Write me and i’ll tell you secrets
- There is a long history of side channels in the memory hierarchy of modern CPUs. Especially the cache side channel is widely used in the context of transient execution attacks and covert channels. Therefore, many secure cache architectures have been proposed. Most of these architectures aim to make the construction of eviction sets infeasible by randomizing the address-to-cache mapping. In this paper, we investigate the peculiarities of write instructions in recent CPUs. We identify Write+Write, a new side channel on Intel CPUs that leaks whether two addresses contend for the same cache set. We show how Write+Write can be used for rapid construction of eviction sets on current cache architectures. Moreover, we replicate the Write+Write effect in gem5 and demonstrate on the example of ScatterCache [57] how it can be exploited to efficiently attack state-of-the-art cache randomization schemes. In addition to the Write+Write side channel, we show how Write-After-Write effects can be leveraged to efficiently synchronize covert channel communication across CPU cores. This yields the potential for much more stealthy covert channel communication than before.
| Author: | Jan Philipp ThomaORCiDGND, Tim GüneysuORCiDGND |
|---|---|
| URN: | urn:nbn:de:hbz:294-109832 |
| DOI: | https://doi.org/10.1145/3545948.3545987 |
| Parent Title (English): | RAID '22: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses |
| Subtitle (English): | Write-after-write effects on Intel CPUs |
| Publisher: | Association for Computing Machinery |
| Place of publication: | New York City, New York |
| Document Type: | Article |
| Language: | English |
| Date of Publication (online): | 2024/03/01 |
| Date of first Publication: | 2022/10/26 |
| Publishing Institution: | Ruhr-Universität Bochum, Universitätsbibliothek |
| Tag: | Cache Attacks; Microarchitecture; Side Channels |
| Volume: | 2022 |
| Pagenumber: | 72 |
| First Page: | 85 |
| Institutes/Facilities: | Horst Görtz Institut für IT-Sicherheit |
| Dewey Decimal Classification: | Technik, Medizin, angewandte Wissenschaften / Elektrotechnik, Elektronik |
| open_access (DINI-Set): | open_access |
| faculties: | Fakultät für Elektrotechnik und Informationstechnik |
| Licence (English): |  Creative Commons - CC BY 4.0 - Attribution 4.0 International |
