Figure 1 - uploaded by Michael Schwarz
Content may be subject to copyright.
Simplified illustration of a single core of the Intel's Skylake microarchitecture. Instructions are decoded into µOPs and executed out-of-order in the execution engine by individual execution units.
Source publication
The security of computer systems fundamentally relies on memory isolation, e.g., kernel address ranges are marked as non-accessible and are protected from user access. In this paper, we present Meltdown. Meltdown exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data an...
Context in source publication
Context 1
... instructions are fetched by the front-end from memory and decoded to micro-operations (µOPs) which are continuously sent to the execution engine. Out-of-order execution is implemented within the execution engine as illustrated in Figure 1. The Reorder Buffer is responsible for register allocation, register renaming and retiring. ...
Similar publications
Graphics Processing Units (GPUs) are a ubiquitous component across the range of today's computing platforms, from phones and tablets, through personal computers, to high-end server class platforms. With the increasing importance of graphics and video workloads, recent processors are shipped with GPU devices that are integrated on the same chip. Int...
Citations
... Side channel attacks: Origami relies on the security guarantees provided by Intel SGX. However, SGX has been shown to be prone to side channel attacks [3], [4] based on speculative execution bugs like Spectre and Meltdown [20], [22]. Intel is making updates to it's hardware and SGX implementation to increase robustness against these attacks. ...
This work presents Origami, which provides privacy-preserving inference for large deep neural network (DNN) models through a combination of enclave execution, cryptographic blinding, interspersed with accelerator-based computation. Origami partitions the ML model into multiple partitions. The first partition receives the encrypted user input within an SGX enclave. The enclave decrypts the input and then applies cryptographic blinding to the input data and the model parameters. Cryptographic blinding is a technique that adds noise to obfuscate data. Origami sends the obfuscated data for computation to an untrusted GPU/CPU. The blinding and de-blinding factors are kept private by the SGX enclave, thereby preventing any adversary from denoising the data, when the computation is offloaded to a GPU/CPU. The computed output is returned to the enclave, which decodes the computation on noisy data using the unblinding factors privately stored within SGX. This process may be repeated for each DNN layer, as has been done in prior work Slalom. However, the overhead of blinding and unblinding the data is a limiting factor to scalability. Origami relies on the empirical observation that the feature maps after the first several layers can not be used, even by a powerful conditional GAN adversary to reconstruct input. Hence, Origami dynamically switches to executing the rest of the DNN layers directly on an accelerator without needing any further cryptographic blinding intervention to preserve privacy. We empirically demonstrate that using Origami, a conditional GAN adversary, even with an unlimited inference budget, cannot reconstruct the input. We implement and demonstrate the performance gains of Origami using the VGG-16 and VGG-19 models. Compared to running the entire VGG-19 model within SGX, Origami inference improves the performance of private inference from 11x while using Slalom to 15.1x.
... As they have been designed to mitigate a certain class of known attacks [13]. Nevertheless, this strategy has been found vulnerable and compromised due to software vulnerabilities, microarchitectural weaknesses and poor use of secure design practices [8], [14], [15], [16], [17], [18]. ...
... The recently demonstrated Spectre [18] attack leverage speculative loads which circumvent access checks to read memory-resident secrets, transmitting them to an attacker using cache timing or other covert communication channels. Meltdown [17] is another microarchitectural attack that exploits out-oforder execution to leak the targets physical memory. These attacks exploit the fact that both secure and nonsecure processes shares the same physical memory resource and pointer. ...
The mass integration and deployment of intelligent technologies within critical commercial, industrial and public environments have a significant impact on business operations and society as a whole. Though integration of these critical intelligent technologies pose serious embedded security challenges for technology manufacturers which are required to be systematically approached, in-line with international security regulations.
