research-article

An Exploratory Analysis of Microcode as a Building Block for System Defenses

Authors:

Benjamin Kollenda,

Christian Kison,

Thorsten HolzAuthors Info & Claims

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

Pages 1649 - 1666

https://doi.org/10.1145/3243734.3243861

Published: 15 October 2018 Publication History

Abstract

Microcode is an abstraction layer used by modern x86 processors that interprets user-visible CISC instructions to hardware-internal RISC instructions. The capability to update x86 microcode enables a vendor to modify CPU behavior in-field, and thus patch erroneous microarchitectural processes or even implement new features. Most prominently, the recent Spectre and Meltdown vulnerabilities were mitigated by Intel via microcode updates. Unfortunately, microcode is proprietary and closed source, and there is little publicly available information on its inner workings. In this paper, we present new reverse engineering results that extend and complement the public knowledge of proprietary microcode. Based on these novel insights, we show how modern system defenses and tools can be realized in microcode on a commercial, off-the-shelf AMD x86 CPU. We demonstrate how well-established system security defenses such as timing attack mitigations, hardware-assisted address sanitization, and instruction set randomization can be realized in microcode. We also present a proof-of-concept implementation of a microcode-assisted instrumentation framework. Finally, we show how a secure microcode update mechanism and enclave functionality can be implemented in microcode to realize a small trusted execution environment. All microcode programs and the whole infrastructure needed to reproduce and extend our results are publicly available.

Supplementary Material

MP4 File (p1649-kollenda.mp4)

Download
407.19 MB

References

[1]

Martín Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. 2005. Control-Flow Integrity. In ACM Conference on Computer and Communications Security (CCS).

Digital Library

[2]

Advanced Micro Devices, Inc. 2005. Software Optimization Guide for AMD64 Processors. 189--200 pages. {Online}. Available: https://support.amd.com/TechDocs/25112.PDF.

[3]

Advanced Micro Devices, Inc. 2013. Revision Guide for AMD Family 16h Models 00h-0Fh Processors.

[4]

Ittai Anati, Shay Gueron, Simon Johnson, and Vincent Scarlata. 2013. Innovative technology for CPU based attestation and sealing. In International workshop on hardware and architectural support for security and privacy, Vol. 13. ACM New York, NY, USA.

[5]

Starr Andersen and Vincent Abella. 2004. Changes to Functionality in Microsoft Windows XP Service Pack 2, Part 3: Memory Protection Technologies, Data Execution Prevention. {Online}. Available: http://technet.microsoft.com/en-us/library/bb457155.aspx.

[6]

Dennis Andriesse, Xi Chen, Victor van der Veen, Asia Slowinska, and Herbert Bos. 2016. An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries. In USENIX Security Symposium.

Digital Library

[7]

Anonymous. 2004. Opteron Exposed: Reverse Engineering AMD K8 Microcode Updates. {Online}. Available: http://www.securiteam.com/securityreviews/5FP0M1PDFO.html.

[8]

Michael Backes, Thorsten Holz, Benjamin Kollenda, Philipp Koppe, Stefan Nürnberger, and Jannik Pewny. 2014. You Can Run but You Can't Read: Preventing Disclosure Exploits in Executable Code. In ACM Conference on Computer and Communications Security (CCS).

Digital Library

[9]

Michael Backes and Stefan Nürnberger. 2014. Oxymoron: making fine-grained memory randomization practical by allowing code sharing. In USENIX Security Symposium.

Digital Library

[10]

Elena Gabriela Barrantes, David H Ackley, Trek S Palmer, Darko Stefanovic, and Dino Dai Zovi. 2003. Randomized instruction set emulation to disrupt binary code injection attacks. In ACM Conference on Computer and Communications Security (CCS). ACM.

Digital Library

[11]

Ben Hawkes. 2013. Notes on Intel Microcode Updates. {Online}. Available: http://inertiawar.com/microcode/.

[12]

Andrew R Bernat and Barton P Miller. 2011. Anywhere, Any-time Binary Instrumentation. In PASTE.

