research-article

BranchScope: A New Side-Channel Attack on Directional Branch Predictor

Authors:
Dmitry Evtyushkin

College of William and Mary, Williamsburg, VA, USA

College of William and Mary, Williamsburg, VA, USA
View Profile

,
Ryan Riley

CMU Qatar, Doha, Qatar

CMU Qatar, Doha, Qatar
View Profile

,
Nael CSE and ECE Abu-Ghazaleh

UC Riverside, Riverside, CA, USA

UC Riverside, Riverside, CA, USA
View Profile

,
Dmitry Ponomarev

Binghamton University, Binghamton, NY, USA

Binghamton University, Binghamton, NY, USA
View Profile

Authors Info & Claims

ACM SIGPLAN Notices Volume 53 Issue 2February 2018pp 693–707https://doi.org/10.1145/3296957.3173204

Published:19 March 2018Publication History

ACM SIGPLAN Notices

Abstract

We present BranchScope - a new side-channel attack where the attacker infers the direction of an arbitrary conditional branch instruction in a victim program by manipulating the shared directional branch predictor. The directional component of the branch predictor stores the prediction on a given branch (taken or not-taken) and is a different component from the branch target buffer (BTB) attacked by previous work. BranchScope is the first fine-grained attack on the directional branch predictor, expanding our understanding of the side channel vulnerability of the branch prediction unit. Our attack targets complex hybrid branch predictors with unknown organization. We demonstrate how an attacker can force these predictors to switch to a simple 1-level mode to simplify the direction recovery. We carry out BranchScope on several recent Intel CPUs and also demonstrate the attack against an SGX enclave.

