Projekte pro Jahr
Abstract
Meltdown and Spectre exploit microarchitectural changes the CPU makes during transient out-of-order execution. Using side-channel techniques, these attacks enable leaking arbitrary data from memory. As state-of-the-art software mitigations for Meltdown may incur significant performance overheads, they are only seen as a temporary solution. Thus, software mitigations are disabled on more recent processors, which are not susceptible to Meltdown anymore. In this paper, we show that Meltdown-like attacks are still possible on recent CPUs which are not vulnerable to the original Meltdown attack. We show that the store buffer---a microarchitectural optimization to reduce the latency for data stores---in combination with the TLB enables powerful attacks. We present several ASLR-related attacks, including a KASLR break from unprivileged applications, and breaking ASLR from JavaScript. We can also mount side-channel attacks, breaking the atomicity of TSX, and monitoring control flow of the kernel. Furthermore, when combined with a simple Spectre gadget, we can leak arbitrary data from memory. Our paper shows that Meltdown-like attacks are still possible, and software fixes are still necessary to ensure proper isolation between the kernel and user space.
Originalsprache | englisch |
---|---|
Publikationsstatus | Veröffentlicht - 14 Mai 2019 |
Publikationsreihe
Name | arXiv.org e-Print archive |
---|---|
Herausgeber (Verlag) | Cornell University Library |
Projekte
- 3 Abgeschlossen
-
Leakage-Free - Hardware-Software Informationsflussanalyse für Leckagefreie Code-Generierung
1/10/18 → 30/09/20
Projekt: Forschungsprojekt
-
Espresso - Skalierbare hardware-gesicherte authentifizierung und Personalisierung intelligenter Sensorknoten
1/05/18 → 31/10/20
Projekt: Forschungsprojekt
-
EU - SOPHIA - Absicherung von Software gegen Physische Angriffe
1/09/16 → 31/08/21
Projekt: Forschungsprojekt
Aktivitäten
- 1 Vortrag bei Konferenz oder Fachtagung
-
Store-to-Leak Forwarding: There and Back Again
Claudio Alberto Canella (Redner/in), Lukas Giner (Redner/in) & Michael Schwarz (Redner/in)
2 Okt. 2020Aktivität: Vortrag oder Präsentation › Vortrag bei Konferenz oder Fachtagung › Science to science