|
With the beginning of 2018, microarchitectural attacks received a lot of
attention by the computer security community and other fields. Meltdown
and Spectre break isolation between processes and security domains on a
hardware level. In this training, we provide a hands-on experience on
microarchitectural attacks.
Starting with the basics, we first learn how caches work and then
implement three very basic microarchitectural side-channel attacks. We
start with Flush+Reload and use it to implement two different attacks;
one on a cryptographic algorithm and one template attack. We also see
how performance counters can reveal interesting information for
microarchitectural attacks.
After having learned how to mount Flush+Reload attacks on shared
libraries, we go one step further and get rid of the requirement of
shared memory step by step. For this purpose, we learn how to build
eviction sets and implement an Evict+Reload attack. Continuing from
there, we implement Prime+Probe, an attack which does not require any
shared memory. Finally, we implement a Meltdown and a Spectre attack,
based on the Flush+Reload implementation we already have implement in
the first third of the course.
This course teaches attendees where microarchitectural attack surface is
created and how it can be exploited. This provides engineers with
valuable knowledge for building more secure hardware and software
resilient to these attacks.
|