BranchScope-Reference-Cited by-同舟云学术

BranchScope

Published:2018-11-30 Issue:2 Volume:53 Page:693-707
ISSN:0362-1340
Container-title:ACM SIGPLAN Notices
language:en
Short-container-title:SIGPLAN Not.

Author:

Evtyushkin Dmitry¹,Riley Ryan²,Abu-Ghazaleh Nael CSE and ECE³,Ponomarev Dmitry⁴

Affiliation:

1. College of William and Mary, Williamsburg, VA, USA

2. CMU Qatar, Doha, Qatar

3. UC Riverside, Riverside, CA, USA

4. Binghamton University, Binghamton, NY, USA

Abstract

We present BranchScope - a new side-channel attack where the attacker infers the direction of an arbitrary conditional branch instruction in a victim program by manipulating the shared directional branch predictor. The directional component of the branch predictor stores the prediction on a given branch (taken or not-taken) and is a different component from the branch target buffer (BTB) attacked by previous work. BranchScope is the first fine-grained attack on the directional branch predictor, expanding our understanding of the side channel vulnerability of the branch prediction unit. Our attack targets complex hybrid branch predictors with unknown organization. We demonstrate how an attacker can force these predictors to switch to a simple 1-level mode to simplify the direction recovery. We carry out BranchScope on several recent Intel CPUs and also demonstrate the attack against an SGX enclave.

Funder

Qatar National Research Fund

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Graphics and Computer-Aided Design,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3296957.3173204

Reference55 articles.

1. On the power of simple branch prediction analysis

2. Predicting Secret Keys Via Branch Prediction

3. Amplifying side channels through performance degradation

4. Feeling Secure vs. Being Secure the Mobile Phone User Case

Cited by 35 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. SoK: Understanding Design Choices and Pitfalls of Trusted Execution Environments;Proceedings of the 19th ACM Asia Conference on Computer and Communications Security;2024-07

2. MetaLeak: Uncovering Side Channels in Secure Processor Architectures Exploiting Metadata;2024 ACM/IEEE 51st Annual International Symposium on Computer Architecture (ISCA);2024-06-29

3. A Hardware Security Protection Method for Conditional Branches of Embedded Systems;Micromachines;2024-06-05

4. SoK: SGX.Fail: How Stuff Gets eXposed;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

5. BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus Interconnect;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19