This paper presents the security foundation for such intelligent technologies by presenting core security functions laid out by international security authorities. For each core security function, the embedded security requirements have been derived, which can be used to establish cyber resilience in embedded systems. A review of existing embedded security methods, microarchitectures and design practises is presented to map the driven embedded security requirements onto existing embedded security landscape and to identify their shortcomings to support the core security functions. They have been found ad-hoc, passive and strongly rely on building and maintaining trust. To the best of our knowledge to date, no existing embedded security microarchitecture or defence mechanism provides continuity of data stream or security once trust has broken. This step is crucial for embedded technologies deployed in critical infrastructure to enhance and maintain security, and to gain evidence of the security breach to effectively evaluate, improve and deploy active response and mitigation strategies. To this end, the paper proposes three microarchitectural characteristics that shall be designed and integrated into embedded architectures to establish, maintain and improve cyber resilience in embedded systems for next generation critical infrastructure.
... Hardware security issues are another example of a topic that spans several KAs. Attacks such as Spectre and Meltdown (Kocher et al., 2018;Lipp et al., 2018), which deal with the interaction of software and hardware, fall into several KUs. The closest complete match would be component design security, a topic in the Component Design KU of the Component Security KA. ...
The Cybersecurity Curricular Guidelines, a joint effort of the ACM, IEEE Computer Society, AIS SIGSAC, and IFIP WG 11.8, were created to provide developers of cybersecurity curricula with guidelines for material to include. The curricular guidelines have eight knowledge areas, broken down into knowledge units and topics. Underlying cross-cutting concepts provide linkages among the knowledge areas. Disciplinary lenses enable the developer to emphasize the knowledge units appropriate to the goals of the developed curricula. Each knowledge area also includes a list of essential concepts that all curricula should cover to an appropriate depth. The guidelines can be linked to workforce frameworks and certification criteria as well as academic curricula.
... As our modern lives are more and more dependent on ubiquitous information technology, it is critical, yet highly challenging, to ensure the security and trustworthiness of the underlying integrated circuits (ICs). For example, researchers have cautioned against powerful attacks on the speculative execution of processor ICs [1,2], or profiled the side-channel leakage of cryptographic modules [3]. Besides such concerns regarding security at runtime, protecting against other threats such as reverse engineering (RE), intellectual property (IP) piracy, illegal overproduction, or insertion of hardware Trojans (HTs) is another challenge. ...
... Massad et al. [48] and Yu et al. [49] formulated independently SAT-based attacks (with oracle access) which challenged the security of [47] nevertheless. 2 These attacks could readily circumvent small-scale LC for various benchmarks with up to 256 gates being camouflaged. A parallel SAT attack providing an average speedup of 3.6× over prior attacks was presented by Wang et al. [50]. ...
... A parallel SAT attack providing an average speedup of 3.6× over prior attacks was presented by Wang et al. [50]. Keshavarz et al. [51] proposed a SAT-based formulation augmented by probing and fault injection capabilities, where the authors were able to 2 The essence of these attacks is similar to [20] and omitted here for brevity; interested readers are also referred to [48,49]. RE an S-Box. ...
The increasing cost of integrated circuit (IC) fabrication has driven most companies to "go fabless" over time. The corresponding outsourcing trend gave rise to various attack vectors, e.g., illegal overproduction of ICs, piracy of the design intellectual property (IP), or insertion of hardware Trojans (HTs). These attacks are possibly conducted by untrusted entities residing all over the supply chain, ranging from untrusted foundries, test facilities, even to end-users. To overcome this multitude of threats, various techniques have been proposed over the past decade. In this paper, we review the landscape of IP protection techniques, which can be classified into logic locking, layout camouflaging, and split manufacturing. We discuss the history of these techniques, followed by state-of-the-art advancements, relevant limitations, and scope for future work.
... Moreover, the proposed method does not need considerable memory usage and can be implemented without utilizing any BRAM or internal memory of the device. Therefore, the implementation has no room for cache-based attacks such as Spectre and Meltdown [19], [22]. ...
