- Joined
- May 15, 2016
- Messages
- 14,218
- Likes
- 2,643
- Points
- 1,730
The method, dubbed “Dabangg,” is based on Flush + Reload and Flush + Flush attacks.
Modern Intel and AMD processors are vulnerable to a new type of attack through third-party channels, which makes cache flush attacks resistant to system noise. This was reported by researchers Biswabandan Panda and Anish Saxena from the Indian Institute of Technology (IIT) in Kanpur in their article “DABANGG: Time for Fearless Flush based Cache Attacks”.
The method, dubbed “Dabangg,” is based on the Flush + Reload and Flush + Flush attacks that were previously used by other researchers to leak data from Intel processors. The new method aims to increase the accuracy of these attacks even in a noisy multi-core system, and also works seamlessly with operating systems such as macOS.
“Reset-based cache attacks are based on a cache delay calibration. Modern timing attacks are ineffective in the real world, since most of them work in a strictly controlled environment, ”the experts explained.
Flush + Reload and Flush + Flush attacks erase memory lines using the clflush instruction. Then, when the target process gains access to the memory line, the attacker reboots or resets the memory line and measures the necessary time to load it.
DABANGG is very similar to Flush + Reload and Flush + Flush attacks, because it depends on the difference in execution time when accessing cached and non-cached memory. However, DABANGG sets thresholds used to differentiate cache hit from dynamic miss.
Power management methods, such as dynamic voltage and frequency scaling (DVFS) in modern processors, allow you to change the frequency depending on the total CPU load. At the same time, cores performing resource-intensive processes operate at a higher frequency than others.
According to the researchers, the frequency difference in the core leads to a variable delay in the execution of commands and makes the thresholds selected for distinguishing between cache hits and misses useless.
“We make these threshold values dynamic depending on the processor frequency, which, in turn, makes reset-based attacks resistant to system noise,” the experts explained.
DABANGG addresses the shortcomings by fixing the processor frequency distribution at the preliminary stage and using computationally rich code to stabilize the frequency before performing a Flush + Reload or Flush + Flush attack to calculate the delay and check for cache hit.
As a result of side-channel attacks, an attacker is able to intercept user input, retrieve the AES private key, filter data through a hidden channel between the malicious process and the victim, and gain access to cached information.
Researchers intend to publish a PoC attack code on Github after June 15, 2020.
__________________
Modern Intel and AMD processors are vulnerable to a new type of attack through third-party channels, which makes cache flush attacks resistant to system noise. This was reported by researchers Biswabandan Panda and Anish Saxena from the Indian Institute of Technology (IIT) in Kanpur in their article “DABANGG: Time for Fearless Flush based Cache Attacks”.
The method, dubbed “Dabangg,” is based on the Flush + Reload and Flush + Flush attacks that were previously used by other researchers to leak data from Intel processors. The new method aims to increase the accuracy of these attacks even in a noisy multi-core system, and also works seamlessly with operating systems such as macOS.
“Reset-based cache attacks are based on a cache delay calibration. Modern timing attacks are ineffective in the real world, since most of them work in a strictly controlled environment, ”the experts explained.
Flush + Reload and Flush + Flush attacks erase memory lines using the clflush instruction. Then, when the target process gains access to the memory line, the attacker reboots or resets the memory line and measures the necessary time to load it.
DABANGG is very similar to Flush + Reload and Flush + Flush attacks, because it depends on the difference in execution time when accessing cached and non-cached memory. However, DABANGG sets thresholds used to differentiate cache hit from dynamic miss.
Power management methods, such as dynamic voltage and frequency scaling (DVFS) in modern processors, allow you to change the frequency depending on the total CPU load. At the same time, cores performing resource-intensive processes operate at a higher frequency than others.
According to the researchers, the frequency difference in the core leads to a variable delay in the execution of commands and makes the thresholds selected for distinguishing between cache hits and misses useless.
“We make these threshold values dynamic depending on the processor frequency, which, in turn, makes reset-based attacks resistant to system noise,” the experts explained.
DABANGG addresses the shortcomings by fixing the processor frequency distribution at the preliminary stage and using computationally rich code to stabilize the frequency before performing a Flush + Reload or Flush + Flush attack to calculate the delay and check for cache hit.
As a result of side-channel attacks, an attacker is able to intercept user input, retrieve the AES private key, filter data through a hidden channel between the malicious process and the victim, and gain access to cached information.
Researchers intend to publish a PoC attack code on Github after June 15, 2020.
__________________