TY - GEN
T1 - Restore Buffer Overflow Attacks
T2 - 36th International Conference on Information Networking, ICOIN 2022
AU - Lee, Jongmin
AU - Koo, Gunjae
N1 - Funding Information:
ACKNOWLEDGEMENT This work was supported by the Institute of Information & Communications Technology Planning & Evaluation (IITP) grants funded by the Korea government (MSIT) (No. 2019-0-00533, Research on CPU Vulnerability Detection and Validation / IITP-2021-2020-0-01819, ICT Creative Consilience Program) and the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) (NRF-2021R1C1C1012172).
Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Transient execution attacks have been severe security threats since such attacks exploit architectural vulnerabilities in out-of-order processors. Researchers proposed several architectural solutions to defend against transient execution attacks. By restoring the victim blocks stored temporarily in a restore buffer, the undo-based approaches can revoke the cache state changed by speculative loads. Thus it is known that the undo-based defense mechanisms can protect processors from transient execution attacks.In this paper, we reveal the undo-based protection scheme is still vulnerable to the elaborated Prime+Probe type attacks. Under the undo-based protection, the victim blocks by the speculative loads are stored in the restore buffer that has limited resources. Thus if the restore buffer is full, part of the victim blocks in the restore buffer can be evicted from the restore buffer. Then the cache state cannot be restored since the processor cannot find the victim blocks required for restoring the cache state. We design a restore buffer overflow attack that can leak secret data even if the processor is protected under the undo-based scheme. We evaluate the attack mechanism using the architectural simulator. Our evaluation exhibits that the attack can leak part of secret data successfully.
AB - Transient execution attacks have been severe security threats since such attacks exploit architectural vulnerabilities in out-of-order processors. Researchers proposed several architectural solutions to defend against transient execution attacks. By restoring the victim blocks stored temporarily in a restore buffer, the undo-based approaches can revoke the cache state changed by speculative loads. Thus it is known that the undo-based defense mechanisms can protect processors from transient execution attacks.In this paper, we reveal the undo-based protection scheme is still vulnerable to the elaborated Prime+Probe type attacks. Under the undo-based protection, the victim blocks by the speculative loads are stored in the restore buffer that has limited resources. Thus if the restore buffer is full, part of the victim blocks in the restore buffer can be evicted from the restore buffer. Then the cache state cannot be restored since the processor cannot find the victim blocks required for restoring the cache state. We design a restore buffer overflow attack that can leak secret data even if the processor is protected under the undo-based scheme. We evaluate the attack mechanism using the architectural simulator. Our evaluation exhibits that the attack can leak part of secret data successfully.
KW - Cache Side-Channels
KW - Secure Architecture
KW - Speculative Execution
KW - Transient Execution Attacks
UR - http://www.scopus.com/inward/record.url?scp=85125667532&partnerID=8YFLogxK
U2 - 10.1109/ICOIN53446.2022.9687185
DO - 10.1109/ICOIN53446.2022.9687185
M3 - Conference contribution
AN - SCOPUS:85125667532
T3 - International Conference on Information Networking
SP - 315
EP - 318
BT - 36th International Conference on Information Networking, ICOIN 2022
PB - IEEE Computer Society
Y2 - 12 January 2022 through 15 January 2022
ER -