research-article

Public Access

All Your PC Are Belong to Us: Exploiting Non-control-Transfer Instruction BTB Updates for Dynamic PC Extraction

Authors:

Christopher Wardlaw FletcherAuthors Info & Claims

ISCA '23: Proceedings of the 50th Annual International Symposium on Computer Architecture

Article No.: 65, Pages 1 - 14

https://doi.org/10.1145/3579371.3589100

Published: 17 June 2023 Publication History

Abstract

Leaking a program's instruction address (PC) pattern, completely and precisely, has long been a sought-after capability for microarchitectural side-channel attackers. Case in point, such a primitive would be sufficient to construct powerful control-flow leakage attacks (inferring program secrets impacting control flow) that defeat existing control-flow leakage mitigations, or even reverse-engineer private binaries through PC-trace granular fingerprinting. However, current side-channel attack techniques only capture PCs at a coarse granularity or for only specific instruction types.

In this paper, we propose the first micro-architectural side-channel attack that is capable of directly observing the exact PCs of arbitrary victim dynamic instructions---i.e., even the PCs of non-control-transfer instructions and even if the program code is private. Our attack exploits several previously overlooked characteristics in modern Intel Branch Target Buffers (BTBs). The core observation is perhaps counter-intuitive: despite being a structure related to control-flow prediction, the BTB incurs observable state changes after the execution of potentially any instruction, not just control-transfer instructions.

Through reverse-engineering and analyzing said BTB vulnerabilities, we design and implement an attack framework named NightVision. We demonstrate how NightVision is capable of efficiently and accurately identifying a subset, or the entirety, of a victim program's dynamic PC trace (depending on the attacker's capabilities). We show how NightVision enables a new control-flow attack that bypasses prior defenses. Additionally, we show that when combined with code fingerprinting techniques, NightVision enables reverse-engineering of private programs.

References

[1]

2022. Awesome SGX Open Source Projects. https://github.com/Maxul/Awesome-SGX-Open-Source.

[2]

2022. Mbed-TLS: An open source, portable, easy to use, readable and flexible SSL library. https://github.com/ARMmbed/mbedtls.

[3]

Onur Aciiçmez. 2007. Yet another microarchitectural attack: exploiting I-cache. In Proceedings of the 2007 ACM workshop on Computer security architecture. 11--18.

Digital Library

[4]

Onur Acıiçmez, Çetin Kaya Koç, and Jean-Pierre Seifert. 2007. Predicting secret keys via branch prediction. In Proceedings of the 7th Cryptographers' track at the RSA conference on Topics in Cryptology. 225--242.

Digital Library

[5]

Alejandro Cabrera Aldaya, Billy Bob Brumley, Sohaib ul Hassan, Cesar Pereida García, and Nicola Tuveri. 2019. Port contention for fun and profit. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 870--887.

[6]

Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy, Vol. 13. ACM New York, NY, USA, 7.

[7]

Marc Andrysco, David Kohlbrenner, Keaton Mowery, Ranjit Jhala, Sorin Lerner, and Hovav Shacham. 2015. On Subnormal Floating Point and Abnormal Timing. In Proceedings of the 2015 IEEE Symposium on Security and Privacy. 623--639.

Digital Library

[8]

C Ashokkumar, Ravi Prakash Giri, and Bernard Menezes. 2016. Highly efficient algorithms for AES key retrieval in cache access attacks. In 2016 IEEE European symposium on security and privacy (EuroS&P). IEEE, 261--275.

[9]

Erick Bauman, Huibo Wang, Mingwei Zhang, and Zhiqiang Lin. 2018. Sgxelide: enabling enclave code secrecy via self-modification. In Proceedings of the 2018 International Symposium on Code Generation and Optimization. 75--86.

Digital Library

[10]

Daniel J Bernstein and Bo-Yin Yang. 2019. Fast constant-time gcd computation and modular inversion. IACR Transactions on Cryptographic Hardware and Embedded Systems (2019), 340--398.

