CPU Port Contention Without SMT

Rokicki, Thomas; Maurice, Clementine; Schwarz, Michael

Type de document :

Communication dans un congrès avec actes

DOI :

10.1007/978-3-031-17143-7_11

Titre :

CPU Port Contention Without SMT

Auteur(s) :

Rokicki, Thomas [Auteur]
Security & PrIvaCY [SPICY]
Maurice, Clementine [Auteur]

Self-adaptation for distributed services and large software systems [SPIRALS]
Schwarz, Michael [Auteur]
Helmholtz Center for Information Security [Saarbrücken] [CISPA]

Titre de la manifestation scientifique :

27th European Symposium on Research in Computer Security (ESORICS 2022)

Ville :

Copenhagen

Pays :

Danemark

Date de début de la manifestation scientifique :

2022-09-26

Titre de la revue :

Lecture Notes in Computer Science

Éditeur :

Springer Nature Switzerland

Date de publication :

2022-09-24

Mot(s)-clé(s) en anglais :

Side channels
CPU port contention
Browsers
Fingerprinting

Discipline(s) HAL :

Informatique [cs]/Cryptographie et sécurité [cs.CR]

Résumé en anglais : [en]

CPU port contention has been used in the last years as a stateless side channel to perform side-channel attacks and transient execution attacks. One drawback of this channel is that it heavily relies on simultaneous ...
Lire la suite >CPU port contention has been used in the last years as a stateless side channel to perform side-channel attacks and transient execution attacks. One drawback of this channel is that it heavily relies on simultaneous multi-threading, which can be absent from some CPUs or simply disabled by the OS. In this paper, we present sequential port contention, which does not require SMT. It exploits sub-optimal scheduling to execution ports for instruction-level parallelization. As a result, specifically-crafted instruction sequences on a single thread suffer from an increased latency. We show that sequential port contention can be exploited from web browsers in WebAssembly. We present an automated framework to search for instruction sequences leading to sequential port contention for specific CPU generations, which we evaluated on 50 different CPUs. An attacker can use these sequences from the browser to determine the CPU generation within 12 s with a 95 % accuracy. This fingerprint is highly stable and resistant to system noise, and we show that mitigations are either expensive or only probabilistic.Lire moins >

Langue :

Anglais

Comité de lecture :

Oui

Audience :

Internationale

Vulgarisation :

Non

Projet ANR :

Attaques sur la micro-architecture des systèmes ubiquitaires
Fingerprinting et exploration des attaques et défenses sur CPU depuis des scripts web

Collections :