Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

PMU-Data: Data Traces Could be Distinguished

Zhouyang Li, Pengfei Qiu, Yu Qing, Chunlu Wang, Dongsheng Wang, Xiao Zhang, Gang Qu

TL;DR

This work reveals a novel data-flow side-channel, PMU-Data, which exploits the Performance Monitoring Unit to recover instruction operands during transient executions. By classifying instructions into five categories and identifying two vulnerable types ($DIV$ and $MOV$), the authors locate 40 vulnerable PMU events and develop two gadget variants to encode secret data into PMU traces. They empirically demonstrate PMU-Data-based Meltdown, Spectre-PHT, and Zombieload attacks, including leakage of SGX-protected data, and show a functional covert-channel with practical throughput. The findings underscore a significant security risk where PMU measurements, intended for performance monitoring, can betray secret information, prompting hardware and software mitigations against such data-flow side-channels.

Abstract

Modern processors widely equip the Performance Monitoring Unit (PMU) to collect various architecture and microarchitecture events. Software developers often utilize the PMU to enhance program's performance, but the potential side effects that arise from its activation are often disregarded. In this paper, we find that the PMU can be employed to retrieve instruction operands. Based on this discovery, we introduce PMU-Data, a novel category of side-channel attacks aimed at leaking secret by identifying instruction operands with PMU. To achieve the PMU-Data attack, we develop five gadgets to encode the confidential data into distinct data-related traces while maintaining the control-flow unchanged. We then measure all documented PMU events on three physical machines with different processors while those gadgets are performing. We successfully identify two types of vulnerable gadgets caused by DIV and MOV instructions. Additionally, we discover 40 vulnerable PMU events that can be used to carry out the PMU-Data attack. We through real experiments to demonstrate the perniciousness of the PMU-Data attack by implementing three attack goals: (1) leaking the kernel data illegally combined with the transient execution vulnerabilities including Meltdown, Spectre, and Zombieload; (2) building a covert-channel to secretly transfer data; (3) extracting the secret data protected by the Trusted Execution Environment (TEE) combined with the Zombieload vulnerability.

PMU-Data: Data Traces Could be Distinguished

TL;DR

This work reveals a novel data-flow side-channel, PMU-Data, which exploits the Performance Monitoring Unit to recover instruction operands during transient executions. By classifying instructions into five categories and identifying two vulnerable types ( and ), the authors locate 40 vulnerable PMU events and develop two gadget variants to encode secret data into PMU traces. They empirically demonstrate PMU-Data-based Meltdown, Spectre-PHT, and Zombieload attacks, including leakage of SGX-protected data, and show a functional covert-channel with practical throughput. The findings underscore a significant security risk where PMU measurements, intended for performance monitoring, can betray secret information, prompting hardware and software mitigations against such data-flow side-channels.

Abstract

Modern processors widely equip the Performance Monitoring Unit (PMU) to collect various architecture and microarchitecture events. Software developers often utilize the PMU to enhance program's performance, but the potential side effects that arise from its activation are often disregarded. In this paper, we find that the PMU can be employed to retrieve instruction operands. Based on this discovery, we introduce PMU-Data, a novel category of side-channel attacks aimed at leaking secret by identifying instruction operands with PMU. To achieve the PMU-Data attack, we develop five gadgets to encode the confidential data into distinct data-related traces while maintaining the control-flow unchanged. We then measure all documented PMU events on three physical machines with different processors while those gadgets are performing. We successfully identify two types of vulnerable gadgets caused by DIV and MOV instructions. Additionally, we discover 40 vulnerable PMU events that can be used to carry out the PMU-Data attack. We through real experiments to demonstrate the perniciousness of the PMU-Data attack by implementing three attack goals: (1) leaking the kernel data illegally combined with the transient execution vulnerabilities including Meltdown, Spectre, and Zombieload; (2) building a covert-channel to secretly transfer data; (3) extracting the secret data protected by the Trusted Execution Environment (TEE) combined with the Zombieload vulnerability.

Paper Structure

This paper contains 20 sections, 1 figure, 2 tables.

Table of Contents

  1. INTRODUCTION
  2. BACKGROUND
  3. Performance Monitoring Unit (PMU)
  4. Transient Execution Attack
  5. OVERVIEW OF PMU-Data ATTACK
  6. Motivation
  7. Assumption and Threat Model
  8. Attack Steps
  9. Solution to C1: Instructions to Encode Secret Data into Distinct Data-Related Traces
  10. CASE STUDIES
  11. Variant 1: Division Gadget
  12. Variant 2: Data-moving Gadget
  13. ATTACK IMPLEMENTATION
  14. Experiment Setup
  15. Solutions to C2+C3: Vulnerable PMU Events and How to Speculate Secret Data
  16. ...and 5 more sections

Figures (1)

  • Figure 1: An overview of PMU-Data attack