CISPA
Browse
cispa_all_3775.pdf (1.65 MB)

Microarchitectural Leakage Templates and Their Application to Cache-Based Side Channels

Download (1.65 MB)
conference contribution
posted on 2023-11-29, 18:22 authored by Ahmad Ibrahim, Hamed Nemati, Till SchlüterTill Schlüter, Nils Ole TippenhauerNils Ole Tippenhauer, Christian RossowChristian Rossow
The complexity of modern processor architectures has given rise to sophisticated interactions among their components. Such interactions may result in potential attack vectors in terms of side channels, possibly available to userland exploits to leak secret data. Exploitation and countering of such side channels requires a detailed understanding of the target component. However, such detailed information is commonly unpublished for many CPUs. In this paper, we introduce the concept of Leakage Templates to abstractly describe specific side channels and identify their occurrences in binary applications. We design and implement PLUMBER, a framework to derive the generic Leakage Templates from individual code sequences that are known to cause leakage (e.g., found by prior work). PLUMBER uses a combination of instruction fuzzing, instructions' operand mutation and statistical analysis to explore undocumented behavior of microarchitectural optimizations and derive sufficient conditions on vulnerable code inputs that if hold can trigger a distinguishing behavior. Using PLUMBER we identified novel leakage primitives based on Leakage Templates (for ARM Cortex-A53 and -A72 cores), in particular related to previction (a new premature cache eviction), and prefetching behavior. We show the utility of Leakage Templates by re-identifying a prefetcher-based vulnerability in OpenSSL 1.1.0g first reported by Shin et al. [40].

History

Preferred Citation

Ahmad Ibrahim, Hamed Nemati, Till Schlüter, Nils Tippenhauer and Christian Rossow. Microarchitectural Leakage Templates and Their Application to Cache-Based Side Channels. In: ACM Conference on Computer and Communications Security (CCS). 2022.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

ACM Conference on Computer and Communications Security (CCS)

Legacy Posted Date

2022-09-21

Open Access Type

  • Green

BibTeX

@inproceedings{cispa_all_3775, title = "Microarchitectural Leakage Templates and Their Application to Cache-Based Side Channels", author = "Ibrahim, Ahmad and Nemati, Hamed and Schlüter, Till and Tippenhauer, Nils Ole and Rossow, Christian", booktitle="{ACM Conference on Computer and Communications Security (CCS)}", year="2022", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC