Speculative Load Forwarding Attack on Modern Processors

2022 IEEE/ACM International Conference On Computer Aided Design (ICCAD) Pub Date : 2022-10-29 DOI:10.1145/3508352.3549417

Hasini Witharana, P. Mishra

{"title":"Speculative Load Forwarding Attack on Modern Processors","authors":"Hasini Witharana, P. Mishra","doi":"10.1145/3508352.3549417","DOIUrl":null,"url":null,"abstract":"Modern processors deliver high performance by utilizing advanced features such as out-of-order execution, branch prediction, speculative execution, and sophisticated buffer management. Unfortunately, these techniques have introduced diverse vulnerabilities including Spectre, Meltdown, and microarchitectural data sampling (MDS). Although Spectre and Meltdown can leak data via memory side channels, MDS has shown to leak data from the CPU internal buffers in Intel architectures. AMD has reported that its processors are not vulnerable to MDS/Meltdown type attacks. In this paper, we present a Meltdown/MDS type of attack to leak data from the load queue in AMD Zen family architectures. To the best of our knowledge, our approach is the first attempt in developing an attack on AMD architectures using speculative load forwarding to leak data through the load queue. Experimental evaluation demonstrates that our proposed attack is successful on multiple machines with AMD processors. We also explore a lightweight mitigation to defend against speculative load forwarding attack on modern processors.","PeriodicalId":270592,"journal":{"name":"2022 IEEE/ACM International Conference On Computer Aided Design (ICCAD)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE/ACM International Conference On Computer Aided Design (ICCAD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3508352.3549417","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Modern processors deliver high performance by utilizing advanced features such as out-of-order execution, branch prediction, speculative execution, and sophisticated buffer management. Unfortunately, these techniques have introduced diverse vulnerabilities including Spectre, Meltdown, and microarchitectural data sampling (MDS). Although Spectre and Meltdown can leak data via memory side channels, MDS has shown to leak data from the CPU internal buffers in Intel architectures. AMD has reported that its processors are not vulnerable to MDS/Meltdown type attacks. In this paper, we present a Meltdown/MDS type of attack to leak data from the load queue in AMD Zen family architectures. To the best of our knowledge, our approach is the first attempt in developing an attack on AMD architectures using speculative load forwarding to leak data through the load queue. Experimental evaluation demonstrates that our proposed attack is successful on multiple machines with AMD processors. We also explore a lightweight mitigation to defend against speculative load forwarding attack on modern processors.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

现代处理器的推测负载转发攻击

现代处理器通过利用诸如乱序执行、分支预测、推测执行和复杂的缓冲区管理等高级特性来提供高性能。不幸的是，这些技术带来了各种各样的漏洞，包括Spectre、Meltdown和微架构数据采样(MDS)。尽管Spectre和Meltdown可以通过内存侧通道泄露数据，但在英特尔架构中，MDS可以从CPU内部缓冲区泄露数据。AMD报告称其处理器不容易受到MDS/Meltdown类型的攻击。在本文中，我们提出了一种Meltdown/MDS类型的攻击，用于从AMD Zen系列架构的负载队列中泄漏数据。据我们所知，我们的方法是第一次尝试使用推测负载转发来通过负载队列泄露数据来开发对AMD架构的攻击。实验评估表明，我们提出的攻击在多台AMD处理器上是成功的。我们还探讨了一种轻量级缓解方法，以防御现代处理器上的推测性负载转发攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2022 IEEE/ACM International Conference On Computer Aided Design (ICCAD)

自引率

0.00%

发文量