NetSpectre: Read Arbitrary Memory over Network

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

All Spectre attacks so far required local code execution. We present the first fully remote Spectre attack. For this purpose, we demonstrate the first access-driven remote Evict+Reload cache attack over the network, leaking 15 bits per hour. We present a novel high-performance AVX-based covert channel that we use in our cache-free Spectre attack.
We show that in particular remote Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system. We demonstrate practical NetSpectre attacks on the Google cloud, remotely leaking data and remotely breaking ASLR.
Original languageEnglish
Title of host publicationComputer Security - ESORICS 2019
Subtitle of host publication24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings
Place of PublicationCham
PublisherSpringer
Pages279-299
Volume1
ISBN (Electronic)978-3-030-29959-0
ISBN (Print)978-3-030-29958-3
DOIs
Publication statusPublished - Sep 2019
EventESORICS 2019: 24th European Symposium on Research in Computer Security - Luxembourg, Luxembourg
Duration: 23 Sep 201927 Sep 2019

Publication series

NameLecture Notes in Computer Science
Volume 11735

Conference

ConferenceESORICS 2019
CountryLuxembourg
CityLuxembourg
Period23/09/1927/09/19

    Fingerprint

Cite this

Schwarz, M., Schwarzl, M., Lipp, M., Masters, J., & Gruß, D. (2019). NetSpectre: Read Arbitrary Memory over Network. In Computer Security - ESORICS 2019: 24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings (Vol. 1, pp. 279-299). (Lecture Notes in Computer Science; Vol. 11735). Cham: Springer. https://doi.org/10.1007/978-3-030-29959-0_14