Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend
Abstract
We introduce a new timing side-channel attack on Intel CPU processors. Our Frontal attack exploits timing differences that arise from how the CPU frontend fetches and processes instructions while being interrupted. In particular, we observe that in modern Intel CPUs, some instructions’ execution times will depend on which operations precede and succeed them, and on their virtual addresses. Unlike previous attacks that could only profile branches if they contained different code or had known branch targets, the Frontal attack allows the adversary to distinguish between instruction-wise identical branches. As the attack requires OS capabilities to set the interrupts, we use it to exploit SGX enclaves. Our attack further demonstrates that secret-dependent branches should not be used even alongside defenses to current controlled-channel attacks. We show that the adversary can use the Frontal attack to extract a secret from an SGX enclave if that secret was used as a branching condition for two instructionwise identical branches. We successfully tested the attack on all the available Intel CPUs with SGX (until 10th gen) and used it to leak information from two commonly used cryptographic libraries.
Research Area: Trusted Computing
People
BibTex
@INPROCEEDINGS{puddu2021frontal,
isbn = {978-1-939133-24-3},
year = {2021-08},
booktitle = {Proceedings of the 30th USENIX Security Symposium (USENIX Security 21)},
type = {Conference Paper},
author = {Puddu, Ivan and Schneider, Moritz and Haller, Miro and Capkun, Srdjan},
abstract = {We introduce a new timing side-channel attack on Intel CPU processors. Our Frontal attack exploits timing differences that arise from how the CPU frontend fetches and processes instructions while being interrupted. In particular, we observe that in modern Intel CPUs, some instructions' execution times will depend on which operations precede and succeed them, and on their virtual addresses. Unlike previous attacks that could only profile branches if they contained different code or had known branch targets, the Frontal attack allows the adversary to distinguish between instruction-wise identical branches. As the attack requires OS capabilities to set the interrupts, we use it to exploit SGX enclaves. Our attack further demonstrates that secret-dependent branches should not be used even alongside defenses to current controlled-channel attacks. We show that the adversary can use the Frontal attack to extract a secret from an SGX enclave if that secret was used as a branching condition for two instructionwise identical branches. We successfully tested the attack on all the available Intel CPUs with SGX (until 10th gen) and used it to leak information from two commonly used cryptographic libraries.},
language = {en},
address = {Berkeley, CA},
publisher = {USENIX Association},
title = {Frontal Attack: Leaking Control-Flow in SGX via the CPU Frontend},
PAGES = {663 - 680},
Note = {30th USENIX Security Symposium (USENIX Security 2021); Conference Location: Online; Conference Date: August 11-13, 2021}
}
Research Collection: 20.500.11850/546765