CPU Port Contention Without SMT
Type de document :
Communication dans un congrès avec actes
Titre :
CPU Port Contention Without SMT
Auteur(s) :
Rokicki, Thomas [Auteur]
Security & PrIvaCY [SPICY]
Maurice, Clementine [Auteur]
Self-adaptation for distributed services and large software systems [SPIRALS]
Schwarz, Michael [Auteur]
Helmholtz Center for Information Security [Saarbrücken] [CISPA]
Security & PrIvaCY [SPICY]
Maurice, Clementine [Auteur]

Self-adaptation for distributed services and large software systems [SPIRALS]
Schwarz, Michael [Auteur]
Helmholtz Center for Information Security [Saarbrücken] [CISPA]
Titre de la manifestation scientifique :
27th European Symposium on Research in Computer Security (ESORICS 2022)
Ville :
Copenhagen
Pays :
Danemark
Date de début de la manifestation scientifique :
2022-09-26
Titre de la revue :
Lecture Notes in Computer Science
Éditeur :
Springer Nature Switzerland
Date de publication :
2022-09-24
Mot(s)-clé(s) en anglais :
Side channels
CPU port contention
Browsers
Fingerprinting
CPU port contention
Browsers
Fingerprinting
Discipline(s) HAL :
Informatique [cs]/Cryptographie et sécurité [cs.CR]
Résumé en anglais : [en]
CPU port contention has been used in the last years as a stateless side channel to perform side-channel attacks and transient execution attacks. One drawback of this channel is that it heavily relies on simultaneous ...
Lire la suite >CPU port contention has been used in the last years as a stateless side channel to perform side-channel attacks and transient execution attacks. One drawback of this channel is that it heavily relies on simultaneous multi-threading, which can be absent from some CPUs or simply disabled by the OS. In this paper, we present sequential port contention, which does not require SMT. It exploits sub-optimal scheduling to execution ports for instruction-level parallelization. As a result, specifically-crafted instruction sequences on a single thread suffer from an increased latency. We show that sequential port contention can be exploited from web browsers in WebAssembly. We present an automated framework to search for instruction sequences leading to sequential port contention for specific CPU generations, which we evaluated on 50 different CPUs. An attacker can use these sequences from the browser to determine the CPU generation within 12 s with a 95 % accuracy. This fingerprint is highly stable and resistant to system noise, and we show that mitigations are either expensive or only probabilistic.Lire moins >
Lire la suite >CPU port contention has been used in the last years as a stateless side channel to perform side-channel attacks and transient execution attacks. One drawback of this channel is that it heavily relies on simultaneous multi-threading, which can be absent from some CPUs or simply disabled by the OS. In this paper, we present sequential port contention, which does not require SMT. It exploits sub-optimal scheduling to execution ports for instruction-level parallelization. As a result, specifically-crafted instruction sequences on a single thread suffer from an increased latency. We show that sequential port contention can be exploited from web browsers in WebAssembly. We present an automated framework to search for instruction sequences leading to sequential port contention for specific CPU generations, which we evaluated on 50 different CPUs. An attacker can use these sequences from the browser to determine the CPU generation within 12 s with a 95 % accuracy. This fingerprint is highly stable and resistant to system noise, and we show that mitigations are either expensive or only probabilistic.Lire moins >
Langue :
Anglais
Comité de lecture :
Oui
Audience :
Internationale
Vulgarisation :
Non
Projet ANR :
Collections :
Source :
Fichiers
- https://hal.archives-ouvertes.fr/hal-03798342/document
- Accès libre
- Accéder au document
- https://hal.archives-ouvertes.fr/hal-03798342/document
- Accès libre
- Accéder au document
- document
- Accès libre
- Accéder au document
- esorics22_rokicki.pdf
- Accès libre
- Accéder au document
- document
- Accès libre
- Accéder au document
- esorics22_rokicki.pdf
- Accès libre
- Accéder au document