microarchitectural security - boston universityattacks and their mitigations [36, 43] are outside...
TRANSCRIPT
![Page 1: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/1.jpg)
Microarchitectural Security
Daniel Gruss
February 20, 2019
Graz University of Technology
1 Daniel Gruss — Graz University of Technology
![Page 2: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/2.jpg)
![Page 3: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/3.jpg)
![Page 4: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/4.jpg)
![Page 5: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/5.jpg)
![Page 6: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/6.jpg)
Stealing Bitcoins? www.tugraz.at
SGX
2 Daniel Gruss — Graz University of Technology
![Page 7: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/7.jpg)
Stealing Bitcoins? www.tugraz.at
SGX
2 Daniel Gruss — Graz University of Technology
![Page 8: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/8.jpg)
Stealing Bitcoins? www.tugraz.at
SGX
2 Daniel Gruss — Graz University of Technology
![Page 9: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/9.jpg)
Stealing Bitcoins? www.tugraz.at
SGX
2 Daniel Gruss — Graz University of Technology
![Page 10: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/10.jpg)
Stealing Bitcoins? www.tugraz.at
SGX
2 Daniel Gruss — Graz University of Technology
![Page 11: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/11.jpg)
Stealing Bitcoins? www.tugraz.at
SGX
2 Daniel Gruss — Graz University of Technology
![Page 12: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/12.jpg)
SGX www.tugraz.at
Application
Untrusted part
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 13: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/13.jpg)
SGX www.tugraz.at
Application
Untrusted part
Create Enclave
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 14: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/14.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Trusted Fnc.
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 15: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/15.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
Trusted Fnc.
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 16: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/16.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
Trusted Fnc.
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 17: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/17.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
Trusted Fnc.
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 18: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/18.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
Trusted Fnc.
Return
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 19: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/19.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
Trusted Fnc.
Return
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 20: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/20.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
. . .
Trusted Fnc.
Return
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 21: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/21.jpg)
SGX www.tugraz.at
Application
Trusted part
Cal
lG
ate
Untrusted part
Create Enclave
Call Trusted Fnc.
. . .
Trusted Fnc.
Return
Operating System
3 Daniel Gruss — Graz University of Technology
![Page 22: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/22.jpg)
Intel SGX Developer Guide www.tugraz.at
Protection from Side-Channel Attacks
Intel SGX does not provide explicit protection from side-channel attacks. It is the
enclave developer’s responsibility to address side-channel attack concerns.
4 Daniel Gruss — Graz University of Technology
![Page 23: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/23.jpg)
Intel SGX Developer Guide www.tugraz.at
Protection from Side-Channel Attacks
Intel SGX does not provide explicit protection from side-channel attacks. It is the
enclave developer’s responsibility to address side-channel attack concerns.
4 Daniel Gruss — Graz University of Technology
![Page 24: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/24.jpg)
Intel SGX Developer Guide www.tugraz.at
Protection from Side-Channel Attacks
Intel SGX does not provide explicit protection from side-channel attacks.
It is the
enclave developer’s responsibility to address side-channel attack concerns.
4 Daniel Gruss — Graz University of Technology
![Page 25: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/25.jpg)
Intel SGX Developer Guide www.tugraz.at
Protection from Side-Channel Attacks
Intel SGX does not provide explicit protection from side-channel attacks. It is the
enclave developer’s responsibility to address side-channel attack concerns.
4 Daniel Gruss — Graz University of Technology
![Page 26: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/26.jpg)
![Page 27: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/27.jpg)
SGX Wallets www.tugraz.at
• Ledger SGX Enclave for blockchain applications
• BitPay Copay Bitcoin wallet
• Teechain payment channel using SGX
Teechain
[...] We assume the TEE guarantees to hold and do not
consider side-channel attacks [5, 35, 46] on the TEE. Such
attacks and their mitigations [36, 43] are outside the scope of
this work. [...]
5 Daniel Gruss — Graz University of Technology
![Page 28: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/28.jpg)
SGX Wallets www.tugraz.at
• Ledger SGX Enclave for blockchain applications
• BitPay Copay Bitcoin wallet
• Teechain payment channel using SGX
Teechain
[...] We assume the TEE guarantees to hold
and do not
consider side-channel attacks [5, 35, 46] on the TEE. Such
attacks and their mitigations [36, 43] are outside the scope of
this work. [...]
5 Daniel Gruss — Graz University of Technology
![Page 29: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/29.jpg)
SGX Wallets www.tugraz.at
• Ledger SGX Enclave for blockchain applications
• BitPay Copay Bitcoin wallet
• Teechain payment channel using SGX
Teechain
[...] We assume the TEE guarantees to hold and do not
consider side-channel attacks [5, 35, 46] on the TEE.
Such
attacks and their mitigations [36, 43] are outside the scope of
this work. [...]
5 Daniel Gruss — Graz University of Technology
![Page 30: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/30.jpg)
SGX Wallets www.tugraz.at
• Ledger SGX Enclave for blockchain applications
• BitPay Copay Bitcoin wallet
• Teechain payment channel using SGX
Teechain
[...] We assume the TEE guarantees to hold and do not
consider side-channel attacks [5, 35, 46] on the TEE. Such
attacks and their mitigations [36, 43] are outside the scope of
this work. [...]
5 Daniel Gruss — Graz University of Technology
![Page 31: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/31.jpg)
Attacking a weak RSA implementation inside SGX www.tugraz.at
Raw Prime+Probe trace...1
1Michael Schwarz et al. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In:
DIMVA. 2017.
6 Daniel Gruss — Graz University of Technology
![Page 32: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/32.jpg)
Attacking a weak RSA implementation inside SGX www.tugraz.at
...processed with a simple moving average...1
1Michael Schwarz et al. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In:
DIMVA. 2017.
6 Daniel Gruss — Graz University of Technology
![Page 33: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/33.jpg)
Attacking a weak RSA implementation inside SGX www.tugraz.at
...allows to clearly see the bits of the exponent1
1 1 1 00 1 1 1 01 1 1 00000001 000 1 0 1 00 1 1 00 1 1 01 1 1 1 1 0 1 1 1 1 0 1 000 1 00 1 1 1 0 1 000 1 1 1 0000 1 1 1
1Michael Schwarz et al. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In:
DIMVA. 2017.
