EXAM: Exploiting Exclusive System-Level Cache in Apple M-Series SoCs for Enhanced Cache Occupancy Attacks
Tianhong Xu, Aidong Adam Ding, Yunsi Fei
TL;DR
This work reveals a novel cache-occupancy side-channel on Apple M-series devices by reverse-engineering the System-Level Cache (SLC), showing that the SLC is exclusive to CPU caches but inclusive with GPU caches. It introduces an SLC-occupancy channel and demonstrates three powerful attacks: website fingerprinting, cross-origin pixel stealing, and a screen-capturing attack that can monitor GPU-driven rendering and even extract barcodes and digits from on-screen content. Across multiple devices (M1, M1 Pro, M3 Pro) and cross-browser scenarios, the SLC channel outperforms prior L2-based channels, expanding the threat surface in heterogeneous architectures. The paper also proposes enhanced cache-masking countermeasures, analyzes their performance impact, and underscores the need for hardware-aware defenses in modern SoCs to protect privacy and security in shared cache environments.
Abstract
Cache occupancy attacks exploit the shared nature of cache hierarchies to infer a victim's activities by monitoring overall cache usage, unlike access-driven cache attacks that focus on specific cache lines or sets. There exists some prior work that target the last-level cache (LLC) of Intel processors, which is inclusive of higher-level caches, and L2 caches of ARM systems. In this paper, we target the System-Level Cache (SLC) of Apple M-series SoCs, which is exclusive to higher-level CPU caches. We address the challenges of the exclusiveness and propose a suite of SLC-cache occupancy attacks, the first of its kind, where an adversary can monitor GPU and other CPU cluster activities from their own CPU cluster. We first discover the structure of SLC in Apple M1 SOC and various policies pertaining to access and sharing through reverse engineering. We propose two attacks against websites. One is a coarse-grained fingerprinting attack, recognizing which website is accessed based on their different GPU memory access patterns monitored through the SLC occupancy channel. The other attack is a fine-grained pixel stealing attack, which precisely monitors the GPU memory usage for rendering different pixels, through the SLC occupancy channel. Third, we introduce a novel screen capturing attack which works beyond webpages, with the monitoring granularity of 57 rows of pixels (there are 1600 rows for the screen). This significantly expands the attack surface, allowing the adversary to retrieve any screen display, posing a substantial new threat to system security. Our findings reveal critical vulnerabilities in Apple's M-series SoCs and emphasize the urgent need for effective countermeasures against cache occupancy attacks in heterogeneous computing environments.