... Hence, this phase is similarly resistant to the simple timing and power analysis attacks. We have also studied the security of the proposed algorithm against simple cache attacks and other recent ones such as Spectre and Meltdown [19], [22]. The implementation of the proposed method does not utilize BRAM or any internal memory of the target device (including cache). ...
During the past decade, elliptic curve cryptography (ECC) has been widely deployed in different scenarios as the main asymmetric cryptosystem due to its smaller key length and relatively higher speed compared with other asymmetric cryptosystems. The most critical operation in ECC computation is point multiplication. In some popular applications such as signature verification schemes, the double point multiplication can be exploited. In this paper, we propose an algorithm and its corresponding architecture to speed up the double point multiplication using a modified binary differential addition chain. The proposed method is highly parallelizable and has been implemented on Virtex-4, Virtex-5, and Virtex-7 over
,
, and
, respectively. Experimental results using hardware implementation on Virtex-4 indicate that the proposed architecture achieves 63% and 16% improvements compared with the previous double point multiplication implementation in terms of required time and efficiency over
, respectively. Additionally, the proposed architecture shows time reduction compared with twice the execution time of the best previous single point multiplication by 39% while achieving 258% higher efficiency. The proposed architecture has also been implemented on ASIC, and the results show that the proposed work improves time and energy consumption compared with the previous work.
... Access-driven Cache-based Side-Channel Attacks (CSCAs) are strong cryptanalysis techniques used to break the otherwise strong cryptographic algorithms by targeting their execution at hardware level [1]. In recent years, Intel's x86 architecture has been exposed to high resolution and stealthy CSCAs such as: Prime+Probe [2], Flush+Reload [3], Flush+Flush [4], Evict & Time [1], Prime & Abort [5], Spectre [6] and Meltdown [7]. Modern-day processors do extensive sharing and deduplication for performance benefits. ...
... Modern-day processors do extensive sharing and deduplication for performance benefits. CSCAs exploit sharing vulnerabilities in caches [6], [7] to retrieve information. Such attacks rely on the presence of specialized instructions to maneuver the state of shared caches. ...
... In this respect, the recently published Meltdown [10] and Spectre [11] are also worth mentioning. Both exploit sidechannel effects which are present on modern x86 architectures when the Central Processing Unit (CPU) is executing assembly instructions out-of-order based on speculative assumptions. ...
Reliable authentication of entities is the baseline for secure communications infrastructures and services. While traditional password authentication is still widely deployed, while alternatives based on asymmetric cryptography are also available and provide an increased level of security. On the client-side, however, secret keys are often unprotected. Although constantly updated workstations are considered to be trusted environments, security breaches such as Spectre or Meltdown raised doubts in platform integrity.
The presented work introduces realistic attack vectors which can be employed to extract cryptographic keys from workstations. Consequently, Hardware Security Modules (HSMs) are introduced which provide secure storage as well as secure utilisation of private cryptographic keys. Due to the huge amount of possible application scenarios, the paper focuses on an application scenario based on the widely used Secure Shell (SSH) protocol. Demonstrating that an improved level of security is not necessarily directly linked to costs, a rough summary of interesting Commercial off the Shelf (COTS) devices is provided.
... More recent attack paths are taking advantage of hardware assisted virtualization, and hardware assisted virtual machines. The New Year 2018 brought, new information leakage attacks called Spectre [3] and Meldown [4]. Malicious code can combine viruses, worms, Trojan horses, scripts, et al. to attack multiple, cross-platform systems. ...
... Fannon [25] presented a review of hardware assisted virtual machine attacks. In 2018, Spectre [3] and Meltdown [4] attacks exploited hardware design flaws. System attackers are quickly moving to lower and lower hardware levels. ...
... There are major concerns over software based security. The hardware design flaws exploited by Spectre [3] and Meltdown [4] provide strong motivation for better hardware level security features. A variety of hardware security primitives have been developed in recent years, aimed at mitigating issues such as integrated circuit piracy, counterfeiting, and cybersecurity attacks leveraging information leakage (side-channel analysis). ...