6 Daniel Gruss — Graz University of Technology
![Page 34: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/34.jpg)
![Page 35: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/35.jpg)
![Page 36: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/36.jpg)
Physical Side Channels www.tugraz.at
• Power consumption
• Electro-magnetic radiation
• Temperature
• Photonic emission
• Acoustic emissions
→ Physical access usually relevant, but code execution on device
usually not relevant
7 Daniel Gruss — Graz University of Technology
![Page 37: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/37.jpg)
Physical Side Channels www.tugraz.at
• Power consumption
• Electro-magnetic radiation
• Temperature
• Photonic emission
• Acoustic emissions
→ Physical access usually relevant, but code execution on device
usually not relevant
7 Daniel Gruss — Graz University of Technology
![Page 38: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/38.jpg)
Physical Side Channels www.tugraz.at
• Power consumption
• Electro-magnetic radiation
• Temperature
• Photonic emission
• Acoustic emissions
→ Physical access usually relevant, but code execution on device
usually not relevant
7 Daniel Gruss — Graz University of Technology
![Page 39: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/39.jpg)
Physical Side Channels www.tugraz.at
• Power consumption
• Electro-magnetic radiation
• Temperature
• Photonic emission
• Acoustic emissions
→ Physical access usually relevant, but code execution on device
usually not relevant
7 Daniel Gruss — Graz University of Technology
![Page 40: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/40.jpg)
Physical Side Channels www.tugraz.at
• Power consumption
• Electro-magnetic radiation
• Temperature
• Photonic emission
• Acoustic emissions
→ Physical access usually relevant, but code execution on device
usually not relevant
7 Daniel Gruss — Graz University of Technology
![Page 41: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/41.jpg)
Physical Side Channels www.tugraz.at
• Power consumption
• Electro-magnetic radiation
• Temperature
• Photonic emission
• Acoustic emissions
→ Physical access usually relevant, but code execution on device
usually not relevant
7 Daniel Gruss — Graz University of Technology
![Page 42: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/42.jpg)
Physical Side Channels www.tugraz.at
• Power consumption
• Electro-magnetic radiation
• Temperature
• Photonic emission
• Acoustic emissions
→ Physical access usually relevant, but code execution on device
usually not relevant
7 Daniel Gruss — Graz University of Technology
![Page 43: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/43.jpg)
![Page 44: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/44.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013
2014 2015
8 Daniel Gruss — Graz University of Technology
![Page 45: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/45.jpg)
Microarchitectural Attacks www.tugraz.at
1996
2004 2006 2009 2011
2013
2014 2015
8 Daniel Gruss — Graz University of Technology
![Page 46: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/46.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004
2006 2009 2011
2013
2014 2015
8 Daniel Gruss — Graz University of Technology
![Page 47: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/47.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006
2009 2011
2013
2014 2015
8 Daniel Gruss — Graz University of Technology
![Page 48: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/48.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009
2011
2013
2014 2015
8 Daniel Gruss — Graz University of Technology
![Page 49: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/49.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013
2014 2015
8 Daniel Gruss — Graz University of Technology
![Page 50: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/50.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013
2014 2015
8 Daniel Gruss — Graz University of Technology
![Page 51: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/51.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013
2014 2015
8 Daniel Gruss — Graz University of Technology
![Page 52: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/52.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013
2014
2015
8 Daniel Gruss — Graz University of Technology
![Page 53: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/53.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013
2014
2015
8 Daniel Gruss — Graz University of Technology
![Page 54: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/54.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013 2014
2015
8 Daniel Gruss — Graz University of Technology
![Page 55: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/55.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013 2014
2015
8 Daniel Gruss — Graz University of Technology
![Page 56: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/56.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013 2014
2015
8 Daniel Gruss — Graz University of Technology
![Page 57: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/57.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013 2014
2015
8 Daniel Gruss — Graz University of Technology
![Page 58: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/58.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013 2014 2015
8 Daniel Gruss — Graz University of Technology
![Page 59: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/59.jpg)
Microarchitectural Attacks www.tugraz.at
1996 2004 2006 2009 2011
2013 2014 2015
8 Daniel Gruss — Graz University of Technology
![Page 60: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/60.jpg)
Microarchitectural Attacks www.tugraz.at
2016 2017 2018
9 Daniel Gruss — Graz University of Technology
![Page 61: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/61.jpg)
Microarchitectural Attacks www.tugraz.at
2016
2017 2018
9 Daniel Gruss — Graz University of Technology
![Page 62: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/62.jpg)
Microarchitectural Attacks www.tugraz.at
2016 2017
2018
9 Daniel Gruss — Graz University of Technology
![Page 63: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/63.jpg)
Microarchitectural Attacks www.tugraz.at
2016 2017 2018
9 Daniel Gruss — Graz University of Technology
![Page 64: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/64.jpg)
Differences and Similarities www.tugraz.at
• threat model
• temporal component
• observer effect (destructive measurements)
• spatial component
10 Daniel Gruss — Graz University of Technology
![Page 65: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/65.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
11 Daniel Gruss — Graz University of Technology
![Page 66: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/66.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
11 Daniel Gruss — Graz University of Technology
![Page 67: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/67.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
11 Daniel Gruss — Graz University of Technology
![Page 68: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/68.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
11 Daniel Gruss — Graz University of Technology
![Page 69: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/69.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
11 Daniel Gruss — Graz University of Technology
![Page 70: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/70.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
11 Daniel Gruss — Graz University of Technology
![Page 71: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/71.jpg)
Microarchitectural Attacks - Threat Model www.tugraz.at
• Usually no physical access
• Local code
• Co-located code
• Different meanings of “remote”
1. Attacker controls code in browser sandbox (e.g., [Ore+15;
GMM16])
2. Attacker cannot control any code on the system
11 Daniel Gruss — Graz University of Technology
![Page 72: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/72.jpg)
Truly remote attacks... www.tugraz.at
Just a few examples:
• Remote timing attacks on crypto ([Ber04; BB05] and many
more)
• ThrowHammer and NetHammer
• NetSpectre
12 Daniel Gruss — Graz University of Technology
![Page 73: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/73.jpg)
Truly remote attacks... www.tugraz.at
Just a few examples:
• Remote timing attacks on crypto ([Ber04; BB05] and many
more)
• ThrowHammer and NetHammer
• NetSpectre
