DCUIP Poisoning Attack in Intel x86 Processors

Youngjoo SHIN  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E104-D    No.8    pp.1386-1390
Publication Date: 2021/08/01
Publicized: 2021/05/13
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2020EDL8148
Type of Manuscript: LETTER
Category: Dependable Computing
Keyword: 
hardware prefetching,  Intel DCUIP prefetcher,  microarchitectural side-channel attack,  poisoning attack,  

Full Text: PDF(321.5KB)>>
Buy this Article



Summary: 
Cache prefetching technique brings huge benefits to performance improvement, but it comes at the cost of microarchitectural security in processors. In this letter, we deep dive into internal workings of a DCUIP prefetcher, which is one of prefetchers equipped in Intel processors. We discover that a DCUIP table is shared among different execution contexts in hyperthreading-enabled processors, which leads to another microarchitectural vulnerability. By exploiting the vulnerability, we propose a DCUIP poisoning attack. We demonstrate an AES encryption key can be extracted from an AES-NI implementation by mounting the proposed attack.


open access publishing via