Microarchitectural Attacks and Mitigations on Retire Resources in Modern Processors

IF 3.6 2区计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE Transactions on Computers Pub Date : 2024-12-23 DOI:10.1109/TC.2024.3521225

Ke Xu;Ming Tang;Quancheng Wang;Han Wang

{"title":"Microarchitectural Attacks and Mitigations on Retire Resources in Modern Processors","authors":"Ke Xu;Ming Tang;Quancheng Wang;Han Wang","doi":"10.1109/TC.2024.3521225","DOIUrl":null,"url":null,"abstract":"In modern processors, the Retire Control Unit (RCU) is responsible for receiving the µops decoded from the frontend and retiring the completed µops in order through the retirement. Consequently, the retirement may stall differently depending on the execution time of the first instruction in the RCU, causing varying stalling in the RCU reception. Moreover, We find that the RCU reception in AMD processors and retirement in Intel processors are shared between two logical cores of the same physical core, allowing an attacker to infer the instructions executed by another logical core based on its retire resources efficiency. Based on these findings, we introduce the retirement covert channel on Intel processors and the RCU covert channel on AMD processors. Furthermore, we explores additional applications of retire resources. On the one hand, we combined the misprediction penalty mechanism to apply our covert channels to the Spectre attacks. On the other hand, based on the principle that different programs result in varied usage patterns of retire resources, we propose an attack method that leverages the retire resources to infer the program run by the victim. Finally, we design the corresponding mitigations and extend our mitigation to fetch unit to reduce the performance overhead.","PeriodicalId":13087,"journal":{"name":"IEEE Transactions on Computers","volume":"74 4","pages":"1253-1266"},"PeriodicalIF":3.6000,"publicationDate":"2024-12-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Computers","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10812036/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

In modern processors, the Retire Control Unit (RCU) is responsible for receiving the µops decoded from the frontend and retiring the completed µops in order through the retirement. Consequently, the retirement may stall differently depending on the execution time of the first instruction in the RCU, causing varying stalling in the RCU reception. Moreover, We find that the RCU reception in AMD processors and retirement in Intel processors are shared between two logical cores of the same physical core, allowing an attacker to infer the instructions executed by another logical core based on its retire resources efficiency. Based on these findings, we introduce the retirement covert channel on Intel processors and the RCU covert channel on AMD processors. Furthermore, we explores additional applications of retire resources. On the one hand, we combined the misprediction penalty mechanism to apply our covert channels to the Spectre attacks. On the other hand, based on the principle that different programs result in varied usage patterns of retire resources, we propose an attack method that leverages the retire resources to infer the program run by the victim. Finally, we design the corresponding mitigations and extend our mitigation to fetch unit to reduce the performance overhead.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Computers 工程技术-工程：电子与电气

CiteScore

6.60

自引率

5.40%

发文量

199

审稿时长

6.0 months

期刊介绍： The IEEE Transactions on Computers is a monthly publication with a wide distribution to researchers, developers, technical managers, and educators in the computer field. It publishes papers on research in areas of current interest to the readers. These areas include, but are not limited to, the following: a) computer organizations and architectures; b) operating systems, software systems, and communication protocols; c) real-time systems and embedded systems; d) digital devices, computer components, and interconnection networks; e) specification, design, prototyping, and testing methods and tools; f) performance, fault tolerance, reliability, security, and testability; g) case studies and experimental and theoretical evaluations; and h) new and important applications and trends.