[11]

Sunjay Cauligi, Gary Soeller, Fraser Brown, Brian Johannesmeyer, Yunlu Huang, Ranjit Jhala, and Deian Stefan. 2017. Fact: A flexible, constant-time programming language. In 2017 IEEE Cybersecurity Development (SecDev). IEEE, 69--76.

[12]

Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H Lai. 2019. Sgxpectre: Stealing intel secrets from sgx enclaves via speculative execution. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 142--157.

[13]

Yuan Chen, Jiaqi Li, Guorui Xu, Yajin Zhou, Zhi Wang, Cong Wang, and Kui Ren. 2022. SGXLock: Towards Efficiently Establishing Mutual Distrust Between Host Application and Enclave for SGX. In 31st USENIX Security Symposium (USENIX Security'22). 4129--4146.

[14]

Yun Chen, Lingfeng Pei, and Trevor E Carlson. 2023. AfterImage: Leaking Control Flow Data and Tracking Load Operations via the Hardware Prefetcher. In Proceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2. 16--32.

Digital Library

[15]

Intel Corporation. 2016. Intel® Software Guard Extensions SDK for Linux* OS (Developer Reference). (2016).

[16]

Goran Doychev, Boris Köpf, Laurent Mauborgne, and Jan Reineke. 2015. Cacheaudit: A tool for the static analysis of cache side channels. ACM Transactions on information and system security (TISSEC) 18, 1 (2015), 1--32.

Digital Library

[17]

Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. 2016. Jump over ASLR: Attacking branch predictors to bypass ASLR. In 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 1--13.

[18]

Dmitry Evtyushkin, Ryan Riley, Nael CSE Abu-Ghazaleh, ECE, and Dmitry Ponomarev. 2018. BranchScope: A New Side-Channel Attack on Directional Branch Predictor. (2018), 693--707.

[19]

Ben Gras, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2018. Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks. In 27th USENIX Security Symposium (USENIX Security'18). 955--972.

[20]

Leon Groot Bruinderink, Andreas Hülsing, Tanja Lange, and Yuval Yarom. 2016. Flush, gauss, and reload-a cache attack on the BLISS lattice-based signature scheme. In International Conference on Cryptographic Hardware and Embedded Systems. Springer, 323--345.

[21]

Roberto Guanciale, Hamed Nemati, Christoph Baumann, and Mads Dam. 2016. Cache storage channels: Alias-driven attacks and verified countermeasures. In 2016 IEEE Symposium on Security and Privacy (SP). IEEE, 38--55.

[22]

David Gullasch, Endre Bangerter, and Stephan Krenn. 2011. Cache games-bringing access-based cache attacks on AES to practice. In 2011 IEEE Symposium on Security and Privacy. IEEE, 490--505.

Digital Library

[23]

Marcus Hähnel, Weidong Cui, and Marcus Peinado. 2017. High-resolution side channels for untrusted operating systems. In 2017 USENIX Annual Technical Conference (USENIX ATC'17). 299--312.

[24]

John L Hennessy and David A Patterson. 2011. Advanced Techniques for Instruction Delivery and Speculation. In Computer architecture: a quantitative approach. Elsevier, Chapter 3.9, 203--206.

[25]

Shohreh Hosseinzadeh, Hans Liljestrand, Ville Leppänen, and Andrew Paverd. 2018. Mitigating branch-shadowing attacks on Intel SGX using control flow randomization. In Proceedings of the 3rd Workshop on System Software for Trusted Execution. 42--47.

Digital Library

[26]

Tianlin Huo, Xiaoni Meng, Wenhao Wang, Chunliang Hao, Pei Zhao, Jian Zhai, and Mingshu Li. 2020. Bluethunder: A 2-level directional predictor based side-channel attack against sgx. IACR Transactions on Cryptographic Hardware and Embedded Systems (2020), 321--347.

[27]

Intel. 2018. Indirect Branch Predictor Barrier. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/indirect-branch-predictor-barrier.html.

[28]

Intel. 2018. Indirect Branch Restricted Speculation. https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/indirect-branch-restricted-speculation.html.

