Load-to-store: exploit the time leakage of store buffer transient window

Load-to-store: exploit the time leakage of store buffer transient window

To research the vulnerability of modern microarchitecture and consider the mitigation, memory order buffer which was responsible for managing the execution order of memory access instructions was analyzed and found that load forward would directly bypass the data of dependent store instructions to l...

Full description

Saved in:
Bibliographic Details
Main Authors: Ming TANG, Yifan HU
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2023-04-01
Series:Tongxin xuebao
Subjects:
memory order buffer
microarchitectural side-channel vulnerability
OpenSSL AES
timing side-channel
Online Access:http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2023051/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:To research the vulnerability of modern microarchitecture and consider the mitigation, memory order buffer which was responsible for managing the execution order of memory access instructions was analyzed and found that load forward would directly bypass the data of dependent store instructions to load instructions, and speculative load would execute independent load instructions in advance.While bring efficiency optimizations, it might also lead to errors and corresponding blocking.The existing optimization mechanisms on the Intel Coffee Lake microarchitecture, and the leak attack scheme by using them were analyzed.Using the four execution modes of MOB and the corresponding duration, a variety of attacks were constructed including transient attack, covert channel, and recovery of the private key of the cryptographic algorithm.The time difference caused by MOB was used to leak the address of memory instructions, and the implementation of AES T table was attacked.Key recovery experiments were conducted on AES-128 with OpenSSL 3.0.0 on an Intel i5-9400 processor.The experimental results show that 30 000 sets of samples can recover a key byte with a probability of 63.6%.Due to the characteristics of memory order buffer, the concealment of the exploit is better than traditional cache time leaks.
ISSN:1000-436X

Similar Items