191 Hits in 8.4 sec

Software-based Microarchitectural Attacks [article]

Daniel Gruss
2017 arXiv   pre-print
Many optimizations depend on the data that is being processed. Software-based microarchitectural attacks exploit effects of these optimizations.  ...  Microarchitectural fault attacks exploit the physical imperfections of modern computer systems.  ...  We then use these primitives in three different attacks. 2. We present a generic attack to infer the translation level for every virtual address to defeat ASLR. 3.  ... 
arXiv:1706.05973v1 fatcat:4hwdpe4dancmblsxasg3a75h7a

Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices

Raphael Spreitzer, Veelasha Moonsamy, Thomas Korak, Stefan Mangard
2018 IEEE Communications Surveys and Tutorials  
application is all it takes to exploit the leaking information on modern mobile devices.  ...  While traditional side-channel attacks, such as power analysis attacks and electromagnetic analysis attacks, required physical presence of the attacker as well as expensive equipment, an (unprivileged)  ...  [7] and Szefer [40] surveyed microarchitectural attacks with a focus on cache attacks. Ullrich et al.  ... 
doi:10.1109/comst.2017.2779824 fatcat:4r5ceyc7pbdfxdmngtdncv4n5m

A Memory Hierarchy Protected against Side-Channel Attacks

Ezinam Bertrand Talaki, Olivier Savry, Mathieu Bouvier Des Noes, David Hely
2022 Cryptography  
In the vulnerability analysis of System on Chips, memory hierarchy is considered among the most valuable element to protect against information theft.  ...  Many first-order side-channel attacks have been reported on all its components from the main memory to the CPU registers.  ...  In order to address this issue, we present in this paper a masking method for protecting data in cache memories against first-order side-channel attacks based on power consumption analysis.  ... 
doi:10.3390/cryptography6020019 fatcat:asl6bft22ndclmt2u44vajfkle

An Off-Chip Attack on Hardware Enclaves via the Memory Bus [article]

Dayeol Lee, Dongha Jung, Ian T. Fang, Chia-Che Tsai, Raluca Ada Popa
2019 arXiv   pre-print
This paper shows how an attacker can break the confidentiality of a hardware enclave with Membuster, an off-chip attack based on snooping the memory bus.  ...  We introduce three techniques, critical page whitelisting, cache squeezing, and oracle-based fuzzy matching algorithm to increase cache misses for memory accesses that are useful for the attack, with no  ...  We also thank SK Hynix, especially Dongha Jung, Taeksang Song, and Yongtak Song for providing the facility for DRAM signal analysis, collecting physical experiment data, and explaining the technical details  ... 
arXiv:1912.01701v1 fatcat:nj6kipl65zewtd4tn6x6p6gzse

A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Events

Robert Callan, Alenka Zajic, Milos Prvulovic
2014 2014 47th Annual IEEE/ACM International Symposium on Microarchitecture  
Our findings from these experiments confirm key intuitive expectations, e.g. that SAVAT between on-chip instructions and off-chip memory accesses tends to be higher than between two on-chip instructions  ...  . the amount of signal made available to a potential attacker who wishes to decide whether the program has executed instruction/event A or instruction/event B.  ...  Bus snooping attacks require physical access to the system, but they are powerful because they give the attacker direct access to observe (and even modify) values that are communicated on the processor-memory  ... 
doi:10.1109/micro.2014.39 dblp:conf/micro/CallanZP14 fatcat:xbbvg4l2tnf3dehzrdmpwju6hy

Survey of Transient Execution Attacks [article]

Wenjie Xiong, Jakub Szefer
2020 arXiv   pre-print
Further, the existing attacks are compared, and the limitations of these attacks are discussed based on the proposed metrics.  ...  A set of metrics is proposed for each component to evaluate the feasibility of an attack. Moreover, the data that can be leaked in the attacks are summarized.  ...  For example, cache coherency policy can invalidate a cache line in a remote cache, and thus, it results in a covert channel between threads on di erent cores on the same processor chip [106, 130] .  ... 
arXiv:2005.13435v2 fatcat:fuigp3ipqnbghlf5dch2r6zp5u

V0LTpwn: Attacking x86 Processor Integrity from Software [article]

Zijo Kenjar, Tommaso Frassetto, David Gens, Michael Franz, and Ahmad-Reza Sadeghi
2019 arXiv   pre-print
Under a V0LTpwn attack, CPU instructions will continue to execute with erroneous results and without crashes, allowing for exploitation.  ...  To the best of our knowledge, this represents the first attack on x86 integrity from software. The key idea behind our attack is to undervolt a physical core to force non-recoverable hardware faults.  ...  attacker has to push the victim core beyond a certain threshold to ensure successful faults and exploitation.  ... 
arXiv:1912.04870v1 fatcat:4bazs7ee65hlbd4d5dga63op7q

Coherence Attacks and Countermeasures in Interposer-Based Systems [article]

Gino Chacon, Tapojyoti Mandal, Johann Knechtel, Ozgur Sinanoglu, Paul Gratz, Vassos Soteriou
2022 arXiv   pre-print
Here, we explore these challenges, but also promises, for modern interposer-based systems of cache-coherent, multi-core chiplets.  ...  We show that our scheme prevents a wide range of attacks, including but not limited to our GETXspy attack, with little overhead on system performance, ∼4%.  ...  Given that the coherence protocol acts only based on rules for how memory is updated across multiple parties, attackers may exploit the coherence protocol's low-level behavior.  ... 
arXiv:2105.02917v2 fatcat:fqclgstfmfgzhmjop3mu2efpbm

