AVX Timing Side-Channel Attacks against Address Space Layout Randomization

Modern x86 processors support an AVX instruction set to boost performance. However, this extension may cause security issues. We discovered that there are vulnerable properties in implementing masked load/store instructions. Based on this, we present a novel AVX timing side-channel attack that can defeat address space layout randomization. We demonstrate the significance of our attack by showing User and Kernel ASLR breaks on the recent Intel and AMD processors in various environments, including cloud computing systems, an SGX enclave (a fine-grained ASLR break), and major operating systems. We further demonstrate that our attack can be used to infer user behavior, such as Bluetooth events and mouse movements. We highlight that stronger isolation or more fine-grained randomization should be adopted to successfully mitigate our presented attacks.