Legacy Posted Date
2022-09-21
Open Access Type
Green
BibTeX
@inproceedings{cispa_all_3775,
title = "Microarchitectural Leakage Templates and Their Application to Cache-Based Side Channels",
author = "Ibrahim, Ahmad and Nemati, Hamed and Schlüter, Till and Tippenhauer, Nils Ole and Rossow, Christian",
booktitle="{ACM Conference on Computer and Communications Security (CCS)}",
year="2022",
}