ĘPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture

Pietro Borrello
PhD Student, Sapienza University - Rome
DEIB - Seminar Room "N. Schiavoni" (Bldg. 20)
November 29th, 2022
11.00 am
Contacts:
Stefano Zanero
Research Line:
System architectures
PhD Student, Sapienza University - Rome
DEIB - Seminar Room "N. Schiavoni" (Bldg. 20)
November 29th, 2022
11.00 am
Contacts:
Stefano Zanero
Research Line:
System architectures
Sommario
On November 29th, 2022 at 11.00 am Pietro Borrello, PhD Student at the Sapienza University of Rome, will hold a seminar on "ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture" in DEIB - Seminar Room.
CPU vulnerabilities undermine the security guarantees provided by software- and hardware-security improvements. While the discovery of transient-execution attacks increased the interest in CPU vulnerabilities on a microarchitectural level, architectural CPU vulnerabilities are still understudied. In this talk, we present AEPIC Leak: the first architectural CPU bug that leaks stale data from the microarchitecture without using a side channel. AEPIC Leak works on all recent Sunny-Cove-based Intel CPUs (i.e., Ice Lake and Alder Lake) and does not require hyperthreading enabled. It architecturally leaks stale data incorrectly returned by reading undefined APIC-register ranges. AEPIC Leak samples data transferred between the L2 and last-level cache, including SGX enclave data, from the superqueue. We target data in use, e.g., register values and memory loads, as well as data at rest, e.g., SGX-enclave data pages. Even if AEPIC Leak is a sampling-based attack, we introduce techniques to precisely influence from which page and offset the attack leaks from. Our end-to-end attack extracts AES-NI, RSA, and even the Intel SGX attestation keys from enclaves within a few seconds.
CPU vulnerabilities undermine the security guarantees provided by software- and hardware-security improvements. While the discovery of transient-execution attacks increased the interest in CPU vulnerabilities on a microarchitectural level, architectural CPU vulnerabilities are still understudied. In this talk, we present AEPIC Leak: the first architectural CPU bug that leaks stale data from the microarchitecture without using a side channel. AEPIC Leak works on all recent Sunny-Cove-based Intel CPUs (i.e., Ice Lake and Alder Lake) and does not require hyperthreading enabled. It architecturally leaks stale data incorrectly returned by reading undefined APIC-register ranges. AEPIC Leak samples data transferred between the L2 and last-level cache, including SGX enclave data, from the superqueue. We target data in use, e.g., register values and memory loads, as well as data at rest, e.g., SGX-enclave data pages. Even if AEPIC Leak is a sampling-based attack, we introduce techniques to precisely influence from which page and offset the attack leaks from. Our end-to-end attack extracts AES-NI, RSA, and even the Intel SGX attestation keys from enclaves within a few seconds.
Biografia
Pietro Borrello is a PhD Student at the Sapienza University of Rome, working on System Security.
His focus is applying Fuzzing and Program Analysis techniques to find and mitigate architectural and microarchitectural vulnerabilities.
BlackHat speaker and 2x PwnieAward recipient, he is also a passionate CTF player focusing on exploitation and reverse-engineering with mhackeroni and TRX teams, which he co-founded.
His focus is applying Fuzzing and Program Analysis techniques to find and mitigate architectural and microarchitectural vulnerabilities.
BlackHat speaker and 2x PwnieAward recipient, he is also a passionate CTF player focusing on exploitation and reverse-engineering with mhackeroni and TRX teams, which he co-founded.