Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SMaCk: Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts

Seonghun Son, Daniel Moghimi, Berk Gulmezoglu

TL;DR

This work exposes a new vein of microarchitectural vulnerability by showing that self-modifying code (SMC) on x86 CPUs triggers detectable conflicts in the L1 instruction cache, which can be exploited to perform refined cache attacks and high-bandwidth covert channels. The authors introduce SMaCk, a suite of attack primitives (e.g., Prime+iProbe, Flush+iReload, Prime+iStore) and demonstrate multiple case studies—including RSA key leakage, OpenSSL SRP single-trace leakage, and ISpectre—across diverse Intel and AMD platforms. They also develop a dynamic detection approach using hardware performance counters to identify SMC-driven attacks with high accuracy and discuss practical countermeasures, including constant-time implementations and SMT management. The work significantly expands the threat model for instruction-cache side channels and provides concrete methods, evidence across architectures, and defense guidance with potential impact on secure cryptographic implementations and cloud multi-tenancy scenarios.

Abstract

Self-modifying code (SMC) allows programs to alter their own instructions, optimizing performance and functionality on x86 processors. Despite its benefits, SMC introduces unique microarchitectural behaviors that can be exploited for malicious purposes. In this paper, we explore the security implications of SMC by examining how specific x86 instructions affecting instruction cache lines lead to measurable timing discrepancies between cache hits and misses. These discrepancies facilitate refined cache attacks, making them less noisy and more effective. We introduce novel attack techniques that leverage these timing variations to enhance existing methods such as Prime+Probe and Flush+Reload. Our advanced techniques allow adversaries to more precisely attack cryptographic keys and create covert channels akin to Spectre across various x86 platforms. Finally, we propose a dynamic detection methodology utilizing hardware performance counters to mitigate these enhanced threats.

SMaCk: Efficient Instruction Cache Attacks via Self-Modifying Code Conflicts

TL;DR

This work exposes a new vein of microarchitectural vulnerability by showing that self-modifying code (SMC) on x86 CPUs triggers detectable conflicts in the L1 instruction cache, which can be exploited to perform refined cache attacks and high-bandwidth covert channels. The authors introduce SMaCk, a suite of attack primitives (e.g., Prime+iProbe, Flush+iReload, Prime+iStore) and demonstrate multiple case studies—including RSA key leakage, OpenSSL SRP single-trace leakage, and ISpectre—across diverse Intel and AMD platforms. They also develop a dynamic detection approach using hardware performance counters to identify SMC-driven attacks with high accuracy and discuss practical countermeasures, including constant-time implementations and SMT management. The work significantly expands the threat model for instruction-cache side channels and provides concrete methods, evidence across architectures, and defense guidance with potential impact on secure cryptographic implementations and cloud multi-tenancy scenarios.

Abstract

Self-modifying code (SMC) allows programs to alter their own instructions, optimizing performance and functionality on x86 processors. Despite its benefits, SMC introduces unique microarchitectural behaviors that can be exploited for malicious purposes. In this paper, we explore the security implications of SMC by examining how specific x86 instructions affecting instruction cache lines lead to measurable timing discrepancies between cache hits and misses. These discrepancies facilitate refined cache attacks, making them less noisy and more effective. We introduce novel attack techniques that leverage these timing variations to enhance existing methods such as Prime+Probe and Flush+Reload. Our advanced techniques allow adversaries to more precisely attack cryptographic keys and create covert channels akin to Spectre across various x86 platforms. Finally, we propose a dynamic detection methodology utilizing hardware performance counters to mitigate these enhanced threats.

Paper Structure

This paper contains 17 sections, 6 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Threat Model
  4. SMC ATTACK PRIMITIVES
  5. Analyzing SMC Conflict with Various x86 Instructions
  6. Reverse Engineering SMC Behavior on x86
  7. Case Studies
  8. Case Study I: Prime+iProbe and Flush+iReload Covert Channels with SMC
  9. Case Study II: RSA Key Recovery
  10. Case Study III: OpenSSL SRP Single Trace Attack
  11. Case Study IV: ISpectre Attack
  12. Countermeasures
  13. Dynamic Detection
  14. Software and Hardware Countermeasures
  15. Discussion and Limitations
  16. ...and 2 more sections

Figures (6)

  • Figure 1: CPU cycle time difference for various Probe strategies and Mastik yarom2016mastik method on Intel Cascade Lake microarchitecture.
  • Figure 2: Reverse Engineering SMC behavior on (a), (c) Intel Cascade Lake and (b), (d) AMD Ryzen 5 microarchitectures by using the PAPI PAPI tool. The counters belonging to Intel and AMD processors are separated by the red line.
  • Figure 3: SMC timings measured by the receiver using Prime and LMS attack (blue line) and the automatically assigned bit values (red digits). The peaks for the 0s and 1s can be distinguished. This experiment is conducted in the Tiger Lake microarchitecture.
  • Figure 4: Low timing values indicate that there is a multiplication activity as one of the cache lines is evicted from the L1i cache. The experiment is performed on Intel Tiger Lake with the Prime+iStore attack.
  • Figure 5: The number of traces required to achieve 70% key recovery rate for Flush, Store, Lock and Clwb-based SMC attacks on Intel Tiger Lake.
  • ...and 1 more figures