[29]

Intel. 2018. Intel 64 and IA-32 Architectures Optimization Reference Manual. https://intel.ly/2UbLwk2.

[30]

Intel. 2018. Intel® Software Guard Extensions (Intel® SGX) Protected Code Loader (PCL) for Linux. (2018).

[31]

Intel. 2020. Intel IPP Crypto Library (2020). https://github.com/intel/ipp-crypto/tree/ipp-crypto_2020.

[32]

Intel. 2022. Intel Trust Domain Extensions. https://software.intel.com/content/dam/develop/external/us/en/documents/tdxwhitepaper-v4.pdf.

[33]

Yasuo Ishii, Jaekyu Lee, Krishnendra Nathella, and Dam Sunwoo. 2021. Reestablishing fetch-directed instruction prefetching: An industry perspective. In 2021 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS). IEEE, 172--182.

[34]

Joonsung Kim, Hamin Jang, Hunjun Lee, Seungho Lee, and Jangwoo Kim. 2021. UC-Check: Characterizing Micro-operation Caches in x86 Processors and Implications in Security and Performance. In MICRO-54: 54th Annual IEEE/ACM International Symposium on Microarchitecture. 550--564.

Digital Library

[35]

Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, et al. 2019. Spectre attacks: Exploiting speculative execution. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 1--19.

[36]

Jagadish B Kotra and John Kalamatianos. 2020. Improving the Utilization of Microoperation Caches in x86 Processors. In 2020 53rd Annual IEEE/ACM International Symposium on Microarchitecture (MICRO). IEEE, 160--172.

[37]

Titouan Lazard, Johannes Götzfried, Tilo Müller, Gianni Santinelli, and Vincent Lefebvre. 2018. TEEshift: Protecting code confidentiality by selectively shifting functions into TEEs. In Proceedings of the 3rd Workshop on System Software for Trusted Execution. 14--19.

Digital Library

[38]

Jaekyu Lee, Yasuo Ishii, and Dam Sunwoo. 2020. Securing branch predictors with two-level encryption. ACM Transactions on Architecture and Code Optimization (TACO) 17, 3 (2020), 1--25.

Digital Library

[39]

Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In 26th USENIX Security Symposium (USENIX Security'17). 557--574.

[40]

Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, and Elaine Shi. 2015. Oblivm: A programming framework for secure computation. In 2015 IEEE Symposium on Security and Privacy. IEEE, 359--376.

Digital Library

[41]

Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R Savagaonkar. 2013. Innovative instructions and software model for isolated execution. (2013), 1--1.

[42]

Daniel Moghimi, Jo Van Bulck, Nadia Heninger, Frank Piessens, and Berk Sunar. 2020. CopyCat: Controlled Instruction-Level Attacks on Enclaves. In 29th USENIX Security Symposium (USENIX Security'20). 469--486.

[43]

Lina Nouh, Ashkan Rahimian, Djedjiga Mouheb, Mourad Debbabi, and Aiman Hanna. 2017. BinSign: Fingerprinting binary functions to support automated analysis of code executables. In IFIP International Conference on ICT Systems Security and Privacy Protection. Springer, 341--355.

[44]

Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: the case of AES. In Cryptographers' track at the RSA conference. Springer, 1--20.

Digital Library

[45]

Riccardo Paccagnella, Licheng Luo, and Christopher W Fletcher. 2021. Lord of the Ring (s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical. In 30th USENIX Security Symposium (USENIX Security'21). 645--662.

[46]

Ivan Puddu, Moritz Schneider, Miro Haller, and Srdjan čapkun. 2021. Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend. In 30th USENIX Security Symposium (USENIX Security'21). 663--680.

[47]

Ivan Puddu, Moritz Schneider, Daniele Lain, Stefano Boschetto, and Srdjan čapkun. 2022. On (the Lack of) Code Confidentiality in Trusted Execution Environments. arXiv preprint arXiv:2212.07899 (2022).

[48]

Ashay Rane, Calvin Lin, and Mohit Tiwari. 2015. Raccoon: Closing digital side-channels through obfuscated execution. In 24th USENIX Security Symposium (USENIX Security'15). 431--446.