References

O. Aciicmez, K. Koc, and J. Seifert. On the power of simple branch prediction analysis. In Symposium on Information, Computer and Communication Security (ASIACCS). IEEE, 2007. Google ScholarDigital Library
O. Aciicmez, K. Koc, and J. Seifert. Predicting secret keys via branch prediction. In The cryptographers' track at the RSA conference, 2007. Google ScholarDigital Library
Onur Aciiçmez, Shay Gueron, and Jean-Pierre Seifert. New branch prediction vulnerabilities in OpenSSL and necessary software countermeasures. In Cryptography and Coding, pages 185-203. Springer, 2007. Google ScholarDigital Library
Thomas Allan, Billy Bob Brumley, Katrina Falkner, Joop Van de Pol, and Yuval Yarom. Amplifying side channels through performance degradation. In Proceedings of the 32nd Annual Conference on Computer Security Applications, pages 422-435. ACM, 2016. Google ScholarDigital Library
Iosif Androulidakis and Gorazd Kandus. Feeling secure vs. being secure the mobile phone user case. In Global security, safety and sustainability&e-Democracy, pages 212-219. Springer, 2012.Google Scholar
Daniel J Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom. Sliding right into disaster: Left-to-right sliding windows leak. In International Conference on Cryptographic Hardware and Embedded Systems, pages 555-576. Springer, 2017.Google ScholarCross Ref
Sarani Bhattacharya and Debdeep Mukhopadhyay. Fault Attack revealing Secret Keys of Exponentiation Algorithms from Branch Prediction Misses. Cryptology ePrint Archive, Report 2014/790, 2014.Google Scholar
David Brumley and Dan Boneh. Remote timing attacks are practical. Computer Networks, 48(5):701-716, 2005. Google ScholarDigital Library
Jonathan Burket and Samantha Gottlieb. If-Conversion to Combat Control Flow-based Timing Attacks. 2014.Google Scholar
Youngsoo Choi, Allan Knies, Luke Gerke, and Tin-Fook Ngai. The impact of if-conversion and branch prediction on program execution on the intel® itanium processor. In Proceedings of the 34th annual ACM/IEEE international symposium on Microarchitecture, pages 182-191. IEEE Computer Society, 2001. Google ScholarDigital Library
Bart Coppens, Ingrid Verbauwhede, Koen De Bosschere, and Bjorn De Sutter. Practical mitigations for timing-based side-channel attacks on modern x86 processors. In Security and Privacy, 2009 30th IEEE Symposium on, pages 45-60. IEEE, 2009. Google ScholarDigital Library
Victor Costan, Ilia A Lebedev, and Srinivas Devadas. Sanctum: Minimal Hardware Extensions for Strong Software Isolation. In USENIX Security Symposium, pages 857-874, 2016.Google Scholar
Jean-Francois Dhem, Francois Koeune, Philippe-Alexandre Leroux, Patrick Mestré, Jean-Jacques Quisquater, and Jean-Louis Willems. A practical implementation of the timing attack. In Smart Card Research and Applications, pages 167-182. Springer, 2000. Google ScholarDigital Library
L. Domnitser, A. Jaleel, J. Loew, N. Abu-Ghazaleh, and D. Ponomarev. Non-Monopolizable Caches: Low-Complexity Mitigation of Cache Side-Channel Attacks. In ACM Transactions on Architecture and Code Optimization, Special Issue on High Performance and Embedded Architectures and Compilers, January 2012. Google ScholarDigital Library
Marius Evers, Po-Yung Chang, and Yale N Patt. Using hybrid branch predictors to improve branch prediction accuracy in the presence of context switches. In ACM SIGARCH Computer Architecture News, volume 24, pages 3-11. ACM, 1996. Google ScholarDigital Library
Dmitry Evtyushkin, Jesse Elwell, Meltem Ozsoy, Dmitry Ponomarev, Nael Abu Ghazaleh, and Ryan Riley. Iso-X: A flexible architecture for hardware-managed isolated execution. In Proceedings of the 47th Annual IEEE/ACM International Symposium on Microarchitecture, pages 190-202. IEEE Computer Society, 2014. Google ScholarDigital Library
Dmitry Evtyushkin, Jesse Elwell, Meltem Ozsoy, Dmitry V Ponomarev, Nael Abu Ghazaleh, and Ryan Riley. Flexible hardware-managed isolated execution: Architecture, software support and applications. IEEE Transactions on Dependable and Secure Computing, 2016.Google Scholar
Dmitry Evtyushkin and Dmitry Ponomarev. Covert channels through random number generator: Mechanisms, capacity estimation and mitigations. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 843-857. ACM, 2016. Google ScholarDigital Library
Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. Covert channels through branch predictors: a feasibility study. In Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy, page 5. ACM, 2015. Google ScholarDigital Library
Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. Understanding and Mitigating Covert Channels Through Branch Predictors. ACM Transactions on Architecture and Code Optimization (TACO), 2015. Google ScholarDigital Library
Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. Jump over ASLR: Attacking branch predictors to bypass ASLR. In Microarchitecture (MICRO), 2016 49th Annual IEEE/ACM International Symposium on, pages 1-13. IEEE, 2016. Google ScholarDigital Library
Johannes Götzfried, Moritz Eckert, Sebastian Schinzel, and Tilo Müller. Cache Attacks on Intel SGX. 2017.Google Scholar
Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, and Stefan Mangard. KASLR is Dead: Long Live KASLR. In International Symposium on Engineering Secure Software and Systems, pages 161-176. Springer, 2017.Google ScholarCross Ref
Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, and Stefan Mangard. Prefetch side-channel attacks: Bypassing SMAP and kernel ASLR. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 368-379. ACM, 2016. Google ScholarDigital Library
Daniel Gruss, Felix Schuster, Olya Ohrimenko, Istvan Haller, Julian Lettner, and Manuel Costa. Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory. 2017.Google Scholar
D. Gullasch, E. Bangerter, and S. Krenn. Cache Games - Bringing Access-Based Cache Attacks on AES to Practice. In Security and Privacy (SP), 2011 IEEE Symposium on, pages 490-505, 2011. Google ScholarDigital Library
Marcus Hähnel, Weidong Cui, and Marcus Peinado. High-Resolution Side Channels for Untrusted Operating Systems. In 2017 USENIX Annual Technical Conference (USENIX ATC 17), pages 299-312, Santa Clara, CA, 2017. USENIX Association. Google ScholarDigital Library
