Take A Way: Exploring the Security Implications of AMD's Cache Way Predictors

To optimize the energy consumption and performance of their CPUs, AMD introduced a way predictor for the L1-data (L1D) cache to predict in which cache way a certain address is located. Consequently, only this way is accessed, significantly reducing the power consumption of the processor. In this paper, we are the first to exploit the cache way predictor. We reverse-engineered AMD's L1D cache way predictor in microarchitectures from 2011 to 2019, resulting in two new attack techniques. With Collide+Probe, an attacker can monitor a victim?s memory accesses without knowledge of physical addresses or shared memory when time-sharing a logical core. With Load+Reload, we exploit the way predictor to obtain highly-accurate memory-access traces of victims on the same physical core. While Load+Reload relies on shared memory, it does not invalidate the cache line, allowing stealthier attacks that do not induce any last-level-cache evictions. We evaluate our new side channel in different attack scenarios. We demonstrate a covert channel with up to 588.9 kB/s, which we also use in a Spectre attack to exfiltrate secret data from the kernel. Furthermore, we present a key-recovery attack from a vulnerable cryptographic implementation. We also show an entropy-reducing attack on ASLR of the kernel of a fully patched Linux system, the hypervisor, and our own address space from JavaScript. Finally, we propose countermeasures in software and hardware mitigating the presented attacks

[1]  Robert Könighofer,et al.  A Fast and Cache-Timing Resistant Implementation of the AES , 2008, CT-RSA.

[2]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[3]  John C. Wray An Analysis of Covert Timing Channels , 1992, J. Comput. Secur..

[4]  M. Chiani Error Detecting and Error Correcting Codes , 2012 .

[5]  Babak Falsafi,et al.  SMoTherSpectre: Exploiting Speculative Execution through Port Contention , 2019, CCS.

[6]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[7]  Kay Römer,et al.  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud , 2017, NDSS.

[8]  Herbert Bos,et al.  RIDL: Rogue In-Flight Data Load , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[9]  Mario Werner,et al.  ScatterCache: Thwarting Cache Attacks via Cache Set Randomization , 2019, USENIX Security Symposium.

[10]  Tanja Lange,et al.  Flush, Gauss, and reload : a cache attack on the BLISS lattice-based signature scheme , 2016 .

[11]  Nael B. Abu-Ghazaleh,et al.  Spectre Returns! Speculation Attacks Using the Return Stack Buffer , 2018, IEEE Design & Test.

[12]  Thomas Plos,et al.  Cache-Access Pattern Attack on Disaligned AES T-Tables , 2013, COSADE.

[13]  David Black-Schaffer,et al.  Dynamically Disabling Way-prediction to Reduce Instruction Replay , 2018, 2018 IEEE 36th International Conference on Computer Design (ICCD).

[14]  Stefan Mangard,et al.  KASLR is Dead: Long Live KASLR , 2017, ESSoS.

[15]  Stefan Mangard,et al.  Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript , 2015, DIMVA.

[16]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[17]  Per Larsen,et al.  Thwarting Cache Side-Channel Attacks Through Dynamic Software Diversity , 2015, NDSS.

[18]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[19]  Jan Reineke,et al.  Measurement-based modeling of the cache replacement policy , 2013, 2013 IEEE 19th Real-Time and Embedded Technology and Applications Symposium (RTAS).

[20]  Angelos D. Keromytis,et al.  The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications , 2015, CCS.

[21]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[22]  Daniel Gruss,et al.  Store-to-Leak Forwarding: Leaking Data on Meltdown-resistant CPUs , 2019, ArXiv.

[23]  Kazumaro Aoki,et al.  Highly Accurate Key Extraction Method for Access-Driven Cache Attacks Using Correlation Coefficient , 2013, ACISP.

[24]  Frank Piessens,et al.  A Systematic Evaluation of Transient Execution Attacks and Defenses , 2018, USENIX Security Symposium.

[25]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[26]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[27]  Martin Schwarzl,et al.  NetSpectre: Read Arbitrary Memory over Network , 2018, ESORICS.

[28]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[29]  Mike Clark,et al.  A new ×86 core architecture for the next generation of computing , 2016, IEEE Hot Chips Symposium.

[30]  Stefan Mangard,et al.  ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.

[31]  Christian Rossow,et al.  ret2spec: Speculative Execution Using Return Stack Buffers , 2018, CCS.

[32]  Stefan Mangard,et al.  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks , 2015, USENIX Security Symposium.

[33]  Herbert Bos,et al.  Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks , 2018, USENIX Security Symposium.

[34]  Stefan Mangard,et al.  KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks , 2018, NDSS.

[35]  Herbert Bos,et al.  ASLR on the Line: Practical Cache Attacks on the MMU , 2017, NDSS.

[36]  Richard E. Kessler,et al.  The Alpha 21264 microprocessor , 1999, IEEE Micro.

[37]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[38]  Thomas R. Gross,et al.  CAIN: Silently Breaking ASLR in the Cloud , 2015, WOOT.

[39]  Kazuaki Murakami,et al.  Way-predicting set-associative cache for high performance and low energy consumption , 1999, Proceedings. 1999 International Symposium on Low Power Electronics and Design (Cat. No.99TH8477).

[40]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[41]  Taesoo Kim,et al.  Breaking Kernel Address Space Layout Randomization with Intel TSX , 2016, CCS.

[42]  Carsten Willems,et al.  Practical Timing Side Channel Attacks against Kernel Space ASLR , 2013, 2013 IEEE Symposium on Security and Privacy.

[43]  Moinuddin K. Qureshi New Attacks and Defense for Encrypted-Address Cache , 2019, 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA).

[44]  Stefan Mangard,et al.  Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches , 2015, USENIX Security Symposium.

[45]  Yuan Xiao,et al.  Return-Oriented Flush-Reload Side Channels on ARM and Their Implications for Android Devices , 2016, CCS.

[46]  Josep Torrellas,et al.  Attack Directories, Not Caches: Side Channel Attacks in a Non-Inclusive World , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[47]  Nael B. Abu-Ghazaleh,et al.  Jump over ASLR: Attacking branch predictors to bypass ASLR , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[48]  SkjellumAnthony,et al.  A high-performance, portable implementation of the MPI message passing interface standard , 1996 .

[49]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[50]  Chester Rebeiro,et al.  Bitslice Implementation of AES , 2006, CANS.

[51]  Gorka Irazoqui Apecechea,et al.  S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES , 2015, 2015 IEEE Symposium on Security and Privacy.

[52]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[53]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[54]  Frank Piessens,et al.  Fallout: Leaking Data on Meltdown-resistant CPUs , 2019, CCS.

[55]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[56]  Nicolas Le Scouarnec,et al.  Reverse Engineering Intel Last-Level Cache Complex Addressing Using Performance Counters , 2015, RAID.

[57]  Stefan Mangard,et al.  Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript , 2017, Financial Cryptography.

[58]  Daniel Gruss,et al.  ZombieLoad: Cross-Privilege-Boundary Data Sampling , 2019, CCS.

[59]  Gorka Irazoqui Apecechea,et al.  Cross Processor Cache Attacks , 2016, IACR Cryptol. ePrint Arch..

[60]  Stefan Mangard,et al.  Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR , 2016, CCS.

[61]  Richard W. Hamming,et al.  Error detecting and error correcting codes , 1950 .

[62]  Michael K. Reiter,et al.  Cross-Tenant Side-Channel Attacks in PaaS Clouds , 2014, CCS.

[63]  Cesar Pereida García,et al.  Port Contention for Fun and Profit , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[64]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.