(2022) Branch Different - Spectre Attacks on Apple Silicon.
|
Text
applespectre_dimva22.pdf Download (1MB) | Preview |
Abstract
Since the disclosure of Spectre, extensive research has been conducted on both new attacks, attack variants, and mitigations. However, most research focuses on x86 CPUs, with only very few insights on ARM CPUs, despite their huge market share. In this paper, we focus on the ARMv8-based Apple CPUs and demonstrate a reliable Spectre attack. For this, we solve several challenges specific to Apple CPUs and their operating system. We systematically evaluate alternative high-resolution timing primitives, as timers used for microarchitectural attacks on other ARM CPUs are unavailable. As cache-maintenance instructions are ineffective, we demonstrate a reliable eviction-set generation from an unprivileged application. Based on these building blocks, we demonstrate a fast Evict+Reload cross-core covert channel, and a Spectre-PHT attack leaking more than 1500 B/s on an iPhone. Without mitigations for all Spectre variants and the rising market share of ARM CPUs, we stress that more research on ARM CPUs is required.
| Item Type: | Conference or Workshop Item (A Paper) (Paper) |
|---|---|
| Divisions: | Michael Schwarz (MS) |
| Conference: | DIMVA GI International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment |
| Depositing User: | Michael Schwarz |
| Date Deposited: | 12 Aug 2022 02:26 |
| Last Modified: | 12 Aug 2022 02:26 |
| Primary Research Area: | NRA3: Threat Detection and Defenses |
| URI: | https://publications.cispa.saarland/id/eprint/3747 |
Actions
Actions (login required)
 |
View Item |