TL;DR
This paper introduces Leakage Templates to abstractly describe microarchitectural side channels, and presents Plumber, a framework that derives these templates from code sequences to identify new and existing cache-based vulnerabilities.
Contribution
The paper proposes Leakage Templates as a novel abstraction for microarchitectural side channels and develops Plumber to automatically derive these templates from code, revealing new leakage primitives and vulnerabilities.
Findings
Identified novel leakage primitives related to premature cache eviction and prefetching.
Re-identified a prefetcher-based vulnerability in OpenSSL 1.1.0g.
Demonstrated the effectiveness of Leakage Templates on ARM Cortex-A53 and -A72 cores.
Abstract
The complexity of modern processor architectures has given rise to sophisticated interactions among their components. Such interactions may result in potential attack vectors in terms of side channels, possibly available to user-land exploits to leak secret data. Exploitation and countering of such side channels require a detailed understanding of the target component. However, such detailed information is commonly unpublished for many CPUs. In this paper, we introduce the concept of Leakage Templates to abstractly describe specific side channels and identify their occurrences in binary applications. We design and implement Plumber, a framework to derive the generic Leakage Templates from individual code sequences that are known to cause leakage (e.g., found by prior work). Plumber uses a combination of instruction fuzzing, instructions' operand mutation and statistical analysis to…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
