TL;DR
This paper reveals how self-modifying code on x86 processors can be exploited to perform more efficient and precise instruction cache attacks, leading to improved cryptographic key extraction and covert channels, and proposes detection methods.
Contribution
It introduces novel attack techniques leveraging self-modifying code-induced timing discrepancies to enhance cache attacks and suggests hardware-based detection strategies.
Findings
Enhanced cache attack effectiveness due to timing variations
Ability to extract cryptographic keys more precisely
Development of hardware performance counter-based detection
Abstract
Self-modifying code (SMC) allows programs to alter their own instructions, optimizing performance and functionality on x86 processors. Despite its benefits, SMC introduces unique microarchitectural behaviors that can be exploited for malicious purposes. In this paper, we explore the security implications of SMC by examining how specific x86 instructions affecting instruction cache lines lead to measurable timing discrepancies between cache hits and misses. These discrepancies facilitate refined cache attacks, making them less noisy and more effective. We introduce novel attack techniques that leverage these timing variations to enhance existing methods such as Prime+Probe and Flush+Reload. Our advanced techniques allow adversaries to more precisely attack cryptographic keys and create covert channels akin to Spectre across various x86 platforms. Finally, we propose a dynamic detection…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
