NetSpectre: Read Arbitrary Memory over Network

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

All Spectre attacks so far required local code execution. We present the first fully remote Spectre attack. For this purpose, we demonstrate the first access-driven remote Evict+Reload cache attack over the network, leaking 15 bits per hour. We present a novel high-performance AVX-based covert channel that we use in our cache-free Spectre attack.
We show that in particular remote Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system. We demonstrate practical NetSpectre attacks on the Google cloud, remotely leaking data and remotely breaking ASLR.
Originalspracheenglisch
TitelComputer Security - ESORICS 2019
Untertitel24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings
ErscheinungsortCham
Herausgeber (Verlag)Springer
Seiten279-299
Band1
ISBN (elektronisch)978-3-030-29959-0
ISBN (Print)978-3-030-29958-3
DOIs
PublikationsstatusVeröffentlicht - Sep 2019
VeranstaltungESORICS 2019: 24th European Symposium on Research in Computer Security - Luxembourg, Luxemburg
Dauer: 23 Sep 201927 Sep 2019

Publikationsreihe

NameLecture Notes in Computer Science
Band 11735

Konferenz

KonferenzESORICS 2019
LandLuxemburg
OrtLuxembourg
Zeitraum23/09/1927/09/19

Fingerprint

Data storage equipment

Dies zitieren

Schwarz, M., Schwarzl, M., Lipp, M., Masters, J., & Gruß, D. (2019). NetSpectre: Read Arbitrary Memory over Network. in Computer Security - ESORICS 2019: 24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings (Band 1, S. 279-299). (Lecture Notes in Computer Science; Band 11735). Cham: Springer. https://doi.org/10.1007/978-3-030-29959-0_14

NetSpectre: Read Arbitrary Memory over Network. / Schwarz, Michael; Schwarzl, Martin; Lipp, Moritz; Masters, Jon; Gruß, Daniel.

Computer Security - ESORICS 2019: 24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings. Band 1 Cham : Springer, 2019. S. 279-299 (Lecture Notes in Computer Science; Band 11735).

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Schwarz, M, Schwarzl, M, Lipp, M, Masters, J & Gruß, D 2019, NetSpectre: Read Arbitrary Memory over Network. in Computer Security - ESORICS 2019: 24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings. Bd. 1, Lecture Notes in Computer Science, Bd. 11735, Springer, Cham, S. 279-299, Luxembourg, Luxemburg, 23/09/19. https://doi.org/10.1007/978-3-030-29959-0_14
Schwarz M, Schwarzl M, Lipp M, Masters J, Gruß D. NetSpectre: Read Arbitrary Memory over Network. in Computer Security - ESORICS 2019: 24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings. Band 1. Cham: Springer. 2019. S. 279-299. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-030-29959-0_14
Schwarz, Michael ; Schwarzl, Martin ; Lipp, Moritz ; Masters, Jon ; Gruß, Daniel. / NetSpectre: Read Arbitrary Memory over Network. Computer Security - ESORICS 2019: 24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings. Band 1 Cham : Springer, 2019. S. 279-299 (Lecture Notes in Computer Science).
@inproceedings{944abad99129416caab37e5e8857027e,
title = "NetSpectre: Read Arbitrary Memory over Network",
abstract = "All Spectre attacks so far required local code execution. We present the first fully remote Spectre attack. For this purpose, we demonstrate the first access-driven remote Evict+Reload cache attack over the network, leaking 15 bits per hour. We present a novel high-performance AVX-based covert channel that we use in our cache-free Spectre attack.We show that in particular remote Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system. We demonstrate practical NetSpectre attacks on the Google cloud, remotely leaking data and remotely breaking ASLR.",
author = "Michael Schwarz and Martin Schwarzl and Moritz Lipp and Jon Masters and Daniel Gru{\ss}",
year = "2019",
month = "9",
doi = "10.1007/978-3-030-29959-0_14",
language = "English",
isbn = "978-3-030-29958-3",
volume = "1",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "279--299",
booktitle = "Computer Security - ESORICS 2019",

}

TY - GEN

T1 - NetSpectre: Read Arbitrary Memory over Network

AU - Schwarz, Michael

AU - Schwarzl, Martin

AU - Lipp, Moritz

AU - Masters, Jon

AU - Gruß, Daniel

PY - 2019/9

Y1 - 2019/9

N2 - All Spectre attacks so far required local code execution. We present the first fully remote Spectre attack. For this purpose, we demonstrate the first access-driven remote Evict+Reload cache attack over the network, leaking 15 bits per hour. We present a novel high-performance AVX-based covert channel that we use in our cache-free Spectre attack.We show that in particular remote Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system. We demonstrate practical NetSpectre attacks on the Google cloud, remotely leaking data and remotely breaking ASLR.

AB - All Spectre attacks so far required local code execution. We present the first fully remote Spectre attack. For this purpose, we demonstrate the first access-driven remote Evict+Reload cache attack over the network, leaking 15 bits per hour. We present a novel high-performance AVX-based covert channel that we use in our cache-free Spectre attack.We show that in particular remote Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system. We demonstrate practical NetSpectre attacks on the Google cloud, remotely leaking data and remotely breaking ASLR.

U2 - 10.1007/978-3-030-29959-0_14

DO - 10.1007/978-3-030-29959-0_14

M3 - Conference contribution

SN - 978-3-030-29958-3

VL - 1

T3 - Lecture Notes in Computer Science

SP - 279

EP - 299

BT - Computer Security - ESORICS 2019

PB - Springer

CY - Cham

ER -