The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
A técnica de pré-busca de cache traz enormes benefícios para a melhoria do desempenho, mas tem o custo da segurança da microarquitetura dos processadores. Nesta carta, nos aprofundamos no funcionamento interno de um pré-buscador DCUIP, que é um dos pré-buscadores equipados em processadores Intel. Descobrimos que uma tabela DCUIP é compartilhada entre diferentes contextos de execução em processadores habilitados para hyperthreading, o que leva a outra vulnerabilidade microarquitetural. Ao explorar a vulnerabilidade, propomos um ataque de envenenamento DCUIP. Demonstramos que uma chave de criptografia AES pode ser extraída de uma implementação AES-NI montando o ataque proposto.
Youngjoo SHIN
Korea University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Youngjoo SHIN, "DCUIP Poisoning Attack in Intel x86 Processors" in IEICE TRANSACTIONS on Information,
vol. E104-D, no. 8, pp. 1386-1390, August 2021, doi: 10.1587/transinf.2020EDL8148.
Abstract: Cache prefetching technique brings huge benefits to performance improvement, but it comes at the cost of microarchitectural security in processors. In this letter, we deep dive into internal workings of a DCUIP prefetcher, which is one of prefetchers equipped in Intel processors. We discover that a DCUIP table is shared among different execution contexts in hyperthreading-enabled processors, which leads to another microarchitectural vulnerability. By exploiting the vulnerability, we propose a DCUIP poisoning attack. We demonstrate an AES encryption key can be extracted from an AES-NI implementation by mounting the proposed attack.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2020EDL8148/_p
Copiar
@ARTICLE{e104-d_8_1386,
author={Youngjoo SHIN, },
journal={IEICE TRANSACTIONS on Information},
title={DCUIP Poisoning Attack in Intel x86 Processors},
year={2021},
volume={E104-D},
number={8},
pages={1386-1390},
abstract={Cache prefetching technique brings huge benefits to performance improvement, but it comes at the cost of microarchitectural security in processors. In this letter, we deep dive into internal workings of a DCUIP prefetcher, which is one of prefetchers equipped in Intel processors. We discover that a DCUIP table is shared among different execution contexts in hyperthreading-enabled processors, which leads to another microarchitectural vulnerability. By exploiting the vulnerability, we propose a DCUIP poisoning attack. We demonstrate an AES encryption key can be extracted from an AES-NI implementation by mounting the proposed attack.},
keywords={},
doi={10.1587/transinf.2020EDL8148},
ISSN={1745-1361},
month={August},}
Copiar
TY - JOUR
TI - DCUIP Poisoning Attack in Intel x86 Processors
T2 - IEICE TRANSACTIONS on Information
SP - 1386
EP - 1390
AU - Youngjoo SHIN
PY - 2021
DO - 10.1587/transinf.2020EDL8148
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E104-D
IS - 8
JA - IEICE TRANSACTIONS on Information
Y1 - August 2021
AB - Cache prefetching technique brings huge benefits to performance improvement, but it comes at the cost of microarchitectural security in processors. In this letter, we deep dive into internal workings of a DCUIP prefetcher, which is one of prefetchers equipped in Intel processors. We discover that a DCUIP table is shared among different execution contexts in hyperthreading-enabled processors, which leads to another microarchitectural vulnerability. By exploiting the vulnerability, we propose a DCUIP poisoning attack. We demonstrate an AES encryption key can be extracted from an AES-NI implementation by mounting the proposed attack.
ER -