MicroScope: Enabling Microarchitectural Replay Attacks

Dimitrios Skarlatos; Mengjia Yan; Bhargava Gopireddy; Read Sprabery; Josep Torrellas; Christopher W. Fletcher

doi:10.1109/MM.2020.2986204

MicroScope: Enabling Microarchitectural Replay Attacks

Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, Christopher W. Fletcher

Research output: Contribution to journal › Article › peer-review

Abstract

A microarchitectural replay attack is a novel class of attack where an adversary can denoise nearly arbitrary microarchitectural side channels in a single run of the victim. The idea is to cause the victim to repeatedly replay by inducing pipeline flushes. In this article, we design, implement, and demonstrate our ideas in a framework, called MicroScope, that causes repeated pipeline flushes by inducing page faults. Our main result shows that MicroScope can denoise the port contention channel of execution units. Specifically, we show how MicroScope can reliably detect the presence or absence of as few as two divide instructions in a single logical run of the victim program. We also discuss the broader implications of microarchitectural replay attacks.

Original language	English (US)
Article number	9069250
Pages (from-to)	91-98
Number of pages	8
Journal	IEEE Micro
Volume	40
Issue number	3
DOIs	https://doi.org/10.1109/MM.2020.2986204
State	Published - May 1 2020

ASJC Scopus subject areas

Software
Hardware and Architecture
Electrical and Electronic Engineering

Online availability

10.1109/MM.2020.2986204

Library availability

Discover UIUC Full Text

Cite this

@article{c48c7c51bcff4845bbd49f28b434410c,

title = "MicroScope: Enabling Microarchitectural Replay Attacks",

abstract = "A microarchitectural replay attack is a novel class of attack where an adversary can denoise nearly arbitrary microarchitectural side channels in a single run of the victim. The idea is to cause the victim to repeatedly replay by inducing pipeline flushes. In this article, we design, implement, and demonstrate our ideas in a framework, called MicroScope, that causes repeated pipeline flushes by inducing page faults. Our main result shows that MicroScope can denoise the port contention channel of execution units. Specifically, we show how MicroScope can reliably detect the presence or absence of as few as two divide instructions in a single logical run of the victim program. We also discuss the broader implications of microarchitectural replay attacks.",

author = "Dimitrios Skarlatos and Mengjia Yan and Bhargava Gopireddy and Read Sprabery and Josep Torrellas and Fletcher, {Christopher W.}",

note = "Publisher Copyright: {\textcopyright} 1981-2012 IEEE.",

year = "2020",

month = may,

day = "1",

doi = "10.1109/MM.2020.2986204",

language = "English (US)",

volume = "40",

pages = "91--98",

journal = "IEEE Micro",

issn = "0272-1732",

publisher = "IEEE Computer Society",

number = "3",

}

TY - JOUR

T1 - MicroScope

T2 - Enabling Microarchitectural Replay Attacks

AU - Skarlatos, Dimitrios

AU - Yan, Mengjia

AU - Gopireddy, Bhargava

AU - Sprabery, Read

AU - Torrellas, Josep

AU - Fletcher, Christopher W.

PY - 2020/5/1

Y1 - 2020/5/1

N2 - A microarchitectural replay attack is a novel class of attack where an adversary can denoise nearly arbitrary microarchitectural side channels in a single run of the victim. The idea is to cause the victim to repeatedly replay by inducing pipeline flushes. In this article, we design, implement, and demonstrate our ideas in a framework, called MicroScope, that causes repeated pipeline flushes by inducing page faults. Our main result shows that MicroScope can denoise the port contention channel of execution units. Specifically, we show how MicroScope can reliably detect the presence or absence of as few as two divide instructions in a single logical run of the victim program. We also discuss the broader implications of microarchitectural replay attacks.

AB - A microarchitectural replay attack is a novel class of attack where an adversary can denoise nearly arbitrary microarchitectural side channels in a single run of the victim. The idea is to cause the victim to repeatedly replay by inducing pipeline flushes. In this article, we design, implement, and demonstrate our ideas in a framework, called MicroScope, that causes repeated pipeline flushes by inducing page faults. Our main result shows that MicroScope can denoise the port contention channel of execution units. Specifically, we show how MicroScope can reliably detect the presence or absence of as few as two divide instructions in a single logical run of the victim program. We also discuss the broader implications of microarchitectural replay attacks.

UR - http://www.scopus.com/inward/record.url?scp=85083698288&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85083698288&partnerID=8YFLogxK

U2 - 10.1109/MM.2020.2986204

DO - 10.1109/MM.2020.2986204

M3 - Article

AN - SCOPUS:85083698288

SN - 0272-1732

VL - 40

SP - 91

EP - 98

JO - IEEE Micro

JF - IEEE Micro

IS - 3

M1 - 9069250

ER -

MicroScope: Enabling Microarchitectural Replay Attacks

Abstract

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this