Ralf Hund, Carsten Willems, and Thorsten Holz. Practical timing side channel attacks against kernel space ASLR. In Security and Privacy (SP), 2013 IEEE Symposium on, pages 191-205. IEEE, 2013. Google ScholarDigital Library
Casen Hunger, Mikhail Kazdagli, Ankit Rawat, Alex Dimakis, Sriram Vishwanath, and Mohit Tiwari. Understanding contention-based channels and using them for defense. In High Performance Computer Architecture (HPCA), 2015 IEEE 21st International Symposium on, pages 639-650. IEEE, 2015.Google ScholarCross Ref
Yeongjin Jang, Sangho Lee, and Taesoo Kim. Breaking kernel address space layout randomization with intel tsx. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 380-392. ACM, 2016. Google ScholarDigital Library
Daniel A Jiménez and Calvin Lin. Dynamic branch prediction with perceptrons. In High-Performance Computer Architecture, 2001. HPCA. The Seventh International Symposium on, pages 197-206. IEEE, 2001. Google ScholarDigital Library
Marc Joye and Sung-Ming Yen. The Montgomery powering ladder. In Cryptographic Hardware and Embedded Systems-CHES 2002, pages 291-302. 2002. Google ScholarDigital Library
Mehmet Kayaalp, Dmitry Ponomarev, Nael Abu-Ghazaleh, and Aamer Jaleel. A high-resolution side-channel attack on last-level cache. In Design Automation Conference (DAC), 2016 53nd ACM/EDAC/IEEE, pages 1-6. IEEE, 2016. Google ScholarDigital Library
Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. Spectre Attacks: Exploiting Speculative Execution. ArXiv e-prints, January 2018.Google Scholar
Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In Usenix Security Symposium, 2017.Google Scholar
Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. Meltdown. ArXiv e-prints, January 2018.Google Scholar
Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B Lee. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In High Performance Computer Architecture (HPCA), 2016 IEEE International Symposium on, pages 406-418. IEEE, 2016.Google ScholarCross Ref
Fangfei Liu, Yuval Yarom, Qian Ge, Gernot Heiser, and Ruby B Lee. Last-Level Cache Side-Channel Attacks are Practical. In 36th IEEE Symposium on Security and Privacy (S&P 2015), 2015. Google ScholarDigital Library
Robert Martin, John Demme, and Simha Sethumadhavan. Timewarp: Rethinking timekeeping and performance monitoring mechanisms to mitigate side-channel attacks. ACM SIGARCH Computer Architecture News, 40(3):118-129, 2012. Google ScholarDigital Library
Clémentine Maurice, Christoph Neumann, Olivier Heen, and Aurélien Francillon. C5: cross-cores cache covert channel. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 46-64. Springer, 2015. Google ScholarDigital Library
Scott McFarling. Combining branch predictors. Technical report, Technical Report TN-36, Digital Western Research Laboratory, 1993.Google Scholar
Frank McKeen, Ilya Alexandrovich, Alex Berenzon, Carlos V Rozas, Hisham Shafi, Vedvyas Shanbhogue, and Uday R Savagaonkar. Innovative instructions and software model for isolated execution. HASP@ISCA, 10, 2013.Google Scholar
Pierre Michaud, André Seznec, and Richard Uhlig. Trading conflict and capacity aliasing in conditional branch predictors. In ACM SIGARCH Computer Architecture News, volume 25, pages 292-303. ACM, 1997. Google ScholarDigital Library
Ahmad Moghimi, Gorka Irazoqui, and Thomas Eisenbarth. CacheZoom: How SGX Amplifies The Power of Cache Attacks. arXiv preprint arXiv:1703.06986, 2017.Google Scholar
Thomaz Oliveira, Julio López, and Francisco Rodríguez-Henríquez. The Montgomery ladder on binary elliptic curves. Journal of Cryptographic Engineering, pages 1-18, 2017.Google Scholar
Erven Rohou, Bharath Narasimha Swamy, and André Seznec. Branch prediction and the performance of interpreters: don't trust folklore. In Proceedings of the 13th Annual IEEE/ACM International Symposium on Code Generation and Optimization, pages 103-114. IEEE Computer Society, 2015. Google ScholarDigital Library
Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice, and Stefan Mangard. Malware Guard Extension: Using SGX to Conceal Cache Attacks. arXiv preprint arXiv:1702.08719, 2017.Google Scholar
Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, and Dan Boneh. On the effectiveness of address-space randomization. In Proceedings of the 11th ACM conference on Computer and communications security (CCS), pages 298-307, 2004. Google ScholarDigital Library
James E Smith. A study of branch prediction strategies. In Proceedings of the 8th annual symposium on Computer Architecture, pages 135-148. IEEE Computer Society Press, 1981. Google ScholarDigital Library
Eric Sprangle, Robert S Chappell, Mitch Alsup, and Yale N Patt. The agree predictor: A mechanism for reducing negative branch history interference. In ACM SIGARCH Computer Architecture News, volume 25, pages 284-291. ACM, 1997. Google ScholarDigital Library
Leif Uhsadel, Andy Georges, and Ingrid Verbauwhede. Exploiting hardware performance counters. In Fault Diagnosis and Tolerance in Cryptography, 2008. FDTC'08. 5th Workshop on, pages 59-67. IEEE, 2008. Google ScholarDigital Library
Zhenghong Wang and Ruby B Lee. New cache designs for thwarting software cache-based side channel attacks. In ACM SIGARCH Computer Architecture News, volume 35, pages 494-505. ACM, 2007. Google ScholarDigital Library
Johannes Winter. Trusted computing building blocks for embedded linux-based ARM trustzone platforms. In Proceedings of the 3rd ACM workshop on Scalable trusted computing, pages 21-30. ACM, 2008. Google ScholarDigital Library
Yuanzhong Xu, Weidong Cui, and Marcus Peinado. Controlled-channel attacks: Deterministic side channels for untrusted operating systems. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 640-656. IEEE, 2015. Google ScholarDigital Library
Yuval Yarom and Naomi Benger. Recovering OpenSSL ECDSA Nonces Using the FLUSH+ RELOAD Cache Side-channel Attack. IACR Cryptology ePrint Archive, 2014:140, 2014.Google Scholar
Yuval Yarom and Katrina E Falkner. Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. IACR Cryptology ePrint Archive, 2013:448, 2013.Google Scholar
Tse-Yu Yeh and Yale N Patt. Two-level adaptive training branch prediction. In Proceedings of the 24th annual international symposium on Microarchitecture, pages 51-61. ACM, 1991. Google ScholarDigital Library

