DCUIP Poisoning Attack in Intel x86 Processors

Youngjoo SHIN  

IEICE TRANSACTIONS on Information and Systems   Vol.E104-D    No.8    pp.1386-1390
Publication Date: 2021/08/01
Publicized: 2021/05/13
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2020EDL8148
Type of Manuscript: LETTER
Category: Dependable Computing
hardware prefetching,  Intel DCUIP prefetcher,  microarchitectural side-channel attack,  poisoning attack,  

Full Text: PDF(321.5KB)>>
Buy this Article

Cache prefetching technique brings huge benefits to performance improvement, but it comes at the cost of microarchitectural security in processors. In this letter, we deep dive into internal workings of a DCUIP prefetcher, which is one of prefetchers equipped in Intel processors. We discover that a DCUIP table is shared among different execution contexts in hyperthreading-enabled processors, which leads to another microarchitectural vulnerability. By exploiting the vulnerability, we propose a DCUIP poisoning attack. We demonstrate an AES encryption key can be extracted from an AES-NI implementation by mounting the proposed attack.

open access publishing via