Litcius/Paper detail

All Your PC Are Belong to Us: Exploiting Non-control-Transfer Instruction BTB Updates for Dynamic PC Extraction

Jiyong Yu, Trent Jaeger, Christopher W. Fletcher

202312 citationsDOI

Abstract

Leaking a program's instruction address (PC) pattern, completely and precisely, has long been a sought-after capability for microarchitectural side-channel attackers. Case in point, such a primitive would be sufficient to construct powerful control-flow leakage attacks (inferring program secrets impacting control flow) that defeat existing control-flow leakage mitigations, or even reverse-engineer private binaries through PC-trace granular fingerprinting. However, current side-channel attack techniques only capture PCs at a coarse granularity or for only specific instruction types.

Topics & Concepts

Side channel attackComputer scienceGranularityControl flowTRACE (psycholinguistics)Construct (python library)Transfer (computing)Information leakageEmbedded systemComputer securityCryptographyOperating systemComputer networkProgramming languagePhilosophyLinguisticsSecurity and Verification in ComputingAdvanced Malware Detection TechniquesPhysical Unclonable Functions (PUFs) and Hardware Security