Search: onr:"swepub:oai:DiVA.org:uu-488207" > Data-Out Instructio...
Fältnamn | Indikatorer | Metadata |
---|---|---|
000 | 04287naa a2200361 4500 | |
001 | oai:DiVA.org:uu-488207 | |
003 | SwePub | |
008 | 221110s2022 | |||||||||||000 ||eng| | |
024 | 7 | a https://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-4882072 URI |
024 | 7 | a https://doi.org/10.1109/SEED55351.2022.000122 DOI |
040 | a (SwePub)uu | |
041 | a engb eng | |
042 | 9 SwePub | |
072 | 7 | a ref2 swepub-contenttype |
072 | 7 | a kon2 swepub-publicationtype |
100 | 1 | a Aimoniotis, Pavlosu Uppsala universitet,Avdelningen för datorteknik,Datorarkitektur och datorkommunikation,Uppsala Architecture Research Team4 aut0 (Swepub:uu)pavai350 |
245 | 1 0 | a Data-Out Instruction-In (DOIN!) :b Leveraging Inclusive Caches to Attack Speculative Delay Schemes |
264 | 1 | b Institute of Electrical and Electronics Engineers (IEEE),c 2022 |
338 | a print2 rdacarrier | |
520 | a Although the cache has been a known side-channel for years, it has gained renewed notoriety with the introduction of speculative side-channel attacks such as Spectre, which were able to use caches to not just observe a victim, but to leak secrets. Because the cache continues to be one of the most exploitable side channels, it is often the primary target to safeguard in secure speculative execution schemes. One of the simpler secure speculation approaches is to delay speculative accesses whose effect can be observed until they become non-speculative. Delay-on-Miss, for example, delays all observable speculative loads, i.e., the ones that miss in the cache, and preserves the majority of the performance of the baseline (unsafe speculation) by executing speculative loads that hit in the cache, which were thought to be unobservable.However, previous work has failed to consider how instruction fetching can eject cache lines from the shared, lower level caches, and thus from higher cache levels due to inclusivity. In this work, we show how cache conflicts between instruction fetch and data accesses can extend previous attacks and present the following new insights:1. It is possible to use lower level caches to perform Prime+Probe through conflicts resulting from instruction fetching. This is an extension to previous Prime+Probe attacks that potentially avoids other developed mitigation strategies.2. Data-instruction conflicts can be used to perform a Spectre attack that breaks Delay-on-Miss. After acquiring a secret, secret-dependent instruction fetching can cause cache conflicts that result in evictions in the L1D cache, creating observable timing differences. Essentially, it is possible to leak a secret bit-by-bit through the cache, despite Delay-on-Miss defending against caches.We call our new attack Data-Out Instruction-In, DOIN!, and demonstrate it on a real commercial core, the AMD Ryzen 9. We demonstrate how DOIN! interacts with Delay-on-Miss and perform an analysis of noise and bandwidth. Furthermore, we propose a simple defense extension for Delay-on-Miss to maintain its security guarantees, at the cost of negligible performance degradation while executing the Spec06 workloads. | |
650 | 7 | a TEKNIK OCH TEKNOLOGIERx Elektroteknik och elektronikx Datorsystem0 (SwePub)202062 hsv//swe |
650 | 7 | a ENGINEERING AND TECHNOLOGYx Electrical Engineering, Electronic Engineering, Information Engineeringx Computer Systems0 (SwePub)202062 hsv//eng |
653 | a computer architecture | |
653 | a security | |
653 | a speculative side-channels | |
653 | a spectre | |
700 | 1 | a Kvalsvik, Amund Berglandu Norwegian University of Science and Technology (NTNU)4 aut |
700 | 1 | a Själander, Magnusu Norwegian University of Science and Technology (NTNU)4 aut |
700 | 1 | a Kaxiras, Stefanosu Uppsala universitet,Avdelningen för datorteknik,Datorarkitektur och datorkommunikation,Uppsala Architecture Research Team4 aut0 (Swepub:uu)steka984 |
710 | 2 | a Uppsala universitetb Avdelningen för datorteknik4 org |
773 | 0 | t 2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED 2022)d : Institute of Electrical and Electronics Engineers (IEEE)g , s. 49-60q <49-60z 9781665485265z 9781665485272 |
856 | 4 8 | u https://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-488207 |
856 | 4 8 | u https://doi.org/10.1109/SEED55351.2022.00012 |
Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.
Copy and save the link in order to return to this view