[49]

Bholanath Roy, Ravi Prakash Giri, C Ashokkumar, and Bernard Menezes. 2015. Design and implementation of an espionage network for cache-based side channel attacks on AES. In 2015 12th International Joint Conference on e-Business and Telecommunications (ICETE), Vol. 4. IEEE, 441--447.

Digital Library

[50]

Shweta Shinde, Zheng Leong Chua, Viswesh Narayanan, and Prateek Saxena. 2016. Preventing page faults from telling your secrets. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. 317--328.

Digital Library

[51]

Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, and Christopher W Fletcher. 2019. Microscope: Enabling microarchitectural replay attacks. In 2019 ACM/IEEE 46th Annual International Symposium on Computer Architecture (ISCA). IEEE, 318--331.

Digital Library

[52]

A. Smith and B. Johnson. 1998. Method and apparatus for implementing a set associative branch target buffer.

[53]

Dan Tsafrir, Yoav Etsion, and Dror G Feitelson. 2007. Secretly Monopolizing the CPU Without Superuser Privileges. In USENIX Security Symposium. 239--256.

[54]

Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2017. SGX-Step: A practical attack framework for precise enclave execution control. In Proceedings of the 2nd Workshop on System Software for Trusted Execution. 1--6.

Digital Library

[55]

Jo Van Bulck, Frank Piessens, and Raoul Strackx. 2018. Nemesis: Studying microarchitectural timing leaks in rudimentary CPU interrupt logic. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. 178--195.

Digital Library

[56]

Jo Van Bulck, Nico Weichbrodt, Rüdiger Kapitza, Frank Piessens, and Raoul Strackx. 2017. Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution. In 26th USENIX Security Symposium (USENIX Security'17). 1041--1056.

[57]

Stephan van Schaik, Marina Minkin, Andrew Kwong, Daniel Genkin, and Yuval Yarom. 2021. CacheOut: Leaking data on Intel CPUs via cache evictions. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 339--354.

[58]

Jose Rodrigo Sanchez Vicarte, Pradyumna Shome, Nandeeka Nayak, Caroline Trippel, Adam Morrison, David Kohlbrenner, and Christopher W Fletcher. 2021. Opening pandora's box: A systematic study of new ways microarchitecture can leak private data. In 2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA). IEEE, 347--360.

Digital Library

[59]

Daimeng Wang, Zhiyun Qian, Nael Abu-Ghazaleh, and Srikanth V Krishnamurthy. 2019. Papp: Prefetcher-aware prime and probe side-channel attack. In Proceedings of the 56th Annual Design Automation Conference 2019. 1--6.

Digital Library

[60]

Wenhao Wang, Guoxing Chen, Xiaorui Pan, Yinqian Zhang, XiaoFeng Wang, Vincent Bindschaedler, Haixu Tang, and Carl A Gunter. 2017. Leaky cauldron on the dark land: Understanding memory side-channel hazards in SGX. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2421--2434.

Digital Library

[61]

Jan Wichelmann, Ahmad Moghimi, Thomas Eisenbarth, and Berk Sunar. 2018. Microwalk: A framework for finding side channels in binaries. In Proceedings of the 34th Annual Computer Security Applications Conference. 161--173.

Digital Library

[62]

WikiChip. 2020. Macro-Operation Fusion (MOP Fusion). https://en.wikichip.org/wiki/macro-operation_fusion.

[63]

Yuan Xiao, Mengyuan Li, Sanchuan Chen, and Yinqian Zhang. 2017. Stacco: Differentially analyzing side-channel traces for detecting SSL/TLS vulnerabilities in secure enclaves. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 859--874.

Digital Library

[64]

Yuanzhong Xu, Weidong Cui, and Marcus Peinado. 2015. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In 2015 IEEE Symposium on Security and Privacy. IEEE, 640--656.

Digital Library

[65]

Yuval Yarom and Katrina Falkner. 2014. FLUSH+ RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In 23rd USENIX Security Symposium (USENIX Security'14). 719--732.

