CrossTalk: Speculative Data Leaks Across Cores Are Real

Ragab, Hany; Milburn, Alyssa; Razavi, Kaveh; Bos, Herbert; Giuffrida, Cristiano

doi:10.1109/sp40001.2021.00020

Cited by 76 publications

(41 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…VERIFY returns True only and only if e 1 = e 2 × e 3 . Otherwise, the verification of the signature fails (Line [35][36][37][38][39]. Note that the verification process (127.3 ms) is significantly more costly than the signing phase (3.4 ms) and the baseline method Elliptic Curve Digital Signature Algorithm (ECDSA) verification (74 ms).…”

Section: Appendix B Pseudo-codes For Ots-ske Implementationmentioning

confidence: 99%

Secure Remote Attestation with Strong Key Insulation Guarantees

Gurevin¹,

Jin²,

Nguyen³

et al. 2022

Preprint

View full text Add to dashboard Cite

Recent years have witnessed a trend of secure processor design in both academia and industry. Secure processors with hardware-enforced isolation can be a solid foundation of cloud computation in the future. However, due to recent sidechannel attacks, the commercial secure processors failed to deliver the promises of a secure isolated execution environment. Sensitive information inside the secure execution environment always gets leaked via side channels. This work considers the most powerful software-based side-channel attackers, i.e., an All Digital State Observing (ADSO) adversary who can observe all digital states, including all digital states in secure enclaves.Traditional signature schemes are not secure in ADSO adversarial model. We introduce a new cryptographic primitive called One-Time Signature with Secret Key Exposure (OTS-SKE), which ensures no one can forge a valid signature of a new message or nonce even if all secret session keys are leaked. OTS-SKE enables us to sign attestation reports securely under the ADSO adversary. We also minimize the trusted computing base by introducing a secure co-processor into the system, and the interaction between the secure co-processor and the attestation processor is unidirectional. That is, the co-processor takes no inputs from the processor and only generates secret keys for the processor to fetch. Our experimental results show that the signing of OTS-SKE is faster than that of Elliptic Curve Digital Signature Algorithm (ECDSA) used in Intel SGX.

show abstract

Section: Appendix B Pseudo-codes For Ots-ske Implementationmentioning

confidence: 99%

Secure Remote Attestation with Strong Key Insulation Guarantees

Gurevin¹,

Jin²,

Nguyen³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…Many side-channel attacks against enclaves have been identified in recent papers [15,51,53,54,9,41,31,40,2,38,10]; SGX has not been designed to prevent them [18]. There are attacks using various kinds of side-channel oracles-powerbased, timing-based, cache-based, FPU-based, etc.-to exfiltrate secrets and influence the behaviour of enclaves.…”

Section: Related Workmentioning

confidence: 99%

Guardian: symbolic validation of orderliness in SGX enclaves

Antonino,

Wołoszyn,

Roscoe

2021

Preprint

View full text Add to dashboard Cite

Modern processors can offer hardware primitives that allow a process to run in isolation. These primitives implement a trusted execution environment (TEE) in which a program can run such that the integrity and confidentiality of its execution are guaranteed. Intel's Software Guard eXtensions (SGX) is an example of such primitives and its isolated processes are called enclaves. These guarantees, however, can be easily thwarted if the enclave has not been properly designed. Its interface with the untrusted software stack is arguably the largest attack surface that adversaries can exploit; unintended interactions with untrusted code can expose the enclave to memory corruption attacks, for instance. In this paper, we propose a notion of an orderly enclave which splits its behaviour into several execution phases each of which imposes a set of restrictions on accesses to untrusted memory, phase transitions and registers sanitisation. A violation to these restrictions indicates an undesired behaviour which could be harnessed to perpetrate attacks against the enclave. We also introduce Guardian: a tool that uses symbolic execution to carry out the validation of an enclave against our notion of an orderly enclave; in this process, it also looks for some typical memory-corruption vulnerabilities. We discuss how our approach can prevent and flag enclave vulnerabilities that have been identified in the literature. Moreover, we have evaluated how our approach fares in the analysis of some practical enclaves. Guardian was able to identify real vulnerabilities on these enclaves which have been acknowledged and fixed by their maintainers.

show abstract

“…Mutation parameters in ABSynthe include instruction building blocks, repetition number, and use of memory barrier. Hardware fuzzing has also been utilized to improve existing Meltdown attacks [100] or find new variants of these attacks [65], automate the search for Spectre gadgets [90], and identify cross-core transient-execution attacks [77].…”

Section: Fuzzingmentioning

confidence: 99%

Osiris: Automated Discovery of Microarchitectural Side Channels

Weber,

Ibrahim,

Nemati

et al. 2021

Preprint

View full text Add to dashboard Cite

In the last years, a series of side channels have been discovered on CPUs. These side channels have been used in powerful attacks, e.g., on cryptographic implementations, or as building blocks in transient-execution attacks such as Spectre or Meltdown. However, in many cases, discovering side channels is still a tedious manual process.In this paper, we present Osiris, a fuzzing-based framework to automatically discover microarchitectural side channels. Based on a machine-readable specification of a CPU's ISA, Osiris generates instruction-sequence triples and automatically tests whether they form a timing-based side channel. Furthermore, Osiris evaluates their usability as a side channel in transient-execution attacks, i.e., as the microarchitectural encoding for attacks like Spectre. In total, we discover four novel timing-based side channels on Intel and AMD CPUs. Based on these side channels, we demonstrate exploitation in three case studies. We show that our microarchitectural KASLR break using non-temporal loads, FlushConflict, even works on the new Intel Ice Lake and Comet Lake microarchitectures. We present a cross-core cross-VM covert channel that is not relying on the memory subsystem and transmits up to 1 kbit/s. We demonstrate this channel on the AWS cloud, showing that it is stealthy and noise resistant. Finally, we demonstrate Stream+Reload, a covert channel for transientexecution attacks that, on average, allows leaking 7.83 bytes within a transient window, improving state-of-the-art attacks that only leak up to 3 bytes.

show abstract

CrossTalk: Speculative Data Leaks Across Cores Are Real

Cited by 76 publications

References 22 publications

Secure Remote Attestation with Strong Key Insulation Guarantees

Secure Remote Attestation with Strong Key Insulation Guarantees

Guardian: symbolic validation of orderliness in SGX enclaves

Osiris: Automated Discovery of Microarchitectural Side Channels

Contact Info

Product

Resources

About