Load-to-store:store buffer暂态窗口时间泄露的利用  

作　　者：唐明[1] 胡一凡 TANG Ming;HU Yifan(School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China)

机构地区：[1]武汉大学国家网络安全学院,湖北武汉430072

出　　处：《通信学报》2023年第4期64-77,共14页Journal on Communications

基　　金：国家自然科学基金资助项目(No.61972295,No.62072247);武汉市科技项目应用基础前沿专项基金资助项目(No.2019010701011407)。

摘　　要：为了研究现代处理器微架构中的漏洞并制定对应防护,针对负责管理访存指令执行顺序的内存顺序缓冲(MOB)进行分析,发现前向加载会把存在依赖的store指令的数据直接旁路到load指令,推测加载会提前执行不存在依赖的load指令,在带来效率优化的同时,也可能导致执行出错与相应的阻塞。针对Intel Coffee Lake微架构上现有MOB优化机制,分析如何利用内存顺序缓冲的4种执行模式与对应执行时间,构造包括暂态攻击、隐蔽信道与还原密码算法私钥的多种攻击。利用MOB引发的时间差还原内存指令地址,该地址可泄露AES T表实现的索引值。在Intel i5-9400处理器上对OpenSSL 3.0.0的AES-128进行了密钥还原实验,实验结果显示,30000组样本能以63.6%概率还原出一个密钥字节,且由于内存顺序缓冲的特性,该利用隐蔽性优于传统cache时间泄露。To research the vulnerability of modern microarchitecture and consider the mitigation,memory order buffer which was responsible for managing the execution order of memory access instructions was analyzed and found that load forward would directly bypass the data of dependent store instructions to load instructions,and speculative load would execute independent load instructions in advance.While bring efficiency optimizations,it might also lead to errors and corresponding blocking.The existing optimization mechanisms on the Intel Coffee Lake microarchitecture,and the leak attack scheme by using them were analyzed.Using the four execution modes of MOB and the corresponding duration,a variety of attacks were constructed including transient attack,covert channel,and recovery of the private key of the cryptographic algorithm.The time difference caused by MOB was used to leak the address of memory instructions,and the implementation of AES T table was attacked.Key recovery experiments were conducted on AES-128 with OpenSSL 3.0.0 on an Intel i5-9400 processor.The experimental results show that 30000 sets of samples can recover a key byte with a probability of 63.6%.Due to the characteristics of memory order buffer,the concealment of the exploit is better than traditional cache time leaks.

关 键 词：内存顺序缓冲 微架构侧信道漏洞 OpenSSL AES 时间侧信道 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]