
TL;DR
This paper reviews and demonstrates how software-based microarchitectural attacks exploit processor optimizations to leak secrets across various environments, including restricted and sandboxed settings, highlighting their pervasiveness and automation potential.
Contribution
It provides a comprehensive overview of microarchitectural attacks, demonstrates their automation, and shows their feasibility even in highly restricted environments like sandboxed JavaScript.
Findings
Microarchitectural attacks can be fully automated.
Attacks are possible in sandboxed JavaScript environments.
Microarchitectural vulnerabilities exist across all modern systems.
Abstract
Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Software-based microarchitectural attacks exploit effects of these optimizations. Microarchitectural side-channel attacks leak secrets from cryptographic computations, from general purpose computations, or from the kernel. This leakage even persists across all common isolation boundaries, such as processes, containers, and virtual machines. Microarchitectural fault attacks exploit the physical imperfections of modern computer systems. Shrinking process technology introduces effects between isolated hardware elements that can be exploited by attackers to take control of the entire system. These attacks are especially interesting in scenarios where the attacker is unprivileged or even sandboxed. In this thesis, we focus on…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