[66]

Jiyong Yu, Xinyang Ge, Trent Jaeger, Christopher W Fletcher, and Weidong Cui. 2022. Pagoda: Towards Binary Code Privacy Protection with SGX-based Execute-Only Memory. In 2022 IEEE International Symposium on Secure and Private Execution Environment Design (SEED). IEEE, 133--144.

[67]

Jiyong Yu, Lucas Hsiung, Mohamad El'Hajj, and Christopher W Fletcher. 2019. Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing. (2019).

[68]

Samee Zahur and David Evans. 2015. Obliv-C: A Language for Extensible Data-Oblivious Computation. IACR Cryptol. ePrint Arch. 2015 (2015), 1153.

[69]

Tao Zhang, Kenneth Koltermann, and Dmitry Evtyushkin. 2020. Exploring branch predictors for constructing transient execution trojans. In Proceedings of the 25th International Conference on Architectural Support for Programming Languages and Operating Systems. 667--682.

Digital Library

[70]

Lutan Zhao, Peinan Li, Rui Hou, Michael C Huang, Jiazhen Li, Lixin Zhang, Xuehai Qian, and Dan Meng. 2021. A lightweight isolation mechanism for secure branch predictors. In 2021 58th ACM/IEEE Design Automation Conference (DAC). IEEE, 1267--1272.

Digital Library

Cited By

Yavarzadeh HAgarwal AChristman MGarman CGenkin DKwong AMoghimi DStefan DTaram KTullsen DTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch PredictorProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3620666.3651382(770-784)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620666.3651382

Index Terms

All Your PC Are Belong to Us: Exploiting Non-control-Transfer Instruction BTB Updates for Dynamic PC Extraction
1. Computer systems organization
  1. Architectures
2. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures

Recommendations

Mitigating Branch-Shadowing Attacks on Intel SGX using Control Flow Randomization
SysTEX '18: Proceedings of the 3rd Workshop on System Software for Trusted Execution

Intel Software Guard Extensions (SGX) is a promising hardware-based technology for protecting sensitive computation from potentially compromised system software. However, recent research has shown that SGX is vulnerable to branch-shadowing -- a side ...
PMU-Leaker: Performance Monitor Unit-Based Realization of Cache Side-Channel Attacks
ASPDAC '23: Proceedings of the 28th Asia and South Pacific Design Automation Conference

Performance Monitor Unit (PMU) is a special hardware module in processors that contains a set of counters to record various architectural and micro-architectural events. In this paper, we propose PMU-Leaker, a novel realization of all existing cache side-...
Dynamic BTB Resizing for Variable Stages Superscalar Architecture
CANDAR '13: Proceedings of the 2013 First International Symposium on Computing and Networking

To extract instruction level parallelism (ILP) and thread level parallelism (TLP), super scalar architecture has become commonly used for high-performance computers. While a deeper super scalar pipeline achieves a higher performance, it consumes a ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ISCA '23: Proceedings of the 50th Annual International Symposium on Computer Architecture

June 2023

1225 pages

ISBN:9798400700958

DOI:10.1145/3579371

Chair:
Yan Solihin,
General Chair:
Mark Heinrich
University of Central Florida

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 June 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSF (National Science Foundation)

Conference

ISCA '23

Sponsor:

SIGARCH

ISCA '23: 50th Annual International Symposium on Computer Architecture

June 17 - 21, 2023

FL, Orlando, USA

Acceptance Rates

Overall Acceptance Rate 543 of 3,203 submissions, 17%

Upcoming Conference

ISCA '25

Sponsor:
sigarch

The 52nd Annual International Symposium on Computer Architecture

June 21 - 25, 2025

Tokyo , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
574
Total Downloads

Downloads (Last 12 months)315
Downloads (Last 6 weeks)35

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yavarzadeh HAgarwal AChristman MGarman CGenkin DKwong AMoghimi DStefan DTaram KTullsen DTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch PredictorProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3620666.3651382(770-784)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620666.3651382

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents