Performance Monitor Unit (PMU) is a significant hardware module on the current processors, which counts the events launched by processor into a set of PMU counters. Ideally, the events triggered by instructions that are executed but the results are not successfully committed (transient execution) should not be recorded. However, in this study, we discover that some PMU events triggered by the transient execution instructions will actually be recorded by PMU. Based on this, we propose the PMUSpill attack, which enables attackers to maliciously leak the secret data that are loaded during transient executions. The biggest challenge is how to encode the secret data into PMU events. We construct an instruction gadget to solve this challenge, whose execution path that can be identified by PMU counters represents what values the secret data are. We successfully implement the PMUSpill attack to leak the secret data stored in Intel Software Guard Extensions (SGX) (a Trusted Execution Environment (TEE) in the Intel's processors) through real experiments. Besides, we locate the vulnerable PMU counters and their trigger instructions by iterating all the valid PMU counters and instructions. The experiment results demonstrate that there are up to 20 PMU counters available to implement the PMUSpill attack. We also provide some possible hardware and software-based countermeasures for addressing the PMUSpill attack, which can be utilized to enhance the security of processors in future.
翻译:绩效监测股( PMU) 是当前处理器上的一个重要硬件模块, 该处理器将事件计为处理器在一套 PMU 计数器计数器中发生的事件。 理想的情况是, 执行指令引发的事件最好不记录( 临时执行) 。 但是, 在本研究中, 我们发现, 临时执行指令引发的一些 PMU 事件实际上将由 PMU 记录。 基于此, 我们提议 PMUSpinill 攻击, 使攻击者能够恶意泄漏临时处决期间装载的秘密数据。 最大的挑战是如何将秘密数据编码成 PMU 事件。 我们构建了一个解决挑战的指南工具, 由 PMU 能够识别的执行路径代表了秘密数据的价值。 我们成功实施了 PMUS 攻击, 以泄漏Intel 软件保护扩展( SGX) 储存的秘密数据。 ( Intel 处理器中的信任执行环境) 能够通过真正的实验将数据泄漏。 此外, 我们定位了脆弱的 PMU 对抗程序及其触发指令, 通过 PMU 执行所有有效的 PMU 反攻击指令。 实验结果 。 也显示 用于 使用 20 。