This paper evaluates new security threats due to the processor frontend in modern Intel processors. The security threats are based on new timing and power covert channels. The root causes of the security threats are the multiple paths in the processor frontend that the micro-ops can take: through the Micro-Instruction Translation Engine (MITE), through the Decode Stream Buffer (DSB), also called the Micro-op Cache, or through the Loop Stream Detector (LSD). Each path has its own unique timing and power signatures, which lead to the security threats presented in this work. In addition, the switching between the different paths can lead to observable timing or power differences which could be exploited by attackers. Because of the different paths, the switching, and the way the components are shared in the frontend between hardware threads, two separate threads are able to be mutually influenced and timing or power can reveal activity on the other thread. The security threats are not limited to multi-threading, and this work further demonstrates new ways for leaking execution information about SGX enclaves or a new in-domain Spectre variant. In addition, this work demonstrates a new method for fingerprinting the microcode patches of the processor by analyzing the behavior of different paths in the frontend. This work demonstrates that the whole processor frontend needs to be considered when ensuring the security of processor architectures.
翻译:本文评估了由于现代 Intel 处理器的处理器前端而带来的新的安全威胁。 安全威胁基于新的时间和权力隐蔽渠道。 安全威胁的根源是微操作可以采用的处理器前端的多条路径: 通过Micro- Instruction 翻译引擎(MITE), 通过Decode Stream Buffer(DSB), 也称为Micro- op Cache, 或者通过Loop Stream 探测器(LSD), 评估了新的安全威胁。 每条路径都有自己的独特的时间和权力信号, 导致这项工作中出现的安全威胁。 此外, 不同路径之间的转换可能导致可观测到的时间或权力差异, 攻击者可以利用这些路径。 由于不同路径、 转换和组件在硬件线索前端共享的方式, 两种不同的线索能够相互影响, 时间或力量可以显示其他线索上的活动。 安全威胁并不限于多重解读, 这项工作进一步展示了将执行信息泄露到SGX 飞地或新的内部行为模式结构的新的路径差异。 将展示为新的智能分析程序。 。 。 将展示了新的智能分析程序
相关内容
微信扫码咨询专知VIP会员