# Software-based Microarchitectural Attacks

**Authors:** Daniel Gruss

arXiv: 1706.05973 · 2017-06-20

## TL;DR

This paper reviews and demonstrates how software-based microarchitectural attacks exploit processor optimizations to leak secrets across various environments, including restricted and sandboxed settings, highlighting their pervasiveness and automation potential.

## Contribution

It provides a comprehensive overview of microarchitectural attacks, demonstrates their automation, and shows their feasibility even in highly restricted environments like sandboxed JavaScript.

## Key findings

- Microarchitectural attacks can be fully automated.
- Attacks are possible in sandboxed JavaScript environments.
- Microarchitectural vulnerabilities exist across all modern systems.

## Abstract

Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Software-based microarchitectural attacks exploit effects of these optimizations. Microarchitectural side-channel attacks leak secrets from cryptographic computations, from general purpose computations, or from the kernel. This leakage even persists across all common isolation boundaries, such as processes, containers, and virtual machines. Microarchitectural fault attacks exploit the physical imperfections of modern computer systems. Shrinking process technology introduces effects between isolated hardware elements that can be exploited by attackers to take control of the entire system. These attacks are especially interesting in scenarios where the attacker is unprivileged or even sandboxed.   In this thesis, we focus on microarchitectural attacks and defenses on commodity systems. We investigate known and new side channels and show that microarchitectural attacks can be fully automated. Furthermore, we show that these attacks can be mounted in highly restricted environments such as sandboxed JavaScript code in websites. We show that microarchitectural attacks exist on any modern computer system, including mobile devices (e.g., smartphones), personal computers, and commercial cloud systems. This thesis consists of two parts. In the first part, we provide background on modern processor architectures and discuss state-of-the-art attacks and defenses in the area of microarchitectural side-channel attacks and microarchitectural fault attacks. In the second part, a selection of our papers are provided without modification from their original publications. I have co-authored these papers, which have subsequently been anonymously peer-reviewed, accepted, and presented at renowned international conferences.

---
Source: https://tomesphere.com/paper/1706.05973