当前位置: X-MOL 学术arXiv.cs.AR › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Transient Execution of Non-Canonical Accesses
arXiv - CS - Hardware Architecture Pub Date : 2021-08-24 , DOI: arxiv-2108.10771
Saidgani Musaev, Christof Fetzer

Recent years have brought microarchitectural security intothe spotlight, proving that modern CPUs are vulnerable toseveral classes of microarchitectural attacks. These attacksbypass the basic isolation primitives provided by the CPUs:process isolation, memory permissions, access checks, andso on. Nevertheless, most of the research was focused on In-tel CPUs, with only a few exceptions. As a result, few vulner-abilities have been found in other CPUs, leading to specula-tions about their immunity to certain types of microarchi-tectural attacks. In this paper, we provide a black-box anal-ysis of one of these under-explored areas. Namely, we inves-tigate the flaw of AMD CPUs which may lead to a transientexecution hijacking attack. Contrary to nominal immunity,we discover that AMD Zen family CPUs exhibit transient ex-ecution patterns similar for Meltdown/MDS. Our analysisof exploitation possibilities shows that AMDs design deci-sions indeed limit the exploitability scope comparing to In-tel CPUs, yet it may be possible to use them to amplify othermicroarchitectural attacks.

中文翻译:

非规范访问的瞬时执行

近年来,微架构安全性成为人们关注的焦点,证明现代 CPU 容易受到几类微架构攻击。这些攻击绕过 CPU 提供的基本隔离原语:进程隔离、内存权限、访问检查等。尽管如此,大部分研究都集中在英特尔 CPU 上,只有少数例外。因此,在其他 CPU 中发现的漏洞很少,导致人们猜测它们对某些类型的微架构攻击具有免疫力。在本文中,我们对这些未充分探索的区域之一进行了黑盒分析。即,我们调查可能导致瞬时执行劫持攻击的 AMD CPU 的缺陷。与名义免疫相反,我们发现 AMD Zen 系列 CPU 表现出类似于 Meltdown/MDS 的瞬态执行模式。我们对漏洞利用可能性的分析表明,与英特尔 CPU 相比,AMD 的设计决策确实限制了可利用范围,但仍有可能使用它们来放大其他微架构攻击。
更新日期:2021-08-25
down
wechat
bug