12 Daniel Gruss — Graz University of Technology
![Page 74: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/74.jpg)
Truly remote attacks... www.tugraz.at
Just a few examples:
• Remote timing attacks on crypto ([Ber04; BB05] and many
more)
• ThrowHammer and NetHammer
• NetSpectre
12 Daniel Gruss — Graz University of Technology
![Page 75: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/75.jpg)
Truly remote attacks... www.tugraz.at
Just a few examples:
• Remote timing attacks on crypto ([Ber04; BB05] and many
more)
• ThrowHammer and NetHammer
• NetSpectre
12 Daniel Gruss — Graz University of Technology
![Page 76: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/76.jpg)
![Page 77: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/77.jpg)
CPU Cache www.tugraz.at
13 Daniel Gruss — Graz University of Technology
![Page 78: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/78.jpg)
CPU Cache www.tugraz.at
13 Daniel Gruss — Graz University of Technology
![Page 79: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/79.jpg)
CPU Cache www.tugraz.at
13 Daniel Gruss — Graz University of Technology
![Page 80: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/80.jpg)
CPU Cache www.tugraz.at
13 Daniel Gruss — Graz University of Technology
![Page 81: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/81.jpg)
CPU Cache www.tugraz.at
13 Daniel Gruss — Graz University of Technology
![Page 82: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/82.jpg)
CPU Cache www.tugraz.at
13 Daniel Gruss — Graz University of Technology
![Page 83: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/83.jpg)
CPU Cache www.tugraz.at
13 Daniel Gruss — Graz University of Technology
![Page 84: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/84.jpg)
CPU Cache www.tugraz.at
13 Daniel Gruss — Graz University of Technology
![Page 85: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/85.jpg)
Flush+Reload www.tugraz.at
14 Daniel Gruss — Graz University of Technology
![Page 86: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/86.jpg)
Flush+Reload www.tugraz.at
14 Daniel Gruss — Graz University of Technology
![Page 87: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/87.jpg)
Flush+Reload www.tugraz.at
14 Daniel Gruss — Graz University of Technology
![Page 88: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/88.jpg)
Flush+Reload www.tugraz.at
14 Daniel Gruss — Graz University of Technology
![Page 89: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/89.jpg)
Flush+Reload www.tugraz.at
14 Daniel Gruss — Graz University of Technology
![Page 90: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/90.jpg)
Flush+Reload www.tugraz.at
14 Daniel Gruss — Graz University of Technology
![Page 91: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/91.jpg)
Flush+Reload www.tugraz.at
14 Daniel Gruss — Graz University of Technology
![Page 92: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/92.jpg)
Flush+Reload www.tugraz.at
14 Daniel Gruss — Graz University of Technology
![Page 93: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/93.jpg)
Temporal Component: Timestamps www.tugraz.at
Physical Side Channels
• theoretical maximum accuracy of 5.4 · 10−44s
• feasible today: 850 · 10−21s
Microarchitectural Attacks
• often around nanoseconds
• sometimes much lower
15 Daniel Gruss — Graz University of Technology
![Page 94: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/94.jpg)
Temporal Component: Timestamps www.tugraz.at
Physical Side Channels
• theoretical maximum accuracy of 5.4 · 10−44s
• feasible today: 850 · 10−21s
Microarchitectural Attacks
• often around nanoseconds
• sometimes much lower
15 Daniel Gruss — Graz University of Technology
![Page 95: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/95.jpg)
Temporal Component: Timestamps www.tugraz.at
Physical Side Channels
• theoretical maximum accuracy of 5.4 · 10−44s
• feasible today: 850 · 10−21s
Microarchitectural Attacks
• often around nanoseconds
• sometimes much lower
15 Daniel Gruss — Graz University of Technology
![Page 96: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/96.jpg)
Temporal Component: Timestamps www.tugraz.at
Physical Side Channels
• theoretical maximum accuracy of 5.4 · 10−44s
• feasible today: 850 · 10−21s
Microarchitectural Attacks
• often around nanoseconds
• sometimes much lower
15 Daniel Gruss — Graz University of Technology
![Page 97: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/97.jpg)
Temporal Component: Timestamps www.tugraz.at
Physical Side Channels
• theoretical maximum accuracy of 5.4 · 10−44s
• feasible today: 850 · 10−21s
Microarchitectural Attacks
• often around nanoseconds
• sometimes much lower
15 Daniel Gruss — Graz University of Technology
![Page 98: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/98.jpg)
Temporal Component: Timestamps www.tugraz.at
Physical Side Channels
• theoretical maximum accuracy of 5.4 · 10−44s
• feasible today: 850 · 10−21s
Microarchitectural Attacks
• often around nanoseconds
• sometimes much lower
15 Daniel Gruss — Graz University of Technology
![Page 99: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/99.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
16 Daniel Gruss — Graz University of Technology
![Page 100: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/100.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
16 Daniel Gruss — Graz University of Technology
![Page 101: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/101.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
16 Daniel Gruss — Graz University of Technology
![Page 102: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/102.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
16 Daniel Gruss — Graz University of Technology
![Page 103: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/103.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
16 Daniel Gruss — Graz University of Technology
![Page 104: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/104.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
16 Daniel Gruss — Graz University of Technology
![Page 105: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/105.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
16 Daniel Gruss — Graz University of Technology
![Page 106: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/106.jpg)
Temporal Component: Sampling Rate www.tugraz.at
Physical Side Channels
• in the range of multiple GHz
Microarchitectural Attacks
• usually varying frequency (depending on the attack)
• between a few ns (< 1 GHz) and multiple seconds (< 1 Hz) (or
even worse)
• strongly dependent on the specific attack
• device under test = measurement device
• observer effect
16 Daniel Gruss — Graz University of Technology
![Page 107: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/107.jpg)
Microarchitectural Observer Effect www.tugraz.at
device under test = measurement device
• measuring time takes some time
• limits the resolution
• measuring cache hits/misses manipulates the cache state
• virtually all measurements are destructive
17 Daniel Gruss — Graz University of Technology
![Page 108: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/108.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
18 Daniel Gruss — Graz University of Technology
![Page 109: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/109.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
18 Daniel Gruss — Graz University of Technology
![Page 110: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/110.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
18 Daniel Gruss — Graz University of Technology
![Page 111: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/111.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
18 Daniel Gruss — Graz University of Technology
![Page 112: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/112.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
18 Daniel Gruss — Graz University of Technology
![Page 113: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/113.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
18 Daniel Gruss — Graz University of Technology
![Page 114: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/114.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
18 Daniel Gruss — Graz University of Technology
![Page 115: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/115.jpg)
Measurement Noise www.tugraz.at
Flush+Reload has no noise except for:
• Race condition between attacker and victim (observer effect)
• Speculative execution
• Prefetching
• ...
