MicroScope: Enabling microarchitectural replay attacks

Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, Christopher Wardlaw Fletcher

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The popularity of hardware-based Trusted Execution Environments (TEEs) has recently skyrocketed with the introduction of Intel's Software Guard Extensions (SGX). In SGX, the user process is protected from supervisor software, such as the operating system, through an isolated execution environment called an enclave. Despite the isolation guarantees provided by TEEs, numerous microarchitectural side channel attacks have been demonstrated that bypass their defense mechanisms. But, not all hope is lost for defenders: many modern fine-grain, high-resolution side channels - -e.g., execution unit port contention - -introduce large amounts of noise, complicating the adversary's task to reliably extract secrets. In this work, we introduce Microarchitectural Replay Attacks, whereby an SGX adversary can denoise nearly arbitrary microarchitectural side channels in a single run of the victim, by causing the victim to repeatedly replay on a page faulting instruction. We design, implement, and demonstrate our ideas in a framework, called MicroScope, and use it to denoise notoriously noisy side channels. Our main result shows how MicroScope can denoise the execution unit port contention channel. Specifically, we show how Micro-Scope can reliably detect the presence or absence of as few as two divide instructions in a single logical run of the victim program. Such an attack could be used to detect subnormal input to individual floating-point instructions, or infer branch directions in an enclave despite today's countermeasures that flush the branch predictor at the enclave boundary. We also use MicroScope to single-step and denoise a cache-based attack on the OpenSSL implementation of AES. Finally, we discuss the broader implications of microarchitectural replay attacks - -as well as discuss other mechanisms that can cause replays.

Original languageEnglish (US)
Title of host publicationISCA 2019 - Proceedings of the 2019 46th International Symposium on Computer Architecture
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages318-331
Number of pages14
ISBN (Electronic)9781450366694
DOIs
StatePublished - Jun 22 2019
Event46th International Symposium on Computer Architecture, ISCA 2019 - Phoenix, United States
Duration: Jun 22 2019Jun 26 2019

Publication series

NameProceedings - International Symposium on Computer Architecture
ISSN (Print)1063-6897

Conference

Conference46th International Symposium on Computer Architecture, ISCA 2019
CountryUnited States
CityPhoenix
Period6/22/196/26/19

Fingerprint

Microscopes
Faulting
Supervisory personnel
Hardware
Side channel attack

Keywords

  • Operating system
  • Security
  • Side-channel
  • Virtual memory

ASJC Scopus subject areas

  • Hardware and Architecture

Cite this

Skarlatos, D., Yan, M., Gopireddy, B., Sprabery, R., Torrellas, J., & Fletcher, C. W. (2019). MicroScope: Enabling microarchitectural replay attacks. In ISCA 2019 - Proceedings of the 2019 46th International Symposium on Computer Architecture (pp. 318-331). (Proceedings - International Symposium on Computer Architecture). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1145/3307650.3322228

MicroScope : Enabling microarchitectural replay attacks. / Skarlatos, Dimitrios; Yan, Mengjia; Gopireddy, Bhargava; Sprabery, Read; Torrellas, Josep; Fletcher, Christopher Wardlaw.

ISCA 2019 - Proceedings of the 2019 46th International Symposium on Computer Architecture. Institute of Electrical and Electronics Engineers Inc., 2019. p. 318-331 (Proceedings - International Symposium on Computer Architecture).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Skarlatos, D, Yan, M, Gopireddy, B, Sprabery, R, Torrellas, J & Fletcher, CW 2019, MicroScope: Enabling microarchitectural replay attacks. in ISCA 2019 - Proceedings of the 2019 46th International Symposium on Computer Architecture. Proceedings - International Symposium on Computer Architecture, Institute of Electrical and Electronics Engineers Inc., pp. 318-331, 46th International Symposium on Computer Architecture, ISCA 2019, Phoenix, United States, 6/22/19. https://doi.org/10.1145/3307650.3322228
Skarlatos D, Yan M, Gopireddy B, Sprabery R, Torrellas J, Fletcher CW. MicroScope: Enabling microarchitectural replay attacks. In ISCA 2019 - Proceedings of the 2019 46th International Symposium on Computer Architecture. Institute of Electrical and Electronics Engineers Inc. 2019. p. 318-331. (Proceedings - International Symposium on Computer Architecture). https://doi.org/10.1145/3307650.3322228
Skarlatos, Dimitrios ; Yan, Mengjia ; Gopireddy, Bhargava ; Sprabery, Read ; Torrellas, Josep ; Fletcher, Christopher Wardlaw. / MicroScope : Enabling microarchitectural replay attacks. ISCA 2019 - Proceedings of the 2019 46th International Symposium on Computer Architecture. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 318-331 (Proceedings - International Symposium on Computer Architecture).
@inproceedings{4f00adf5444744e69c07becd5f0da154,
title = "MicroScope: Enabling microarchitectural replay attacks",
abstract = "The popularity of hardware-based Trusted Execution Environments (TEEs) has recently skyrocketed with the introduction of Intel's Software Guard Extensions (SGX). In SGX, the user process is protected from supervisor software, such as the operating system, through an isolated execution environment called an enclave. Despite the isolation guarantees provided by TEEs, numerous microarchitectural side channel attacks have been demonstrated that bypass their defense mechanisms. But, not all hope is lost for defenders: many modern fine-grain, high-resolution side channels - -e.g., execution unit port contention - -introduce large amounts of noise, complicating the adversary's task to reliably extract secrets. In this work, we introduce Microarchitectural Replay Attacks, whereby an SGX adversary can denoise nearly arbitrary microarchitectural side channels in a single run of the victim, by causing the victim to repeatedly replay on a page faulting instruction. We design, implement, and demonstrate our ideas in a framework, called MicroScope, and use it to denoise notoriously noisy side channels. Our main result shows how MicroScope can denoise the execution unit port contention channel. Specifically, we show how Micro-Scope can reliably detect the presence or absence of as few as two divide instructions in a single logical run of the victim program. Such an attack could be used to detect subnormal input to individual floating-point instructions, or infer branch directions in an enclave despite today's countermeasures that flush the branch predictor at the enclave boundary. We also use MicroScope to single-step and denoise a cache-based attack on the OpenSSL implementation of AES. Finally, we discuss the broader implications of microarchitectural replay attacks - -as well as discuss other mechanisms that can cause replays.",
keywords = "Operating system, Security, Side-channel, Virtual memory",
author = "Dimitrios Skarlatos and Mengjia Yan and Bhargava Gopireddy and Read Sprabery and Josep Torrellas and Fletcher, {Christopher Wardlaw}",
year = "2019",
month = "6",
day = "22",
doi = "10.1145/3307650.3322228",
language = "English (US)",
series = "Proceedings - International Symposium on Computer Architecture",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "318--331",
booktitle = "ISCA 2019 - Proceedings of the 2019 46th International Symposium on Computer Architecture",
address = "United States",

