SMoTherSpectre: exploiting speculative execution through port contention

03/05/2019
by   Atri Bhattacharyya, et al.
0

Spectre, Meltdown, and related attacks have demonstrated that kernels, hypervisors, trusted execution environments, and browsers are prone to information disclosure through micro-architectural weaknesses. However, it remains unclear as to what extent other applications, in particular those that do not load attacker-provided code, may be impacted. It also remains unclear as to what extent these attacks are reliant on cache-based side channels. We introduce SMoTherSpectre, a speculative code-reuse attack that leverages port-contention in simultaneously multi-threaded processors (SMoTher) as a side channel to leak information from a victim process. SMoTher is a fine-grained side channel that detects contention based on a single victim instruction. To discover real-world gadgets, we describe a methodology and build a tool that locates SMoTher-gadgets in popular libraries. In an evaluation on glibc, we found more than hundred gadgets that can be used to leak some information. Finally, we demonstrate a proof-of-concept attack against encryption using the OpenSSL library, leaking information about the plaintext through gadgets in libcrypto and glibc.

READ FULL TEXT

Please sign up or login with your details

Forgot password? Click here to reset