Digital Library

[13]

Ferdinand Brasser, Urs Müller, Alexandra Dmitrienko, Kari Kostiainen, Srdjan Capkun, and Ahmad-Reza Sadeghi. 2017. Software Grand Exposure: SGX Cache Attacks Are Practical. In USENIX Workshop on Offensive Technologies (WOOT).

Digital Library

[14]

Daming D. Chen and Gail-Joon Ahn. 2014. Security Analysis of x86 Processor Microcode. {Online}. Available: https://www.dcddcc.com/docs/2014_paper_microcode.pdf.

[15]

Xi Chen, Asia Slowinska, Dennis Andriesse, Herbert Bos, and Cristiano Giuffrida. 2015. StackArmor: Comprehensive Protection From Stack-based Memory Error Vulnerabilities for Binaries. In NDSS.

[16]

Clang's SafeStack {n. d.}. Clang's SafeStack. http://clang.llvm.org/docs/SafeStack.html.

[17]

Control-Flow Enforcement Technology Preview 2016. Control-Flow Enforcement Technology Preview. https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf.

[18]

Victor Costan and Srinivas Devadas. 2016. Intel SGX Explained. Cryptology ePrint Archive, Report 2016/086. {Online}. Available: http://eprint.iacr.org/2016/086.

[19]

Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, Stefan Brunthaler, and Michael Franz. 2015. Readactor: Practical Code Randomization Resilient to Memory Disclosure. In IEEE Symposium on Security and Privacy.

Digital Library

[20]

CVE Details. {n. d.}. CVSS Score Distribution Reports and Trends Over Time. {Online}. Available: https://www.cvedetails.com/cvss-score-charts.php.

[21]

CVE Details. {n. d.}. Insufficient input validation statistics. {Online}. Available: https://www.cvedetails.com/vulnerability-list/opbyp-1/bypass.html.

[22]

CVE Details. {n. d.}. Memory corruption statistics. {Online}. Available: https://www.cvedetails.com/vulnerability-list/opmemc-1/memory-corruption.html.

[23]

Thurston HY Dang, Petros Maniatis, and David Wagner. 2015. The performance cost of shadow stacks and stack canaries. In ASIA CCS '15.

Digital Library

[24]

Lucas Davi, Matthias Hanreich, Debayan Paul, Ahmad-Reza Sadeghi, Patrick Koeberl, Dean Sullivan, Orlando Arias, and Yier Jin. 2015. HAFIX: Hardware-assisted flow integrity extension. In Proceedings of the 52nd Annual Design Automation Conference. ACM, 74.

Digital Library

[25]

Lucas Davi, Christopher Liebchen, Ahmad-Reza Sadeghi, Kevin Z Snow, and Fabian Monrose. 2015. Isomeron: Code Randomization Resilient to ( Just-In-Time) Return-Oriented Programming. In Symposium on Network and Distributed System Security (NDSS).

[26]

Discussion for porting SafeStack to GCC {n. d.}. Discussion for porting SafeStack to GCC. https://gcc.gnu.org/ml/gcc/2016-04/msg00083.html.

[27]

Goran Doychev, Dominik Feld, Boris Köpf, Laurent Mauborgne, and Jan Reineke. 2013. CacheAudit: A Tool for the Static Analysis of Cache Side Channels. In USENIX Security Symposium.

Digital Library

[28]

DynamoRIO contributors. {n. d.}. DynamoRIO Dynamic Instrumentation Tool Platform. {Online}. Available: http://www.dynamorio.org/.

[29]

Isaac Evans, Sam Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, and Hamed Okhravi. 2015. Missing the Point(er): On the Effectiveness of Code Pointer Integrity. In S&P.

Digital Library

[30]

John G. Favor. 2002. RISC86 INSTRUCTION SET. http://www.google.com/patents/US6336178 US Patent 6,336,178.

[31]

FortiGuard SE Team. 2018. Meltdown/Spectre Update | Fortinet Blog. {Online}. Available: https://blog.fortinet.com/2018/01/30/the-exponential-growth-of-detected-malware-targeted-at-meltdown-and-spectre.

