Adversarial Prefetch: New Cross-Core Cache Side Channel Attacks

TL;DR

This paper uncovers security flaws in Intel's PREFETCHW instruction, enabling new cross-core cache side-channel attacks that significantly improve data leakage and covert channel capacities, threatening cryptographic and transient execution security.

Contribution

The authors identify two security flaws in PREFETCHW on Intel CPUs and develop novel cross-core cache attacks, Prefetch+Reload and Prefetch+Prefetch, demonstrating their effectiveness in covert, side-channel, and transient attacks.

Findings

Achieved record 782 KB/s and 822 KB/s covert channel capacities.

Successfully leaked private cryptographic keys with near-zero error.

Leaked twice as many secret bytes in transient attacks compared to prior methods.

Abstract

Modern x86 processors have many prefetch instructions that can be used by programmers to boost performance. However, these instructions may also cause security problems. In particular, we found that on Intel processors, there are two security flaws in the implementation of PREFETCHW, an instruction for accelerating future writes. First, this instruction can execute on data with read-only permission. Second, the execution time of this instruction leaks the current coherence state of the target data. Based on these two design issues, we build two cross-core private cache attacks that work with both inclusive and non-inclusive LLCs, named Prefetch+Reload and Prefetch+Prefetch. We demonstrate the significance of our attacks in different scenarios. First, in the covert channel case, Prefetch+Reload and Prefetch+Prefetch achieve 782 KB/s and 822 KB/s channel capacities, when using only one shared cache line between the sender and receiver, the largest-to-date single-line capacities for CPU cache covert channels. Further, in the side channel case, our attacks can monitor the access pattern of the victim on the same processor, with almost zero error rate. We show that they can be used to leak private information of real-world applications such as cryptographic keys. Finally, our attacks can be used in transient execution attacks in order to leak more secrets within the transient window than prior work. From the experimental results, our attacks allow leaking about 2 times as many secret bytes, compared to Flush+Reload, which is widely used in transient execution attacks.