On the Balance Between the Performance and Security of Modern Processor Micro-architectures

Date
2022
Authors
Hernandez Coronado, Andres Rainiero
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract

With a never-ending task to increase performance, hardware vendors often overlook how the design of a new micro-architecture can include bugs exploitable by devoted adversaries, which can be used to violate the security guarantees that users take for granted in modern computing systems. Therefore, in this work I take an adversarial role with the task of pinpointing as many security flaws as possible in multiple x86-64 processors implementing recent micro-architecture designs, from both Intel and AMD, where I attempt to propose any mitigation where possible.

As a brief introduction, I first report about how recent efforts by AMD fall short in their task to mitigate cache side-channels techniques in their recent Zen micro-architecture. Then, as a counter example, I propose The Race-Timing prototype, a new software-based technique, agnostic to the micro-architecture, that can configure effective cache-side channels in any modern processor that implements multi-threading. Following, I disclose Branchboozle, a new attack on the branch prediction unit of modern processors, from both Intel and AMD, capable of consistently triggering the now-infamous Spectre bug. Finally, I pay close attention to the memory management unit of recent Intel processors, which can be exploited to mount advanced forms of cache side-channel attacks known as Xlate. Yet, while hard to mitigate, the original implementation of Xlate is considerably slower when compared to other techniques, thus, I propose The TLB Mage, a comprehensive framework that accelerates Xlate attacks in general.

Ultimately, throughout this dissertation it will become apparent how there will never be an end to this line of research, where I will always try to point out security flaws in each new micro-architecture design. Nonetheless, doing so only benefits the end-users of modern computing systems, who can now be certain that work is being done to improve their security and privacy.

Description
This item is available only to currently enrolled UTSA students, faculty or staff.
Keywords
Branch Prediction, Cache Side-channels, Memory Management Unit, Translation Lookaside Buffer
Citation
Department
Electrical and Computer Engineering