I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches
Published: 1 June 2021
2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA)
pp 361-374; https://doi.org/10.1109/isca52012.2021.00036
Abstract: Modern Intel, AMD, and ARM processors translate complex instructions into simpler internal micro-ops that are then cached in a dedicated on-chip structure called the micro-op cache. This work presents an in-depth characterization study of the micro-op cache, reverse-engineering many undocumented features, and further describes attacks that exploit the micro-op cache as a timing channel to transmit secret information. In particular, this paper describes three attacks – (1) a same thread cross-domain attack that leaks secrets across the user-kernel boundary, (2) a cross-SMT thread attack that transmits secrets across two SMT threads via the micro-op cache, and (3) transient execution attacks that have the ability to leak an unauthorized secret accessed along a misspeculated path, even before the transient instruction is dispatched to execution, breaking several existing invisible speculation and fencing-based solutions that mitigate Spectre.
Keywords: Program processors / Microarchitecture / Computer architecture / Timing / System-on-chip / Transient analysis
Scifeed alert for new publications
Never miss any articles matching your research from any publisher- Get alerts for new papers matching your research
- Find out the new papers from selected authors
- Updated daily for 49'000+ journals and 6000+ publishers
- Define your Scifeed now
Click here to see the statistics on "2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA)" .