→ Typically > 99.99% precision and recall
18 Daniel Gruss — Graz University of Technology
![Page 116: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/116.jpg)
Measuring Processor Operations
![Page 117: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/117.jpg)
Timing Measurements www.tugraz.at
• Very short timings
• rdtsc instruction: “cycle-accurate” timestamps
[...]
rdtsc
function()
rdtsc
[...]
19 Daniel Gruss — Graz University of Technology
![Page 118: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/118.jpg)
What are we measuring? www.tugraz.at
• Do you measure what you think you measure?
• Out-of-order execution → what is really executed?
rdtsc
function()
[...]
rdtsc
rdtsc
[...]
rdtsc
function()
rdtsc
rdtsc
function()
[...]
20 Daniel Gruss — Graz University of Technology
![Page 119: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/119.jpg)
![Page 120: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/120.jpg)
Accurate Microarchitecture Timing www.tugraz.at
• use pseudo-serializing instruction rdtscp (recent CPUs)
• and/or use serializing instructions like cpuid
• and/or use fences like mfence
Intel, How to Benchmark Code Execution Times on Intel IA-32 and IA-64 Instruction Set Architectures
White Paper, December 2010.
21 Daniel Gruss — Graz University of Technology
![Page 121: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/121.jpg)
Accurate Microarchitecture Timing www.tugraz.at
• use pseudo-serializing instruction rdtscp (recent CPUs)
• and/or use serializing instructions like cpuid
• and/or use fences like mfence
Intel, How to Benchmark Code Execution Times on Intel IA-32 and IA-64 Instruction Set Architectures
White Paper, December 2010.
21 Daniel Gruss — Graz University of Technology
![Page 122: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/122.jpg)
Accurate Microarchitecture Timing www.tugraz.at
• use pseudo-serializing instruction rdtscp (recent CPUs)
• and/or use serializing instructions like cpuid
• and/or use fences like mfence
Intel, How to Benchmark Code Execution Times on Intel IA-32 and IA-64 Instruction Set Architectures
White Paper, December 2010.
21 Daniel Gruss — Graz University of Technology
![Page 123: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/123.jpg)
Accurate Microarchitecture Timing www.tugraz.at
• use pseudo-serializing instruction rdtscp (recent CPUs)
• and/or use serializing instructions like cpuid
• and/or use fences like mfence
Intel, How to Benchmark Code Execution Times on Intel IA-32 and IA-64 Instruction Set Architectures
White Paper, December 2010.
21 Daniel Gruss — Graz University of Technology
![Page 124: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/124.jpg)
![Page 125: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/125.jpg)
Memory Access Latency www.tugraz.at
50 100 150 200 250 300 350 400
101
104
107
Access time [CPU cycles]
Nu
mb
erof
acce
sses
Cache Hits
22 Daniel Gruss — Graz University of Technology
![Page 126: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/126.jpg)
Memory Access Latency www.tugraz.at
50 100 150 200 250 300 350 400
101
104
107
Access time [CPU cycles]
Nu
mb
erof
acce
sses
Cache Hits Cache Misses
22 Daniel Gruss — Graz University of Technology
![Page 127: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/127.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
23 Daniel Gruss — Graz University of Technology
![Page 128: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/128.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
23 Daniel Gruss — Graz University of Technology
![Page 129: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/129.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
23 Daniel Gruss — Graz University of Technology
![Page 130: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/130.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
23 Daniel Gruss — Graz University of Technology
![Page 131: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/131.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
23 Daniel Gruss — Graz University of Technology
![Page 132: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/132.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
23 Daniel Gruss — Graz University of Technology
![Page 133: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/133.jpg)
Temporal Component www.tugraz.at
• Flush+Reload had beautifully nice timings, right?
• Well... steps of 2-4 cycles
• only 35-70 steps between hits and misses
• On some devices only 1-2 steps!
23 Daniel Gruss — Graz University of Technology
![Page 134: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/134.jpg)
Timer www.tugraz.at
• We can build our own timer
• Start a thread that continuously increments a global variable
• The global variable is our timestamp
24 Daniel Gruss — Graz University of Technology
![Page 135: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/135.jpg)
Timer www.tugraz.at
• We can build our own timer
• Start a thread that continuously increments a global variable
• The global variable is our timestamp
24 Daniel Gruss — Graz University of Technology
![Page 136: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/136.jpg)
Timer www.tugraz.at
• We can build our own timer
• Start a thread that continuously increments a global variable
• The global variable is our timestamp
24 Daniel Gruss — Graz University of Technology
![Page 137: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/137.jpg)
![Page 138: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/138.jpg)
![Page 139: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/139.jpg)
Self-built Timer www.tugraz.at
CPU cycles one increment takes
Optimized
Assembly
C
rdtsc 3
4.7
4.67
0.87
3 1 t imestamp = r d t s c ( ) ;
25 Daniel Gruss — Graz University of Technology
![Page 140: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/140.jpg)
Self-built Timer www.tugraz.at
CPU cycles one increment takes
Optimized
Assembly
C
rdtsc 3
4.7
4.67
0.87
3 1 whi le ( 1 ) {2 t imestamp++;
3 }
25 Daniel Gruss — Graz University of Technology
![Page 141: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/141.jpg)
Self-built Timer www.tugraz.at
CPU cycles one increment takes
Optimized
Assembly
C
rdtsc 3
4.7
4.67
0.87
3
4.7
1 whi le ( 1 ) {2 t imestamp++;
3 }
25 Daniel Gruss — Graz University of Technology
![Page 142: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/142.jpg)
Self-built Timer www.tugraz.at
CPU cycles one increment takes
Optimized
Assembly
C
rdtsc 3
4.7
4.67
0.87
3
4.7
1 mov ×tamp , %rcx
2 1 : i n c l (% rcx )
3 jmp 1b
25 Daniel Gruss — Graz University of Technology
![Page 143: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/143.jpg)
Self-built Timer www.tugraz.at
CPU cycles one increment takes
Optimized
Assembly
C
rdtsc 3
4.7
4.67
0.87
3
4.7
4.67
1 mov ×tamp , %rcx
2 1 : i n c l (% rcx )
3 jmp 1b
25 Daniel Gruss — Graz University of Technology
![Page 144: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/144.jpg)
Self-built Timer www.tugraz.at
CPU cycles one increment takes
Optimized
Assembly
C
rdtsc 3
4.7
4.67
0.87
3
4.7
4.67
1 mov ×tamp , %rcx
2 1 : i n c %rax
3 mov %rax , (% rcx )
4 jmp 1b
25 Daniel Gruss — Graz University of Technology
![Page 145: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/145.jpg)
Self-built Timer www.tugraz.at
CPU cycles one increment takes
Optimized
Assembly
C
rdtsc 3
4.7
4.67
0.87
3
4.7
4.67
0.87
1 mov ×tamp , %rcx
2 1 : i n c %rax
3 mov %rax , (% rcx )
4 jmp 1b
25 Daniel Gruss — Graz University of Technology
![Page 146: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/146.jpg)
![Page 147: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/147.jpg)
Modern Processor Design www.tugraz.at
Exe
cutio
nE
ngin
e
Reorder buffer
µOP µOP µOP µOP µOP µOP µOP µOP
Scheduler
Execution UnitsA
LU
,AE
S,..
