Cache prefetching technique brings huge benefits to performance improvement, but it comes at the cost of microarchitectural security in processors. In this letter, we deep dive into internal workings of a DCUIP prefetcher, which is one of prefetchers equipped in Intel processors. We discover that a DCUIP table is shared among different execution contexts in hyperthreading-enabled processors, which leads to another microarchitectural vulnerability. By exploiting the vulnerability, we propose a DCUIP poisoning attack. We demonstrate an AES encryption key can be extracted from an AES-NI implementation by mounting the proposed attack.
Youngjoo SHIN
Korea University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Youngjoo SHIN, "DCUIP Poisoning Attack in Intel x86 Processors" in IEICE TRANSACTIONS on Information,
vol. E104-D, no. 8, pp. 1386-1390, August 2021, doi: 10.1587/transinf.2020EDL8148.
Abstract: Cache prefetching technique brings huge benefits to performance improvement, but it comes at the cost of microarchitectural security in processors. In this letter, we deep dive into internal workings of a DCUIP prefetcher, which is one of prefetchers equipped in Intel processors. We discover that a DCUIP table is shared among different execution contexts in hyperthreading-enabled processors, which leads to another microarchitectural vulnerability. By exploiting the vulnerability, we propose a DCUIP poisoning attack. We demonstrate an AES encryption key can be extracted from an AES-NI implementation by mounting the proposed attack.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2020EDL8148/_p
Copy
@ARTICLE{e104-d_8_1386,
author={Youngjoo SHIN, },
journal={IEICE TRANSACTIONS on Information},
title={DCUIP Poisoning Attack in Intel x86 Processors},
year={2021},
volume={E104-D},
number={8},
pages={1386-1390},
abstract={Cache prefetching technique brings huge benefits to performance improvement, but it comes at the cost of microarchitectural security in processors. In this letter, we deep dive into internal workings of a DCUIP prefetcher, which is one of prefetchers equipped in Intel processors. We discover that a DCUIP table is shared among different execution contexts in hyperthreading-enabled processors, which leads to another microarchitectural vulnerability. By exploiting the vulnerability, we propose a DCUIP poisoning attack. We demonstrate an AES encryption key can be extracted from an AES-NI implementation by mounting the proposed attack.},
keywords={},
doi={10.1587/transinf.2020EDL8148},
ISSN={1745-1361},
month={August},}
Copy
TY - JOUR
TI - DCUIP Poisoning Attack in Intel x86 Processors
T2 - IEICE TRANSACTIONS on Information
SP - 1386
EP - 1390
AU - Youngjoo SHIN
PY - 2021
DO - 10.1587/transinf.2020EDL8148
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E104-D
IS - 8
JA - IEICE TRANSACTIONS on Information
Y1 - August 2021
AB - Cache prefetching technique brings huge benefits to performance improvement, but it comes at the cost of microarchitectural security in processors. In this letter, we deep dive into internal workings of a DCUIP prefetcher, which is one of prefetchers equipped in Intel processors. We discover that a DCUIP table is shared among different execution contexts in hyperthreading-enabled processors, which leads to another microarchitectural vulnerability. By exploiting the vulnerability, we propose a DCUIP poisoning attack. We demonstrate an AES encryption key can be extracted from an AES-NI implementation by mounting the proposed attack.
ER -