Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX
نویسندگان
چکیده
Last-Level Cache (LLC) attacks typically exploit timing side channels in hardware, and thus rely heavily on timers for their operation. Many proposed defenses against such side-channel attacks capitalize on this reliance. This paper presents PRIME+ABORT, a new cache attack which bypasses these defenses by not depending on timers for its function. Instead of a timing side channel, PRIME+ABORT leverages the Intel TSX hardware widely available in both serverand consumer-grade processors. This work shows that PRIME+ABORT is not only invulnerable to important classes of defenses, it also outperforms state-of-the-art LLC PRIME+PROBE attacks in both accuracy and efficiency, having a maximum detection speed (in events per second) 3× higher than LLC PRIME+PROBE on Intel’s Skylake architecture while producing fewer false positives.
منابع مشابه
T-SGX: Eradicating Controlled-Channel Attacks Against Enclave Programs
Intel Software Guard Extensions (SGX) is a hardware-based trusted execution environment (TEE) that enables secure execution of a program in an isolated environment, an enclave. SGX hardware protects the running enclave against malicious software, including an operating system (OS), a hypervisor, and even low-level firmwares. This strong security property allows the trustworthy execution of prog...
متن کاملThe Influence of Malloc Placement on TSX Hardware Transactional Memory
In this paper, we demonstrate the impact of the placement policies of memory allocators on the performance of applications that use hardware transactional memory. In particular, commonly used allocators such as the default GNU glib malloc allocator may place objects in such a way that causes hardware transactions to consistently abort, even when running single-threaded. In multithreaded applica...
متن کاملPerformance Evaluation of IntelR
Intel has recently introduced Intel © Transactional Synchronization Extensions (Intel © TSX) in the Intel 4th Generation Core Processors. With Intel TSX, a processor can dynamically determine whether threads need to serialize through lock-protected critical sections. In this paper, we evaluate the first hardware implementation of Intel TSX using a set of high-performance computing (HPC) workloa...
متن کاملTruSpy: Cache Side-Channel Information Leakage from the Secure World on ARM Devices
As smart, embedded devices are increasingly integrated into our daily life, the security of these devices has become a major concern. The ARM processor family, which powers more than 60% of embedded devices, introduced TrustZone technology to offer security protection via an isolated execution environment called secure world. Caches in TrustZone-enabled processors are extended with a nonsecure ...
متن کاملMalware Guard Extension: Using SGX to Conceal Cache Attacks
In modern computer systems, user processes are isolated from each other by the operating system and the hardware. Additionally, in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine. However, the hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. ...
متن کامل