.
AL
U,F
MA
,...
AL
U,V
ect,
...
AL
U,B
ranc
h
Loa
dda
ta
Loa
dda
ta
Stor
eda
ta
AG
U
µOP µOP µOP µOP µOP µOP µOP µOP
CDB
Mem
ory
Subs
yste
m Load Buffer Store Buffer
L1 Data CacheDTLB STLB
L2 Cache
Fron
tend
Allocation Queue
µOP µOP µOP µOP
MUX
4-Way Decode
µOP µOP µOP µOP
Instruction Queue
Instruction Fetch & PreDecode
µOP Cache
µOPs
BranchPredictor
L1 Instruction CacheITLB
26 Daniel Gruss — Graz University of Technology
![Page 148: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/148.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
27 Daniel Gruss — Graz University of Technology
![Page 149: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/149.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
27 Daniel Gruss — Graz University of Technology
![Page 150: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/150.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
27 Daniel Gruss — Graz University of Technology
![Page 151: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/151.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
27 Daniel Gruss — Graz University of Technology
![Page 152: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/152.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
27 Daniel Gruss — Graz University of Technology
![Page 153: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/153.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
27 Daniel Gruss — Graz University of Technology
![Page 154: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/154.jpg)
Microarchitectural Defenses www.tugraz.at
• device under test = measurement device
→ software defenses are possible
• e.g., make sure attacker can’t compute in parallel to victim
• how would that work in the physical world?
27 Daniel Gruss — Graz University of Technology
![Page 155: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/155.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
28 Daniel Gruss — Graz University of Technology
![Page 156: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/156.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
28 Daniel Gruss — Graz University of Technology
![Page 157: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/157.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
28 Daniel Gruss — Graz University of Technology
![Page 158: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/158.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
28 Daniel Gruss — Graz University of Technology
![Page 159: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/159.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
28 Daniel Gruss — Graz University of Technology
![Page 160: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/160.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
28 Daniel Gruss — Graz University of Technology
![Page 161: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/161.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
28 Daniel Gruss — Graz University of Technology
![Page 162: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/162.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
28 Daniel Gruss — Graz University of Technology
![Page 163: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/163.jpg)
Spatial Component www.tugraz.at
• physical: different offsets on the chip
• microarchitectural:
• different microarchitectural elements
• more significant: huge virtual adress space
• 248 different virtual memory locations
• the location is often (part of) the secret
28 Daniel Gruss — Graz University of Technology
![Page 164: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/164.jpg)
Cache Template Attack Demo
![Page 165: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/165.jpg)
Cache Template2 www.tugraz.at
Address
Keyg h i j k l m n o p q r s t u v w x y z
0x7c6800x7c6c00x7c7000x7c7400x7c7800x7c7c00x7c8000x7c8400x7c8800x7c8c00x7c9000x7c9400x7c9800x7c9c00x7ca000x7cb800x7cc400x7cc800x7ccc00x7cd00
2Daniel Gruss et al. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In:
USENIX Security Symposium. 2015.
30 Daniel Gruss — Graz University of Technology
![Page 166: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/166.jpg)
Side-Channel Attacks and Fault Attacks?
![Page 167: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/167.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks?
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre?
31 Daniel Gruss — Graz University of Technology
![Page 168: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/168.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks?
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre?
31 Daniel Gruss — Graz University of Technology
![Page 169: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/169.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks?
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre?
31 Daniel Gruss — Graz University of Technology
![Page 170: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/170.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks?
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre?
31 Daniel Gruss — Graz University of Technology
![Page 171: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/171.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks?
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre?
31 Daniel Gruss — Graz University of Technology
![Page 172: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/172.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks?
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre?
31 Daniel Gruss — Graz University of Technology
![Page 173: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/173.jpg)
Attack Categories www.tugraz.at
Physical
• Side-channel attacks
• Fault attacks
• What about cold boot attacks?
Microarchitectural
• Side-channel attacks
• Fault attacks
• What about Meltdown/Spectre?
