CISPA
Browse

Speculative Dereferencing of Registers: Reviving Foreshadow

Download (380.61 kB)
conference contribution
posted on 2023-11-29, 18:15 authored by Martin Schwarzl, Thomas Schuster, Michael SchwarzMichael Schwarz, Daniel Gruss
In this paper, we provide a systematic analysis of the root cause of the prefetching effect observed in previous works and show that its attribution to a prefetching mechanism is incorrect in all previous works, leading to incorrect conclusions and incomplete defenses. We show that the root cause is speculative dereferencing of user-space registers in the kernel. This new insight enables the first end-to-end Foreshadow (L1TF) exploit targeting non-L1 data, despite Foreshadow mitigations enabled, a novel technique to directly leak register values, and several side-channel attacks. While the L1TF effect is mitigated on the most recent Intel CPUs, all other attacks we present still work on all Intel CPUs and on CPUs by other vendors previously believed to be unaffected.

History

Preferred Citation

Martin Schwarzl, Thomas Schuster, Michael Schwarz and Daniel Gruss. Speculative Dereferencing of Registers: Reviving Foreshadow. In: Financial Cryptography and Data Security (FC). 2021.

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

Financial Cryptography and Data Security (FC)

Legacy Posted Date

2021-02-15

Open Access Type

  • Gold

BibTeX

@inproceedings{cispa_all_3358, title = "Speculative Dereferencing of Registers: Reviving Foreshadow", author = "Schwarzl, Martin and Schuster, Thomas and Schwarz, Michael and Gruss, Daniel", booktitle="{Financial Cryptography and Data Security (FC)}", year="2021", }

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC