Indirect Meltdown: Building Novel Side-Channel Attacks from Transient-Execution Attacks

TL;DR

This paper introduces a novel side-channel attack called LeakIDT that leverages indirect transient-execution techniques to leak metadata and perform precise timing measurements, even on mitigated systems.

Contribution

It demonstrates how adding indirection to Meltdown transforms it into a side-channel attack capable of leaking metadata and precise timing information, despite existing mitigations.

Findings

LeakIDT enables cache-line granular monitoring of kernel addresses.

LeakIDT provides cycle-accurate timestamps for interrupts.

The attack can infer inter-keystroke timings and visited websites.

Abstract

The transient-execution attack Meltdown leaks sensitive information by transiently accessing inaccessible data during out-of-order execution. Although Meltdown is fixed in hardware for recent CPU generations, most currently-deployed CPUs have to rely on software mitigations, such as KPTI. Still, Meltdown is considered non-exploitable on current systems. In this paper, we show that adding another layer of indirection to Meltdown transforms a transient-execution attack into a side-channel attack, leaking metadata instead of data. We show that despite software mitigations, attackers can still leak metadata from other security domains by observing the success rate of Meltdown on non-secret data. With LeakIDT, we present the first cache-line granular monitoring of kernel addresses. LeakIDT allows an attacker to obtain cycle-accurate timestamps for attacker-chosen interrupts. We use our attack to get accurate inter-keystroke timings and fingerprint visited websites. While we propose a low-overhead software mitigation to prevent the exploitation of LeakIDT, we emphasize that the side-channel aspect of transient-execution attacks should not be underestimated.