31 Daniel Gruss — Graz University of Technology
![Page 174: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/174.jpg)
Building Meltdown www.tugraz.at
*( volatile char*) 0;
array [84 * 4096] = 0;
32 Daniel Gruss — Graz University of Technology
![Page 175: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/175.jpg)
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
PageA
cces
sti
me
[cyc
les]
• “Unreachable” code line was actually executed
• Exception was only thrown afterwards
33 Daniel Gruss — Graz University of Technology
![Page 176: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/176.jpg)
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
PageA
cces
sti
me
[cyc
les]
• “Unreachable” code line was actually executed
• Exception was only thrown afterwards
33 Daniel Gruss — Graz University of Technology
![Page 177: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/177.jpg)
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
PageA
cces
sti
me
[cyc
les]
• “Unreachable” code line was actually executed
• Exception was only thrown afterwards
33 Daniel Gruss — Graz University of Technology
![Page 178: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/178.jpg)
Building Meltdown www.tugraz.at
• Out-of-order instructions leave microarchitectural traces
• We can see them for example through the cache
• Give such instructions a name: transient instructions
• We can indirectly observe the execution of transient instructions
34 Daniel Gruss — Graz University of Technology
![Page 179: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/179.jpg)
Building Meltdown www.tugraz.at
• Out-of-order instructions leave microarchitectural traces
• We can see them for example through the cache
• Give such instructions a name: transient instructions
• We can indirectly observe the execution of transient instructions
34 Daniel Gruss — Graz University of Technology
![Page 180: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/180.jpg)
Building Meltdown www.tugraz.at
• Out-of-order instructions leave microarchitectural traces
• We can see them for example through the cache
• Give such instructions a name: transient instructions
• We can indirectly observe the execution of transient instructions
34 Daniel Gruss — Graz University of Technology
![Page 181: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/181.jpg)
Building Meltdown www.tugraz.at
• Out-of-order instructions leave microarchitectural traces
• We can see them for example through the cache
• Give such instructions a name: transient instructions
• We can indirectly observe the execution of transient instructions
34 Daniel Gruss — Graz University of Technology
![Page 182: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/182.jpg)
Building Meltdown www.tugraz.at
• Add another layer of indirection to test
char data = *(char*) 0xffffffff81a000e0;
array[data * 4096] = 0;
• Then check whether any part of array is cached
35 Daniel Gruss — Graz University of Technology
![Page 183: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/183.jpg)
Building Meltdown www.tugraz.at
• Add another layer of indirection to test
char data = *(char*) 0xffffffff81a000e0;
array[data * 4096] = 0;
• Then check whether any part of array is cached
35 Daniel Gruss — Graz University of Technology
![Page 184: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/184.jpg)
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
PageA
cces
sti
me
[cyc
les]
• Index of cache hit reveals data
• Permission check is in some cases not fast enough
36 Daniel Gruss — Graz University of Technology
![Page 185: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/185.jpg)
Building Meltdown www.tugraz.at
• Flush+Reload over all pages of the array
0 50 100 150 200 250
300
400
500
PageA
cces
sti
me
[cyc
les]
• Index of cache hit reveals data
• Permission check is in some cases not fast enough
36 Daniel Gruss — Graz University of Technology
![Page 186: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/186.jpg)
![Page 187: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/187.jpg)
![Page 188: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/188.jpg)
![Page 189: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/189.jpg)
Details: Exception Handling www.tugraz.at
• Basic Meltdown code leads to a crash (segfault)
• How to prevent the crash?
Fault
Handling
Fault
Suppression
Fault
Prevention
39 Daniel Gruss — Graz University of Technology
![Page 190: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/190.jpg)
Details: Exception Handling www.tugraz.at
• Basic Meltdown code leads to a crash (segfault)
• How to prevent the crash?
Fault
Handling
Fault
Suppression
Fault
Prevention
39 Daniel Gruss — Graz University of Technology
![Page 191: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/191.jpg)
Details: Exception Handling www.tugraz.at
• Basic Meltdown code leads to a crash (segfault)
• How to prevent the crash?
Fault
Handling
Fault
Suppression
Fault
Prevention
39 Daniel Gruss — Graz University of Technology
![Page 192: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/192.jpg)
Meltdown with Fault Suppression www.tugraz.at
• Intel TSX to suppress exceptions instead of signal handler
if(xbegin () == XBEGIN_STARTED) {
char secret = *(char*) 0xffffffff81a000e0;
array[secret * 4096] = 0;
xend();
}
for (size_t i = 0; i < 256; i++) {
if (flush_and_reload(array + i * 4096) == CACHE_HIT) {
printf("%c\n", i);
}
}
40 Daniel Gruss — Graz University of Technology
![Page 193: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/193.jpg)
Meltdown with Fault Prevention www.tugraz.at
• Speculative execution to prevent exceptions
int speculate = rand() % 2;
size_t address = (0 xffffffff81a000e0 * speculate) +
(( size_t)&zero * (1 - speculate));
if(! speculate) {
char secret = *(char*) address;
array[secret * 4096] = 0;
}
for (size_t i = 0; i < 256; i++) {
if (flush_and_reload(array + i * 4096) == CACHE_HIT) {
printf("%c\n", i);
}
}
41 Daniel Gruss — Graz University of Technology
![Page 194: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/194.jpg)
Foreshadow / Foreshadow-NG3 www.tugraz.at
3Jo Van Bulck et al. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient
Out-of-Order Execution. In: USENIX Security Symposium. 2018.
42 Daniel Gruss — Graz University of Technology
![Page 195: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/195.jpg)
L1TF/Foreshadow Demo
![Page 196: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/196.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 0;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 197: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/197.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 0;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 198: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/198.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Speculate
index = 0;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 199: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/199.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’t’
Execute
index = 0;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 200: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/200.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 1;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 201: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/201.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 1;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 202: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/202.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’e’Speculate
index = 1;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 203: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/203.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’e’
index = 1;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 204: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/204.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 2;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 205: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/205.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 2;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 206: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/206.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’x’
Speculate
index = 2;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 207: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/207.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’x’
index = 2;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 208: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/208.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 3;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 209: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/209.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 3;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 210: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/210.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’t’
Speculate
index = 3;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 211: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/211.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’t’
index = 3;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 212: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/212.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 4;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 213: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/213.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 4;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 214: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/214.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’K’
Speculate
index = 4;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 215: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/215.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’K’
Execute
index = 4;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 216: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/216.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 5;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 217: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/217.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 5;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 218: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/218.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’E’
Speculate
index = 5;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 219: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/219.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’E’
Execute
index = 5;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 220: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/220.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 221: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/221.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 222: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/222.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’Y’
Speculate
index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 223: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/223.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT
Index ’Y’
Execute
index = 6;
if (index < 4)
char* data = "textKEY";
LUT[data[index] * 4096] 0
then
else
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 224: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/224.jpg)
Spectre-PHT (v1) www.tugraz.at
LUT index = 6;
if (index < 4)
LUT[data[index] * 4096] 0
then
Prediction
Spectre-STL (v4): Ignore sanitizing write access and use unsanitized old value instead
44 Daniel Gruss — Graz University of Technology
![Page 225: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/225.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 226: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/226.jpg)
Spectre v2 www.tugraz.at
Speculate
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 227: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/227.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 228: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/228.jpg)
Spectre v2 www.tugraz.at
Execute
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 229: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/229.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 230: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/230.jpg)
Spectre v2 www.tugraz.at
Speculate
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 231: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/231.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = bird;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 232: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/232.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 233: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/233.jpg)
Spectre v2 www.tugraz.at
Speculate
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 234: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/234.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 235: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/235.jpg)
Spectre v2 www.tugraz.at
Execute
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
fly()
swim()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 236: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/236.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 237: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/237.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 238: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/238.jpg)
Spectre v2 www.tugraz.at
a->move()
Animal* a = fish;
LUT[data[a->m] * 4096] 0
fly()
Prediction
swim()swim
()
Spectre-BTB (v2): mistrain BTB → mispredict indirect jump/call
Spectre-RSB (v5): mistrain RSB → mispredict return
45 Daniel Gruss — Graz University of Technology
![Page 239: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/239.jpg)
“Speculative Buffer Overflows”4 www.tugraz.at
• v1.1: Speculatively write to memory locations
→ Many more gadgets than previously anticipated n
• v1.2: Ignore writable bit
→ = Meltdown-RW
4Vladimir Kiriansky et al. Speculative Buffer Overflows: Attacks and Defenses. In: arXiv:1807.03757
(2018).
