Abstract
Transient execution attacks have been severe security threats since such attacks exploit architectural vulnerabilities in out-of-order processors. Researchers proposed several architectural solutions to defend against transient execution attacks. By restoring the victim blocks stored temporarily in a restore buffer, the undo-based approaches can revoke the cache state changed by speculative loads. Thus it is known that the undo-based defense mechanisms can protect processors from transient execution attacks.In this paper, we reveal the undo-based protection scheme is still vulnerable to the elaborated Prime+Probe type attacks. Under the undo-based protection, the victim blocks by the speculative loads are stored in the restore buffer that has limited resources. Thus if the restore buffer is full, part of the victim blocks in the restore buffer can be evicted from the restore buffer. Then the cache state cannot be restored since the processor cannot find the victim blocks required for restoring the cache state. We design a restore buffer overflow attack that can leak secret data even if the processor is protected under the undo-based scheme. We evaluate the attack mechanism using the architectural simulator. Our evaluation exhibits that the attack can leak part of secret data successfully.
Original language | English |
---|---|
Title of host publication | 36th International Conference on Information Networking, ICOIN 2022 |
Publisher | IEEE Computer Society |
Pages | 315-318 |
Number of pages | 4 |
ISBN (Electronic) | 9781665413329 |
DOIs | |
Publication status | Published - 2022 |
Event | 36th International Conference on Information Networking, ICOIN 2022 - Virtual, Jeju Island, Korea, Republic of Duration: 2022 Jan 12 → 2022 Jan 15 |
Publication series
Name | International Conference on Information Networking |
---|---|
Volume | 2022-January |
ISSN (Print) | 1976-7684 |
Conference
Conference | 36th International Conference on Information Networking, ICOIN 2022 |
---|---|
Country/Territory | Korea, Republic of |
City | Virtual, Jeju Island |
Period | 22/1/12 → 22/1/15 |
Bibliographical note
Publisher Copyright:© 2022 IEEE.
Keywords
- Cache Side-Channels
- Secure Architecture
- Speculative Execution
- Transient Execution Attacks
ASJC Scopus subject areas
- Computer Networks and Communications
- Information Systems