Index Terms

BranchScope: A New Side-Channel Attack on Directional Branch Predictor
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures
    2. Hardware reverse engineering
  2. Systems security
    1. Information flow control

Recommendations

BranchScope: A New Side-Channel Attack on Directional Branch Predictor
ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems

We present BranchScope - a new side-channel attack where the attacker infers the direction of an arbitrary conditional branch instruction in a victim program by manipulating the shared directional branch predictor. The directional component of the ...
Read More
STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Intel Software Guard Extension (SGX) offers software applications a shielded execution environment, dubbed enclave, to protect their confidentiality and integrity from malicious operating systems. As processors with this extended feature become ...
Read More
Securing Branch Predictors with Two-Level Encryption

Modern processors rely on various speculative mechanisms to meet performance demand. Branch predictors are one of the most important micro-architecture components to deliver performance. However, they have been under heavy scrutiny because of recent ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM SIGPLAN Notices Volume 53, Issue 2
ASPLOS '18
February 2018
809 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/3296957
Editor:
Matthew Fluet
Rodchester Institude of Technology
Issue’s Table of Contents
ASPLOS '18: Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems
March 2018
827 pages
ISBN:9781450349116
DOI:10.1145/3173162
General Chairs:
Xipeng Shen
North Carolina State University, USA
,
James Tuck
North Carolina State University, USA
,
Program Chairs:
Ricardo Bianchini
Microsoft Research, USA
,
Vivek Sarkar
Georgia Institute of Technology, USA
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 19 March 2018
Check for updates
Author Tags
SGX
attack
branch predictor
microarchitecture security
performance counters
side-channel
timing attacks
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 117
  Total Citations
  View Citations
- 1,760
  Total Downloads
- Downloads (Last 12 months)237
- Downloads (Last 6 weeks)42
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

BranchScope: A New Side-Channel Attack on Directional Branch Predictor

ACM SIGPLAN Notices

Abstract

References

Cited By

Index Terms

Recommendations

BranchScope: A New Side-Channel Attack on Directional Branch Predictor

STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves

Securing Branch Predictors with Two-Level Encryption