46 Daniel Gruss — Graz University of Technology
![Page 240: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/240.jpg)
“Speculative Buffer Overflows”4 www.tugraz.at
• v1.1: Speculatively write to memory locations
→ Many more gadgets than previously anticipated n
• v1.2: Ignore writable bit
→ = Meltdown-RW
4Vladimir Kiriansky et al. Speculative Buffer Overflows: Attacks and Defenses. In: arXiv:1807.03757
(2018).
46 Daniel Gruss — Graz University of Technology
![Page 241: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/241.jpg)
“Speculative Buffer Overflows”4 www.tugraz.at
• v1.1: Speculatively write to memory locations
→ Many more gadgets than previously anticipated n
• v1.2: Ignore writable bit
→ = Meltdown-RW
4Vladimir Kiriansky et al. Speculative Buffer Overflows: Attacks and Defenses. In: arXiv:1807.03757
(2018).
46 Daniel Gruss — Graz University of Technology
![Page 242: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/242.jpg)
“Speculative Buffer Overflows”4 www.tugraz.at
• v1.1: Speculatively write to memory locations
→ Many more gadgets than previously anticipated n
• v1.2: Ignore writable bit
→ = Meltdown-RW
4Vladimir Kiriansky et al. Speculative Buffer Overflows: Attacks and Defenses. In: arXiv:1807.03757
(2018).
46 Daniel Gruss — Graz University of Technology
![Page 243: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/243.jpg)
Spectre www.tugraz.at
operation #n
retir
e
prediction
retir
e
operation #n+2
retir
e
pred
ict
CF/
DF
possiblyarchitectural transient execution
flush pipelineon wrongprediction
time
47 Daniel Gruss — Graz University of Technology
![Page 244: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/244.jpg)
Meltdown www.tugraz.at
operation #n
retir
e
retir
e
operation #n+2
retir
e
data dependency
data Meltdown
possiblyarchitectural transient execution
exception raise
time
48 Daniel Gruss — Graz University of Technology
![Page 245: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/245.jpg)
Mistraining Location www.tugraz.at
in-place/same-address-space
out-of-place/same-address-space
Victim
Victim branch
Congruentbranch
Add
ress
colli
sion
in-place/cross-address-space
out-of-place/cross-address-space
Attacker
Shadow branch
Congruentbranch
Add
ress
colli
sion
Shared Branch Prediction State
49 Daniel Gruss — Graz University of Technology
![Page 246: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/246.jpg)
Classification Tree www.tugraz.at
Transientcause?
Spectre-type
microarchitec-tural buffer
Meltdown-type
fault type
Spectre-PHT
Spectre-BTB
Spectre-RSB
Spectre-STL [32]
mistrainingstrategy
Cross-address-space
Same-address-space
PHT-CA-IP ⭑
PHT-CA-OP ⭑
PHT-SA-IP [54, 52]
PHT-SA-OP ⭑
in-place (IP) vs., out-of-place (OP)
Cross-address-space
Same-address-space
BTB-CA-IP [54, 18]
BTB-CA-OP [54]
BTB-SA-IP ⭑
BTB-SA-OP [18]Cross-address-space
Same-address-space RSB-CA-IP [64, 56]
RSB-CA-OP [56]
RSB-SA-IP [64]
RSB-SA-OP [64, 56]
Meltdown-NM [86]
Meltdown-AC ⭐
Meltdown-DE ⭐
Meltdown-PF
Meltdown-UD ⭐
Meltdown-SS ⭐
Meltdown-BR
Meltdown-GP [10, 41]
Meltdown-US [61]
Meltdown-P [93, 96]
Meltdown-RW [52]
Meltdown-PK ⭑
Meltdown-XD ⭐
Meltdown-SM ⭐
Meltdown-MPX [44]
Meltdown-BND ⭑
prediction
fault
50 Daniel Gruss — Graz University of Technology
![Page 247: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/247.jpg)
![Page 248: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/248.jpg)
![Page 249: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/249.jpg)
Mitigations www.tugraz.at
Table 1: Spectre-type defenses and what they mitigate.
Attack
Defense
Invi
siS
pec
Saf
eSp
ecD
AW
GR
SB
Stu
ffing
Ret
pol
ine
Poi
son
Val
ueIn
dex
Mas
king
Sit
eIs
olat
ion
SL
HY
SN
BIB
RS
ST
IPB
IBP
BS
eria
lizat
ion
Tai
ntT
rack
ing
Tim
erR
educ
tion
Slo
thS
SB
D/S
SB
B
Intel
Spectre-PHT
Spectre-BTB
Spectre-RSB
Spectre-STL
ARM
Spectre-PHT
Spectre-BTB
Spectre-RSB
Spectre-STL
AMD
Spectre-PHT
Spectre-BTB
Spectre-RSB
Spectre-STL
Symbols show if an attack is mitigated ( ), partially mitigated ( ), not mitigated ( ), theoretically
mitigated ( ), theoretically impeded ( ), not theoretically impeded ( ), or out of scope ( ).51 Daniel Gruss — Graz University of Technology
![Page 250: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/250.jpg)
Performance Costs www.tugraz.at
Table 2: Reported performance impacts of countermeasures
Defense
ImpactPerformance Loss Benchmark
InvisiSpec 22% SPEC
SafeSpec 3% (improvement) SPEC2017 on MARSSx86
DAWG 2–12%, 1–15% PARSEC, GAPBS
RSB Stuffing no reports
Retpoline 5–10% real-world workload servers
Site Isolation only memory overhead
SLH 36.4%, 29% Google microbenchmark suite
YSNB 60% Phoenix
IBRS 20–30% two sysbench 1.0.11 benchmarks
STIPB 30– 50% Rodinia OpenMP, DaCapo
IBPB no individual reports
Serialization 62%, 74.8% Google microbenchmark suite
SSBD/SSBB 2–8% SYSmark R©2014 SE & SPEC integer
KAISER/KPTI 0–2.6% system call rates
L1TF mitigations -3–31% various SPEC
52 Daniel Gruss — Graz University of Technology
![Page 251: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/251.jpg)
Reverse-Engineering the Processors www.tugraz.at
Exe
cutio
nE
ngin
e
Reorder buffer
µOP µOP µOP µOP µOP µOP µOP µOP
Scheduler
Execution UnitsA
LU
,AE
S,..
.
AL
U,F
MA
,...
AL
U,V
ect,
...
AL
U,B
ranc
h
Loa
dda
ta
Loa
dda
ta
Stor
eda
ta
AG
U
µOP µOP µOP µOP µOP µOP µOP µOP
CDB
Mem
ory
Subs
yste
m Load Buffer Store Buffer
L1 Data CacheDTLB STLB
L2 Cache
Fron
tend
Allocation Queue
µOP µOP µOP µOP
MUX
4-Way Decode
µOP µOP µOP µOP
Instruction Queue
Instruction Fetch & PreDecode
µOP Cache
µOPs
BranchPredictor
L1 Instruction CacheITLB
53 Daniel Gruss — Graz University of Technology
![Page 252: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/252.jpg)
Conclusions www.tugraz.at
• new class of software-based attacks
• many problems to solve around microarchitectural attacks and
especially transient execution attacks
• dedicate more time into identifying problems and not solely in
mitigating known problems
54 Daniel Gruss — Graz University of Technology
![Page 253: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/253.jpg)
Conclusions www.tugraz.at
• new class of software-based attacks
• many problems to solve around microarchitectural attacks and
especially transient execution attacks
• dedicate more time into identifying problems and not solely in
mitigating known problems
54 Daniel Gruss — Graz University of Technology
![Page 254: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/254.jpg)
Conclusions www.tugraz.at
• new class of software-based attacks
• many problems to solve around microarchitectural attacks and
especially transient execution attacks
• dedicate more time into identifying problems and not solely in
mitigating known problems
54 Daniel Gruss — Graz University of Technology
![Page 255: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/255.jpg)
Microarchitectural Security
Daniel Gruss
February 20, 2019
Graz University of Technology
55 Daniel Gruss — Graz University of Technology
![Page 256: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/256.jpg)
References
Michael Backes et al. Acoustic Side-Channel Attacks on Printers. In: USENIX
Security. 2010.
David Brumley et al. Remote timing attacks are practical. In: Computer Networks
48.5 (2005), pp. 701–716.
Daniel J. Bernstein. Cache-Timing Attacks on AES. 2004. url:
http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.
Elad Carmon et al. Photonic Side Channel Attacks Against RSA. In: HOST’17.
2017.
Daniel Gruss et al. Rowhammer.js: A Remote Software-Induced Fault Attack in
JavaScript. In: DIMVA. 2016.
![Page 257: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/257.jpg)
Daniel Gruss et al. Cache Template Attacks: Automating Attacks on Inclusive
Last-Level Caches. In: USENIX Security Symposium. 2015.
J. Alex Halderman et al. Lest we remember: cold-boot attacks on encryption keys.
In: Communications of the ACM (May 2009).
Michael Hutter et al. The temperature side channel and heating fault attacks. In:
International Conference on Smart Card Research and Advanced Applications.
Springer. 2013, pp. 219–235.
Paul Kocher et al. Differential power analysis. In: Annual International Cryptology
Conference. Springer. 1999, pp. 388–397.
Paul Kocher et al. Spectre Attacks: Exploiting Speculative Execution. In: S&P.
2019.
Emilia Kasper et al. Faster and Timing-Attack Resistant AES-GCM. In:
Cryptographic Hardware and Embedded Systems (CHES). 2009, pp. 1–17.
![Page 258: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/258.jpg)
Vladimir Kiriansky et al. Speculative Buffer Overflows: Attacks and Defenses. In:
arXiv:1807.03757 (2018).
Moritz Lipp et al. ARMageddon: Cache Attacks on Mobile Devices. In: USENIX
Security Symposium. 2016.
Moritz Lipp et al. Nethammer: Inducing Rowhammer Faults through Network
Requests. In: arXiv:1711.08002 (2017).
Moritz Lipp et al. Meltdown: Reading Kernel Memory from User Space. In:
USENIX Security Symposium. 2018.
Stefan Mangard et al. Power analysis attacks: Revealing the secrets of smart
cards. Vol. 31. Springer Science & Business Media, 2008.
Yossef Oren et al. The Spy in the Sandbox: Practical Cache Attacks in JavaScript
and their Implications. In: CCS. 2015.
Josyula R Rao et al. EMpowering Side-Channel Attacks. In: IACR Cryptology
ePrint Archive 2001 (2001), p. 37.
![Page 259: Microarchitectural Security - Boston Universityattacks and their mitigations [36, 43] are outside the scope of this work. [...] 5 Daniel Gruss | Graz University of Technology. SGX](https://reader036.vdocuments.us/reader036/viewer/2022071210/6021cec46996713aba46c368/html5/thumbnails/259.jpg)
Alexander Schlosser et al. Simple Photonic Emission Analysis of AES. In:
CHES’12. 2012.
Michael Schwarz et al. Malware Guard Extension: Using SGX to Conceal Cache
Attacks. In: DIMVA. 2017.
Michael Schwarz et al. Automated Detection, Exploitation, and Elimination of
Double-Fetch Bugs using Modern CPU Features. In: AsiaCCS (2018).
Michael Schwarz et al. NetSpectre: Read Arbitrary Memory over Network. In:
arXiv:1807.10535 (2018).
Andrei Tatar et al. Throwhammer: Rowhammer Attacks over the Network and
Defenses. In: USENIX ATC. 2018.
Jo Van Bulck et al. Foreshadow: Extracting the Keys to the Intel SGX Kingdom
with Transient Out-of-Order Execution. In: USENIX Security Symposium. 2018.
Ofir Weisse et al. Foreshadow-NG: Breaking the Virtual Memory Abstraction with
Transient Out-of-Order Execution. In: Technical report (2018).