World News Trust World News Trust
World News Trust World News Trust
  • News Portal
  • All Content
    • Edited
      • News
      • Commentary
      • Analysis
      • Advisories
      • Source
    • Flatwire
  • Topics
    • Agriculture
    • Culture
      • Arts
      • Children
      • Education
      • Entertainment
      • Food and Hunger
      • Sports
    • Disasters
    • Economy
    • Energy
    • Environment
    • Government
    • Health
    • Media
    • Science
    • Spiritual
    • Technology
    • Transportation
    • War
  • Regions
    • Africa
    • Americas
      • North America
      • South America
    • Antarctica
    • Arctic
    • Asia
    • Australia/Oceania
    • Europe
    • Middle East
    • Oceans
      • Arctic Ocean
      • Atlantic Ocean
      • Indian Ocean
      • Pacific Ocean
      • Southern Ocean
    • Space
  • World Desk
    • Submit Content
  • About Us
  • Sign In/Out
  • Register
  • Site Map
  • Contact Us
  • Russia's War and the Global Economy | Nouriel Roubini
  • U.S. Considers Radical Rethinking Of Dollar For Today's Digital World | David Gura
  • Why is Israel Amending Its Open-Fire Policy?: Three Possible Answers | Ramzy Baroud
  • WATCH: Republican National Committee Abandons America
  • ‘Previously Unknown Massacres’: Why is Israel Allowed to Own Palestinian History? | Ramzy Baroud
  • The Revolt of the Imagination, Part One: Notes on Belbury Syndrome | John Michael Greer
  • Human gut bacteria have sex to share vitamin B12 | University of California - Riverside

MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols | Caroline Trippel, Daniel Lustig, Margaret Martonosi

More items by author
Categories
Edited | Front Page Stories | All Content | Education | Health | Science | Technology | News | News -- WNT Selected
Tool Bar
View Comments

Credit: CC0 Public DomainCredit: CC0 Public Domain

Feb. 11, 2018 (arXrv.org) -- The recent Meltdown and Spectre attacks highlight the importance of automated verification techniques for identifying hardware security vulnerabilities.

We have developed a tool for synthesizing microarchitecture-specific programs capable of producing any user-specified hardware execution pattern of interest. Our tool takes two inputs: a formal description of (i) a microarchitecture in a domain-specific language, and (ii) a microarchitectural execution pattern of interest, e.g. a threat pattern. All programs synthesized by our tool are capable of producing the specified execution pattern on the supplied microarchitecture.

We used our tool to specify a hardware execution pattern common to Flush+Reload attacks and automatically synthesized security litmus tests representative of those that have been publicly disclosed for conducting Meltdown and Spectre attacks. We also formulated a Prime+Probe threat pattern, enabling our tool to synthesize a new variant of each---MeltdownPrime and SpectrePrime. Both of these new exploits use Prime+Probe approaches to conduct the timing attack. They are both also novel in that they are 2-core attacks which leverage the cache line invalidation mechanism in modern cache coherence protocols.

These are the first proposed Prime+Probe variants of Meltdown and Spectre. But more importantly, both Prime attacks exploit invalidation-based coherence protocols to achieve the same level of precision as a Flush+Reload attack.

While mitigation techniques in software (e.g., barriers that prevent speculation) will likely be the same for our Prime variants as for original Spectre and Meltdown, we believe that hardware protection against them will be distinct. As a proof of concept, we implemented SpectrePrime as a C program and ran it on an Intel x86 processor, averaging about the same accuracy as Spectre over 100 runs -- 97.9 percent for Spectre and 99.95 percent for SpectrePrime.

READ MORE: arXrv.org

back to top
  • Created
    Sunday, February 18 2018
  • Last modified
    Sunday, February 18 2018
  1. You are here:  
  2. Home
  3. All Content
  4. Edited
  5. MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols | Caroline Trippel, Daniel Lustig, Margaret Martonosi
Copyright © 2022 World News Trust. All Rights Reserved.
Joomla! is Free Software released under the GNU General Public License.