Spectre Attacks
Root cause of the Spectre attack: The mis-predicted code path will be eventually reverted, but the cache won't.
Example 1: Exploiting Conditional Branches
Consider the case where the following code is part of a function (e.g., a system call or a library) receiving an unsigned integer x
from an untrusted source:
if (x < array1_size)
y = array2[array1[x] * 4096];
Phase 1: Mistrain the CPU branch predictor
The attacker invokes the above code with valid inputs, thereby training the branch predictor to expect that the if will be true.
Phase 2: Exploit phase
The attacker invokes the code with a value of x
outside the bounds of array1
. The CPU guesses that the bounds check will be true and already speculatively executes instructions that evaluate array2[array1[x]*4096]
using the malicious x
. Note that the read from array2
loads data into the cache at an address that is dependent on array1[x]
using the malicious x
, scaled so that accesses go to different cache lines and to avoid hardware prefetching effects.
The attacker can analyze the cache contents and find the value of the potentially secret byte retrieved in the out-of-bounds read from the victim’s memory.
Note: attacker invokes the code, means the attacker and the function may not in the same process.
Example 2: Exploiting Indirect Branches
The adversary mistrains the branch predictor with malicious destinations (gadget), such that speculative execution continues at a location chosen by the adversary.
Gadget: Each gadget typically ends in a return instruction and is located in a subroutine within the existing program and/or shared library code.
Core idea: there is an indirect branch, the value cannot be known in advance so it will trigger speculative execution, train the BTB to always let this branch jump to the gadget.
Because gadget is in shared library code, so the address of a gadget in victim address space is known to the attacker.
The attacker chooses a gadget from the victim’s address space and trains the Branch Target Buffer (BTB) to influence the victim to speculatively execute the gadget.
The attacker does not rely on a vulnerability in the victim code.
as before, the effects on the cache are not reverted, thereby allowing the gadget to leak sensitive information via a cache side channel.
Mistrain BTB: The attacker finds the virtual address of the gadget in the victim’s address space, then performs indirect branches to this address. This training is done from the attacker’s address space. It does not matter what resides at the gadget address in the attacker’s address space; all that is required is that the attacker’s virtual addresses during training match (or alias to) those of the victim.
Reference / More Readings
Spectre Attacks: Exploiting Speculative Execution | IEEE Conference Publication | IEEE Xplore