Leaky Frontends: Security Vulnerabilities in Processor Frontends
- 1 April 2022
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2022 IEEE International Symposium on High-Performance Computer Architecture (HPCA)
Abstract
This paper evaluates new security threats due to the processor frontend in modern Intel processors. The root causes of the security threats are the multiple paths in the processor frontend that the micro-operations can take: through the Micro-Instruction Translation Engine (MITE), through the Decode Stream Buffer (DSB), also called the Micro-operation Cache, or through the Loop Stream Detector (LSD). Each path has its own unique timing and power signatures, which lead to the side- and covert-channel attacks presented in this work. Especially, the switching between the different paths leads to observable timing or power differences which, as this work demonstrates, could be exploited by attackers. Because of the different paths, the switching, and way the components are shared in the frontend between hardware threads, two separate threads are able to be mutually influenced and timing or power can reveal activity on the other thread. The security threats are not limited to multi-threading, and this work further demonstrates new ways for leaking execution information about SGX enclaves or a new in-domain Spectre variant in single-thread setting. Finally, this work demonstrates a new method for fingerprinting the microcode patches of the processor by analyzing the behavior of different paths in the frontend. The findings of this work highlight the security threats associated with the processor frontend and the need for deployment of defenses for the modern processor frontend.Keywords
This publication has 22 references indexed in Scilit:
- BranchScopeACM SIGPLAN Notices, 2018
- Prefetch Side-Channel AttacksPublished by Association for Computing Machinery (ACM) ,2016
- Jump over ASLR: Attacking branch predictors to bypass ASLRPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2016
- Flush+Flush: A Fast and Stealthy Cache AttackLecture Notes in Computer Science, 2016
- The Spy in the SandboxPublished by Association for Computing Machinery (ACM) ,2015
- Last-Level Cache Side-Channel Attacks are PracticalPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Energy Efficient ServersPublished by Springer Science and Business Media LLC ,2015
- Timing channel protection for a shared memory controllerPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- A guided tour to approximate string matchingACM Computing Surveys, 2001
- Euclidean distance mappingComputer Graphics and Image Processing, 1980