On the Balance Between the Performance and Security of Modern Processor Micro-architectures




Hernandez Coronado, Andres Rainiero

Journal Title

Journal ISSN

Volume Title



With a never-ending task to increase performance, hardware vendors often overlook how the design of a new micro-architecture can include bugs exploitable by devoted adversaries, which can be used to violate the security guarantees that users take for granted in modern computing systems. Therefore, in this work I take an adversarial role with the task of pinpointing as many security flaws as possible in multiple x86-64 processors implementing recent micro-architecture designs, from both Intel and AMD, where I attempt to propose any mitigation where possible.

As a brief introduction, I first report about how recent efforts by AMD fall short in their task to mitigate cache side-channels techniques in their recent Zen micro-architecture. Then, as a counter example, I propose The Race-Timing prototype, a new software-based technique, agnostic to the micro-architecture, that can configure effective cache-side channels in any modern processor that implements multi-threading. Following, I disclose Branchboozle, a new attack on the branch prediction unit of modern processors, from both Intel and AMD, capable of consistently triggering the now-infamous Spectre bug. Finally, I pay close attention to the memory management unit of recent Intel processors, which can be exploited to mount advanced forms of cache side-channel attacks known as Xlate. Yet, while hard to mitigate, the original implementation of Xlate is considerably slower when compared to other techniques, thus, I propose The TLB Mage, a comprehensive framework that accelerates Xlate attacks in general.

Ultimately, throughout this dissertation it will become apparent how there will never be an end to this line of research, where I will always try to point out security flaws in each new micro-architecture design. Nonetheless, doing so only benefits the end-users of modern computing systems, who can now be certain that work is being done to improve their security and privacy.


This item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.


Branch Prediction, Cache Side-channels, Memory Management Unit, Translation Lookaside Buffer



Electrical and Computer Engineering