TL;DR
NetSpectre introduces a novel remote Spectre attack over the network, utilizing a new AVX-based covert channel to leak data without local code execution, significantly broadening the attack surface.
Contribution
The paper presents the first remote Spectre variant 1 attack using a cache-free covert channel, demonstrating practical data leakage over networks and virtual environments.
Findings
Leaked 15 bits per hour using cache-based attack
Leaked 60 bits per hour using AVX-based covert channel
Effective in local networks and cloud virtual machines
Abstract
In this paper, we present NetSpectre, a generic remote Spectre variant 1 attack. For this purpose, we demonstrate the first access-driven remote Evict+Reload cache attack over network, leaking 15 bits per hour. Beyond retrofitting existing attacks to a network scenario, we also demonstrate the first Spectre attack which does not use a cache covert channel. Instead, we present a novel high-performance AVX-based covert channel that we use in our cache-free Spectre attack. We show that in particular remote Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system. We verified that our NetSpectre attacks work in local-area networks as well as between virtual machines in the Google cloud. NetSpectre marks a paradigm shift from local attacks, to remote attacks, exposing a much wider range and larger number of devices to…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