}

TY - GEN

T1 - MicroScope

T2 - Enabling microarchitectural replay attacks

AU - Skarlatos, Dimitrios

AU - Yan, Mengjia

AU - Gopireddy, Bhargava

AU - Sprabery, Read

AU - Torrellas, Josep

AU - Fletcher, Christopher Wardlaw

PY - 2019/6/22

Y1 - 2019/6/22

N2 - The popularity of hardware-based Trusted Execution Environments (TEEs) has recently skyrocketed with the introduction of Intel's Software Guard Extensions (SGX). In SGX, the user process is protected from supervisor software, such as the operating system, through an isolated execution environment called an enclave. Despite the isolation guarantees provided by TEEs, numerous microarchitectural side channel attacks have been demonstrated that bypass their defense mechanisms. But, not all hope is lost for defenders: many modern fine-grain, high-resolution side channels - -e.g., execution unit port contention - -introduce large amounts of noise, complicating the adversary's task to reliably extract secrets. In this work, we introduce Microarchitectural Replay Attacks, whereby an SGX adversary can denoise nearly arbitrary microarchitectural side channels in a single run of the victim, by causing the victim to repeatedly replay on a page faulting instruction. We design, implement, and demonstrate our ideas in a framework, called MicroScope, and use it to denoise notoriously noisy side channels. Our main result shows how MicroScope can denoise the execution unit port contention channel. Specifically, we show how Micro-Scope can reliably detect the presence or absence of as few as two divide instructions in a single logical run of the victim program. Such an attack could be used to detect subnormal input to individual floating-point instructions, or infer branch directions in an enclave despite today's countermeasures that flush the branch predictor at the enclave boundary. We also use MicroScope to single-step and denoise a cache-based attack on the OpenSSL implementation of AES. Finally, we discuss the broader implications of microarchitectural replay attacks - -as well as discuss other mechanisms that can cause replays.

AB - The popularity of hardware-based Trusted Execution Environments (TEEs) has recently skyrocketed with the introduction of Intel's Software Guard Extensions (SGX). In SGX, the user process is protected from supervisor software, such as the operating system, through an isolated execution environment called an enclave. Despite the isolation guarantees provided by TEEs, numerous microarchitectural side channel attacks have been demonstrated that bypass their defense mechanisms. But, not all hope is lost for defenders: many modern fine-grain, high-resolution side channels - -e.g., execution unit port contention - -introduce large amounts of noise, complicating the adversary's task to reliably extract secrets. In this work, we introduce Microarchitectural Replay Attacks, whereby an SGX adversary can denoise nearly arbitrary microarchitectural side channels in a single run of the victim, by causing the victim to repeatedly replay on a page faulting instruction. We design, implement, and demonstrate our ideas in a framework, called MicroScope, and use it to denoise notoriously noisy side channels. Our main result shows how MicroScope can denoise the execution unit port contention channel. Specifically, we show how Micro-Scope can reliably detect the presence or absence of as few as two divide instructions in a single logical run of the victim program. Such an attack could be used to detect subnormal input to individual floating-point instructions, or infer branch directions in an enclave despite today's countermeasures that flush the branch predictor at the enclave boundary. We also use MicroScope to single-step and denoise a cache-based attack on the OpenSSL implementation of AES. Finally, we discuss the broader implications of microarchitectural replay attacks - -as well as discuss other mechanisms that can cause replays.

KW - Operating system

KW - Security

KW - Side-channel

KW - Virtual memory

UR - http://www.scopus.com/inward/record.url?scp=85069498234&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85069498234&partnerID=8YFLogxK

U2 - 10.1145/3307650.3322228

DO - 10.1145/3307650.3322228

M3 - Conference contribution

AN - SCOPUS:85069498234

T3 - Proceedings - International Symposium on Computer Architecture

SP - 318

EP - 331

BT - ISCA 2019 - Proceedings of the 2019 46th International Symposium on Computer Architecture

PB - Institute of Electrical and Electronics Engineers Inc.

ER -