The aggressive performance optimizations in modern microprocessors can result in security vulnerabilities. For example, the timing-based attacks in processor caches are shown to be successful in stealing secret keys or causing privilege escalation. So far, finding cache-timing vulnerabilities is mostly performed by human experts, which is inefficient and laborious. There is a need for automatic tools that can explore vulnerabilities because unreported vulnerabilities leave the systems at risk. In this paper, we propose AutoCAT, an automated exploration framework that finds cache timing-channel attacks using reinforcement learning (RL). Specifically, AutoCAT formulates the cache timing-channel attack as a guessing game between the attacker program and the victim program holding a secret, which can thus be solved via modern deep RL techniques. AutoCAT can explore attacks in various cache configurations without knowing design details and under different attacker and victim configurations, and also find attacks to bypass known detection and defense mechanisms. In particular, AutoCAT discovered StealthyStreamline, a new attack that is able to bypass detection based on performance counters and has up to a 71% higher information leakage rate than the state-of-the-art LRU-based attacks on real processors. AutoCAT is the first of its kind using RL for crafting microarchitectural timing-channel attack sequences and can accelerate cache timing-channel exploration for secure microprocessor designs.
翻译:现代微处理器中的激进性性能优化可导致安全脆弱性。 例如, 处理器缓存中基于时间的攻击显示成功窃取秘密钥匙或导致特权升级。 到目前为止, 发现缓存弱点主要是由人类专家进行, 效率低且难度大。 需要自动工具来探索薄弱环节, 因为未报告的薄弱环节会让系统处于危险之中。 在本文中, 我们提议 AutoCAT( AutoCAT) (AutoCAT) (AutoCAT) (AutoExplace ) (AustoCAT) 是一个自动探索框架, 通过强化学习发现缓存定时道攻击(RL) 。 具体来说, AutoCAT(AutoCAT) 将缓存定时道攻击作为攻击者程序与受害者秘密程序之间的一种猜测游戏。 因此, 通过现代的深入RL技术可以解决这个问题。 AutoCAT(Auto) 可以探索各种缓冲式缓冲装置, 在不同的攻击者和受害者配置下, 并找到绕过已知的探测和防御机制。 特别是, AutothththSetStlineSrelinelinelinelinelinelinelinelinelinelineline, 能够绕过基于性反行动台, 并绕过检测, 和预制式的新的攻击程序, AS-rach-ral-rut-ral-reval-reval-r-r-ral-ral-ral-rking-rking-ral-ral- chstring- ro-rking-ral- rocal- chart制式式式式的系统- chstring- chart- chstring- chstring- chart- chstring- chart- chart- chart- chart- chart- chart- chart- chart- chart- chart- chart- chart- chart- chart- chart- chart- chart- chemstrstrstremstremstrstremstremstring-st-string- chart- chart- chart- chart- chart- chart- chart- chart- chart制式攻击程序, 的新的攻击程序, 进程, 程序, 的新的攻击过程的新的攻击程序,