PMUSpill: The Counters in Performance Monitor Unit that Leak SGX-Protected Secrets

TL;DR

This paper uncovers a new side-channel attack called PMUSpill that exploits PMU counters recording transient execution events to leak SGX secrets, demonstrating real-world vulnerabilities and proposing potential defenses.

Contribution

The study reveals that PMU counters can record transient execution events, enabling a novel attack to leak SGX secrets, and provides hardware/software countermeasures.

Findings

Up to 20 PMU counters can be exploited for the attack.

Successfully leaked SGX secret data via PMUSpill.

Identified specific PMU counters and instructions vulnerable to the attack.

Abstract

Performance Monitor Unit (PMU) is a significant hardware module on the current processors, which counts the events launched by processor into a set of PMU counters. Ideally, the events triggered by instructions that are executed but the results are not successfully committed (transient execution) should not be recorded. However, in this study, we discover that some PMU events triggered by the transient execution instructions will actually be recorded by PMU. Based on this, we propose the PMUSpill attack, which enables attackers to maliciously leak the secret data that are loaded during transient executions. The biggest challenge is how to encode the secret data into PMU events. We construct an instruction gadget to solve this challenge, whose execution path that can be identified by PMU counters represents what values the secret data are. We successfully implement the PMUSpill attack to leak the secret data stored in Intel Software Guard Extensions (SGX) (a Trusted Execution Environment (TEE) in the Intel's processors) through real experiments. Besides, we locate the vulnerable PMU counters and their trigger instructions by iterating all the valid PMU counters and instructions. The experiment results demonstrate that there are up to 20 PMU counters available to implement the PMUSpill attack. We also provide some possible hardware and software-based countermeasures for addressing the PMUSpill attack, which can be utilized to enhance the security of processors in future.