Survey of microarchitectural side and covert channels, attacks, and defenses
J Szefer - Journal of Hardware and Systems Security, 2019 - Springer
Over the last two decades, side and covert channel research has shown a variety of ways of
exfiltrating information for a computer system. Processor microarchitectural timing-based …
exfiltrating information for a computer system. Processor microarchitectural timing-based …
LVI: Hijacking transient execution through microarchitectural load value injection
The recent Spectre attack first showed how to inject incorrect branch targets into a victim
domain by poisoning microarchitectural branch prediction history. In this paper, we …
domain by poisoning microarchitectural branch prediction history. In this paper, we …
Inferring fine-grained control flow inside {SGX} enclaves with branch shadowing
Intel has introduced a hardware-based trusted execution environment, Intel Software Guard
Extensions (SGX), that provides a secure, isolated execution environment, or enclave, for a …
Extensions (SGX), that provides a secure, isolated execution environment, or enclave, for a …
Last-level cache side-channel attacks are practical
We present an effective implementation of the Prime+ Probe side-channel attack against the
last-level cache. We measure the capacity of the covert channel the attack creates and …
last-level cache. We measure the capacity of the covert channel the attack creates and …
Branchscope: A new side-channel attack on directional branch predictor
We present BranchScope-a new side-channel attack where the attacker infers the direction
of an arbitrary conditional branch instruction in a victim program by manipulating the shared …
of an arbitrary conditional branch instruction in a victim program by manipulating the shared …
A survey of timing channels and countermeasures
A timing channel is a communication channel that can transfer information to a
receiver/decoder by modulating the timing behavior of an entity. Examples of this entity …
receiver/decoder by modulating the timing behavior of an entity. Examples of this entity …
A survey of microarchitectural timing attacks and countermeasures on contemporary hardware
Microarchitectural timing channels expose hidden hardware states though timing. We survey
recent attacks that exploit microarchitectural features in shared hardware, especially as they …
recent attacks that exploit microarchitectural features in shared hardware, especially as they …
{FLUSH+ RELOAD}: A high resolution, low noise, l3 cache {Side-Channel} attack
Sharing memory pages between non-trusting processes is a common method of reducing
the memory footprint of multi-tenanted systems. In this paper we demonstrate that, due to a …
the memory footprint of multi-tenanted systems. In this paper we demonstrate that, due to a …
Cachezoom: How SGX amplifies the power of cache attacks
In modern computing environments, hardware resources are commonly shared, and parallel
computation is widely used. Parallel tasks can cause privacy and security problems if proper …
computation is widely used. Parallel tasks can cause privacy and security problems if proper …
Lord of the ring (s): Side channel attacks on the {CPU}{On-Chip} ring interconnect are practical
We introduce the first microarchitectural side channel attacks that leverage contention on the
CPU ring interconnect. There are two challenges that make it uniquely difficult to exploit this …
CPU ring interconnect. There are two challenges that make it uniquely difficult to exploit this …