Abstract
To optimize the energy consumption and performance of their CPUs, AMD introduced a way predictor for the L1-data (L1D) cache to predict in which cache way a certain address is located. Consequently, only this way is accessed, significantly reducing the power consumption of the processor.
In this paper, we are the first to exploit the cache way predictor. We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques. With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last-level-cache evictions.
We evaluate our new side channel in different attack scenarios. We demonstrate a covert channel with up to 588.9 kB/s, which we also use in a Spectre attack to exfiltrate secret data from the kernel. Furthermore, we present a key-recovery attack from a vulnerable cryptographic implementation. We also show an entropy-reducing attack on ASLR of the kernel of a fully patched Linux system, the hypervisor, and our own address space from JavaScript. Finally, we
propose countermeasures in software and hardware mitigating the presented attacks.
In this paper, we are the first to exploit the cache way predictor. We reverse-engineered AMD’s L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques. With Collide+Probe, an attacker can monitor a victim’s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last-level-cache evictions.
We evaluate our new side channel in different attack scenarios. We demonstrate a covert channel with up to 588.9 kB/s, which we also use in a Spectre attack to exfiltrate secret data from the kernel. Furthermore, we present a key-recovery attack from a vulnerable cryptographic implementation. We also show an entropy-reducing attack on ASLR of the kernel of a fully patched Linux system, the hypervisor, and our own address space from JavaScript. Finally, we
propose countermeasures in software and hardware mitigating the presented attacks.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020 |
| Place of Publication | New York, NY |
| Publisher | Association of Computing Machinery |
| Pages | 813–825 |
| Number of pages | 13 |
| ISBN (Electronic) | 978-1-4503-6750-9 |
| DOIs | |
| Publication status | Published - 5 Oct 2020 |
| Event | 15th ACM ASIA Conference on Computer and Communications Security: AsiaCCS 2020 - Virtuell Duration: 5 Oct 2020 → 9 Oct 2020 |
Conference
| Conference | 15th ACM ASIA Conference on Computer and Communications Security |
|---|---|
| Abbreviated title | AsiaCCS 2020: |
| City | Virtuell |
| Period | 5/10/20 → 9/10/20 |
Keywords
- Side-channel attack
- way predictor
- side-channel attacks
- way prediction
ASJC Scopus subject areas
- Software
- Computer Networks and Communications