Architecting Non-Volatile Main Memory to Guard Against Persistence-based Attacks [article]

Fan Yao, Guru Venkataramani
2019 arXiv   pre-print
DRAM-based main memory and its associated components increasingly account for a significant portion of application performance bottlenecks and power budget demands inside the computing ecosystem.  ...  We also explore the effect of encryption on a hybrid main memory that has a DRAM buffer cache plus PCM main memory.  ...  bus, tampered IP blocks, covertly communicating processes that exploit memory as storage channels etc.  ... 
arXiv:1902.03518v1 fatcat:lxenfuttzzedzebghxe4lktb54

ClepsydraCache – Preventing Cache Attacks with Time-Based Evictions [article]

Jan Philipp Thoma, Christian Niesler, Dominic Funke, Gregor Leander, Pierre Mayr, Nils Pohl, Lucas Davi, Tim Güneysu
2021 arXiv   pre-print
Both the shift towards attacks on the microarchitectural CPU level and the ongoing transition towards cloud computing and shared VM hosts have increasingly drawn attention towards cache attacks.  ...  Furthermore, our solution is applicable to large last-level caches which are the most common targets for cache attacks.  ...  The shared nature of the LLC makes it an particularly worthwhile target for attackers since the timing side-channel can be exploited beyond process boundaries or even on colocated virtual machines.  ... 
arXiv:2104.11469v1 fatcat:7yn3erafibcfjkveaxo3px5oze

Leaky Buddies: Cross-Component Covert Channels on Integrated CPU-GPU Systems [article]

Sankha Baran Dutta, Hoda Naghibijouybari, Nael Abu-Ghazaleh, Andres Marquez, Kevin Barker
2020 arXiv   pre-print
We also exploit GPU parallelism to increase the bandwidth of the communication, even without relying on a common clock.  ...  Specifically, we consider the potential for covert channel attacks that arise either from shared microarchitectural components (such as caches) or through shared contention domains (e.g., shared buses)  ...  microarchitectural structure such as buses or ports.  ... 
arXiv:2011.09642v1 fatcat:lualqel46rbjtdub663jniuccu

Plundervolt: Software-based Fault Injection Attacks against Intel SGX

Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, Frank Piessens
2020 2020 IEEE Symposium on Security and Privacy (SP)  
software-based fault injection attacks against Intel SGX. in  ...  Structure of the Paper Section II presents the attacker model, our experimental setup and the tested CPUs.  ...  allegedly uses steps of 5 mV [30] . 2) Based on the VID, the voltage regulator chip adjusts the voltage supplied via the core voltage pins (VCC) to the CPU.  ... 
doi:10.1109/sp40000.2020.00057 dblp:conf/sp/MurdockOGBGP20 fatcat:hk23tfteyrb3pbp7gkczqgp4re

Plundervolt: Software-based Fault Injection Attacks against Intel SGX

K. Murdock, D. Oswald, F. Garcia, J. Bulck, D. Gruss, F. Piessens
2020 Zenodo  
Design restrictions ensure frequency and voltage are adjusted as a pair, based on the current load, because for each frequency there is only a certain voltage range where the processor can operate correctly  ...  In this paper, we demonstrate that these privileged interfaces can be reliably exploited to undermine the system's security.  ...  ACKNOWLEDGMENTS This research is partially funded by the Research Fund KU Leuven, and by the Agency for Innovation and Entrepreneurship (Flanders).  ... 
doi:10.5281/zenodo.3952135 fatcat:67z2ko4p4rcgfbt6gvykbyviyi

Understanding contention-based channels and using them for defense

Casen Hunger, Mikhail Kazdagli, Ankit Rawat, Alex Dimakis, Sriram Vishwanath, Mohit Tiwari
2015 2015 IEEE 21st International Symposium on High Performance Computer Architecture (HPCA)  
We then quantify the communication capacity of several microarchitectural covert channels (including channels that rely on performance counters, AES hardware and memory buses) and measure bandwidths across  ...  Significant prior work has demonstrated attacks and defenses for specific types of such microarchitectural side and covert channels.  ...  Acknowledgments The authors would like to thank the anonymous reviewers for insightful comments on this paper. This work was funded in part by Grants NSF CNS-1314709 and NSF CNS-1263341.  ... 
doi:10.1109/hpca.2015.7056069 dblp:conf/hpca/HungerKRDVT15 fatcat:jll2nbcn6neqtaqj6gzxi5vwwe

When a Patch is Not Enough - HardFails: Software-Exploitable Hardware Bugs [article]

Ghada Dessouky, David Gens, Patrick Haney, Garrett Persyn, Arun Kanuparthi, Hareesh Khattri, Jason M. Fung, Ahmad-Reza Sadeghi, Jeyavijayan Rajendran
2018 arXiv   pre-print
We show that a protection gap currently exists in practice that leaves chip designs vulnerable to software-based attacks.  ...  We also craft a real-world software attack that exploits one of the RTL bugs from Hack@DAC that evaded detection and discuss novel approaches to mitigate the growing problem of cross-layer bugs at design  ...  After tape-out and fabrication, the chip is powered on and the platform bring-up step ensures that the chip is functional.  ... 
arXiv:1812.00197v1 fatcat:5glutvm4tzarza7dwh3kk75bhe
« Previous Showing results 1 — 15 out of 191 results