Our work on ring interconnect side channel attacks was accepted at @USENIXSecurity 2021 (#usesec21)! Full paper and source code are now available at: arxiv.org/pdf/2103.03443…
Context: Multicore CPUs have many components (agents) that communicate with each other. The ring interconnect is what many Intel CPUs use to move data between these components (e.g., during a memory access).
In our paper, we reverse engineer the architecture of such ring interconnect. Read our paper to learn more than you ever thought you wanted to know about how the Intel CPU ring interconnect works, down to arbitration policies, protocols and physical implementation.
We describe, for the first time, the necessary and sufficient conditions to create "ring contention". Such contention occurs when multiple agents contend on the ring interconnect and suffer small delays in their memory accesses.
We show how the above conditions can be used to build a cross-core covert channel with a capacity of over 4 Mbps from a single thread, the largest to date for a cross-core covert channel that does not rely on shared memory.
Finally, we show two examples of side channel attacks that exploit ring contention. The first attack leaks key bits from vulnerable EdDSA and RSA implementations. The second attack infers the precise timing of keystrokes typed by a victim user.
Importantly, unlike prior attacks, our attacks do *not* rely on sharing memory, cache sets, core-private resources or any specific uncore structures. As a consequence, they are hard to mitigate using existing "domain isolation" techniques.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
