CacheOut: Leaking Data on Intel CPUs via Cache Evictions
| Autor: | Stephan van Schaik, Daniel Genkin, Marina Minkin, Yuval Yarom, Andrew Kwong |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
FOS: Computer and information sciences
Information privacy Computer Science - Cryptography and Security Hardware_MEMORYSTRUCTURES Computer science CPU cache computer.software_genre Microarchitecture Kernel (linear algebra) Virtual machine Microcode Operating system Cache Central processing unit computer Cryptography and Security (cs.CR) |
| Zdroj: | IEEE Symposium on Security and Privacy |
| DOI: | 10.48550/arxiv.2006.13353 |
| Popis: | Recent transient-execution attacks, such as RIDL, Fallout, and ZombieLoad, demonstrated that attackers can leak information while it transits through microarchitectural buffers. Named Microarchitectural Data Sampling (MDS) by Intel, these attacks are likened to "drinking from the firehose", as the attacker has little control over what data is observed and from what origin. Unable to prevent the buffers from leaking, Intel issued countermeasures via microcode updates that overwrite the buffers when the CPU changes security domains. In this work we present CacheOut, a new microarchitectural attack that is capable of bypassing Intel's buffer overwrite countermeasures. We observe that as data is being evicted from the CPU's L1 cache, it is often transferred back to the leaky CPU buffers where it can be recovered by the attacker. CacheOut improves over previous MDS attacks by allowing the attacker to choose which data to leak from the CPU's L1 cache, as well as which part of a cache line to leak. We demonstrate that CacheOut can leak information across multiple security boundaries, including those between processes, virtual machines, user and kernel space, and from SGX enclaves. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|