Leaking Secrets through Modern Branch Predictor in the Speculative World
نویسندگان
چکیده
Transient execution attacks that exploit speculation have raised significant concerns in computer systems. Typically, branch predictors are leveraged to trigger mis-speculation transient attacks. In this work, we demonstrate a new class of speculation-based attack targets prediction unit (BPU). We find speculative resolution conditional branches (i.e., nested speculation) alter the states pattern history table (PHT) modern processors, which not restored after corresponding later squashed. Such characteristic allows attackers BPU as secret transmitting medium To evaluate discovered vulnerability, build novel framework, BranchSpectre, enables exfiltration unintended secrets through observing PHT updates (in form covert and side channels). further investigate collision mechanism history-based predictor well mode transitions Intel processors. Built upon such knowledge, implement an ultra high-speed channel (BranchSpectre-cc) two channels BranchSpectre-v1 BranchSpectre-v2) merely rely on for inference domain. Notably, BranchSpectre can take advantage much simpler code patterns than ones used Spectre present extensive gadget analysis set popular real-world application bases followed by demonstration OpenSSL. The evaluation results show substantial wider existence higher exploitability software. Finally, discuss several secure mechanisms mitigate exploiting predictors.
منابع مشابه
the tragedy of modern man in arthur millers world
what miller wants is a theatre of heightened consciousness. he speaks of two passions in a man, the passion to "feel" and the passion "know". he belives that we can have more of the latter. he says: drama is akin to the other inventions of man in that it ought to help us know more and not merely to spend our feelings. the writing of the crucible shows us that he is trying to give more heightene...
15 صفحه اولSgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution
This paper presents SGXPECTRE Attacks that exploit the recently disclosed CPU bugs to subvert the confidentiality of SGX enclaves. Particularly, we show that when branch prediction of the enclave code can be influenced by programs outside the enclave, the control flow of the enclave program can be temporarily altered to execute instructions that lead to observable cache-state changes. An advers...
متن کاملSafeDeflate: compression without leaking secrets
CRIME[1] and BREACH[2] attacks on TLS/SSL leverage the fact that compression ratio is not hidden by encryption to recover content of secrets. We introduce SafeDeflate—a modification of a standard Deflate algorithm which compression ratio does not leak information about secret tokens. The modification is compatible with existing Deflate and gzip decompressors. We introduce a model in which attac...
متن کاملThe legacy of Islamic world in modern medicine and science
The legacy of the Islamic world in medicine and natural science is the legacy of Greece, increased by many additions, mostly practical. Rhazes, the Iranian, was a talented clinical observer, but not a Harvey. Abd al-Latif, the Arab, was a diligent seeker in anatomy, but in no way to be compared to Vesalius. The Muslims possessed excellent translations of the works of the Hippocratic Corpus and ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Computers
سال: 2021
ISSN: ['1557-9956', '2326-3814', '0018-9340']
DOI: https://doi.org/10.1109/tc.2021.3122830