Leaky Frontends: Micro-Op Cache and Processor Frontend Vulnerabilities

by   Shuwen Deng, et al.

This paper demonstrates a new class of security vulnerabilities due to the Micro-Op Caches, also called Decode Stream Buffer, and other components in the processor frontend. The vulnerabilities presented in this work exploit multiple paths in the processor frontend that the micro-ops can take: through the Micro-Instruction Translation Engine (MITE), through the Decode Stream Buffer (DSB), or through the Loop Stream Detector (LSD). Each path has its own unique timing and power signature, which leads to security vulnerabilities. The vulnerabilities can be used as side or covert channels for information leakage and can be exploited to create both timing and power attacks. As information leakage channels, the new vulnerabilities are orthogonal to the existing speculative execution attacks and can be used as covert transmission channels in a new variant of speculative attacks that is demonstrated in this work. The vulnerabilities further affect Intel SGX enclaves, and this work shows how information can be leaked from SGX enclaves through the sharing of the frontend paths. The transmission rates for new attacks based on the vulnerabilities presented can be as high as 1410 Kbps (1.41 Mbps) with an almost 0 Consequently, this work demonstrates that multiple paths in the processor frontend are a source of security vulnerabilities which have not been considered before and that focusing on just speculative execution attacks is not sufficient to secure today's processors.


A Benchmark Suite for Evaluating Caches' Vulnerability to Timing Attacks

Timing-based side or covert channels in processor caches continue to pre...

Speculative Leakage in ARM Cortex-A53

The recent Spectre attacks have demonstrated that modern microarchitectu...

IOTLB-SC: An Accelerator-Independent Leakage Source in Modern Cloud Systems

Recent research in micro-architectural attacks has uncovered a variety o...

Leaky Nets: Recovering Embedded Neural Network Models and Inputs through Simple Power and Timing Side-Channels – Attacks and Defenses

With the recent advancements in machine learning theory, many commercial...

Processor Hardware Security Vulnerabilities and their Detection by Unique Program Execution Checking

Recent discovery of security attacks in advanced processors, known as Sp...

SPEECHMINER: A Framework for Investigating and Measuring Speculative Execution Vulnerabilities

SPEculative Execution side Channel Hardware (SPEECH) Vulnerabilities hav...

Mitigating Power Attacks through Fine-Grained Instruction Reordering

Side-channel attacks are a security exploit that take advantage of infor...

Please sign up or login with your details

Forgot password? Click here to reset