RASSLE: Return Address Stack based Side-channel LEakage

Microarchitectural attacks on computing systems often stem from simple artefacts in the underlying architecture. In this paper, we focus Return Address Stack (RAS), a small hardware stack present modern processors to reduce branch miss penalty by storing return addresses of each function call. The RAS is useful handle specifically predictions for RET instructions which are not accurately predicted typical prediction units. particular, envisage spy process who crafts an overflow condition filling it with arbitrary addresses, and wrestles concurrent establish timing side channel between them. We call attack principle, RASSLE 1 (Return based Side-channel Leakage), adversary can launch first reverse engineering using generic methodology exploiting established channel. Subsequently, show three concrete scenarios: i) How covert another co-residing process? ii) be utilized determine secret key P-384 curves OpenSSL (v1.1.1 library)? iii) Elliptic Curve Digital Signature Algorithm (ECDSA) P-256 curve revealed Lattice Attack partially leaked nonces aid RASSLE? attack, that implementation scalar multiplication has varying number add-and-sub calls, depends bits. demonstrate through several experiments calls used template bit, picked up principles RASSLE. Finally, full end-to-end ECDSA parameters P-256. part our RASSLE, abuse deadline scheduler policy attain perfect synchronization victim, without any induced victim code. This leakage sufficient retrieve Most Significant Bits (MSB) ephemeral while signature generation, subsequently signing sender applying Hidden Number Problem.
 1RASSLE non-standard spelling wrestle.