[32]

Robert Gawlik and Thorsten Holz. 2014. Towards Automated Integrity Protection of C++ Virtual Function Tables in Binary Programs. In Annual Computer Security Applications Conference (ACSAC).

Digital Library

[33]

Robert Gawlik, Benjamin Kollenda, Philipp Koppe, Behrad Garmany, and Thorsten Holz. 2016. Enabling Client-Side Crash-Resistance to Overcome Diversification and Information Hiding. In NDSS.

[34]

Enes Göktas, Robert Gawlik, Benjamin Kollenda, E Athanasopoulos, G Portokalidis, C Giuffrida, and H Bos. 2016. Undermining information hiding (and what to do about it). In 25th USENIX Security Symposium (USENIX Security 16). 105--119.

Digital Library

[35]

Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos, and Christiano Giuffrida. 2017. ASLR on the Line: Practical Cache Attacks on the MMU. In Symposium on Network and Distributed System Security (NDSS).

[36]

Ilya Grigorik, James Simonsen, and Jatinder Mann. 2017. W3C Recommendation 17 December 2012. https://www.w3.org/TR/2017/CR-hr-time-2--20170803/#dom-domhighrestimestamp.

[37]

Jann Horn. 2018. Project Zero: Reading privileged memory with a side-channel. {Online}. Available: https://googleprojectzero.blogspot.co.at/2018/01/reading-privileged-memory-with-side.html.

[38]

Wei Hu, Jason Hiser, Dan Williams, Adrian Filipi, Jack W Davidson, David Evans, John C Knight, Anh Nguyen-Tuong, and Jonathan Rowanhill. 2006. Secure and practical defense against code-injection attacks using software dynamic translation. In International conference on Virtual execution environments. ACM.

Digital Library

[39]

Ralf Hund, Carsten Willems, and Thorsten Holz. 2013. Practical timing side channel attacks against kernel space ASLR. In Security and Privacy (SP), 2013 IEEE Symposium on.

Digital Library

[40]

Intel Corporation. 2016. 6th Generation Intel® Processor Family Specification Update.

[41]

Intel Corporation. 2017. Intel Issues Updates to Protect Systems from Security Exploits. {Online}. Available: https://newsroom.intel.com/news-releases/intel-issues-updates-protect-systems-security-exploits/.

[42]

Intel Corporation. 2017. Microcode Revision Guidance. {Online}. Available: https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/microcode-update-guidance.pdf.

[43]

Intel Corporation. 2018. Intel® 64 and IA-32 Architectures Software Developer's Manual., 2809 pages.

[44]

Gaurav S Kc, Angelos D Keromytis, and Vassilis Prevelakis. 2003. Countering code-injection attacks with instruction-set randomization. In ACM Conference on Computer and Communications Security (CCS). ACM.

Digital Library

[45]

Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2018. Spectre Attacks: Exploiting Speculative Execution. ArXiv e-prints (2018).

[46]

Paul C. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In CRYPTO. 104--113.

Digital Library

[47]

David Kohlbrenner and Hovav Shacham. 2016. Trusted Browsers for Uncertain Times. In USENIX Security Symposium. 463--480.

Digital Library

[48]

Benjamin Kollenda, Enes Göktas, Tim Blazytko, Philipp Koppe, Robert Gawlik, RK Konoth, Cristiano Giuffrida, Herbert Bos, and Thorsten Holz. 2017. Towards Automated Discovery of Crash-Resistant Primitives in Binary Executables. In Dependable Systems and Networks (DSN), 2017 47th Annual IEEE/IFIP International Conference on. IEEE, 189--200.

[49]

Philipp Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison, Robert Gawlik, Christof Paar, and Thorsten Holz. 2017. Reverse Engineering x86 Processor Microcode. In USENIX Security Symposium.

Digital Library

[50]

Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R Sekar, and Dawn Song. 2014. Code-Pointer Integrity. In Symposium on Operating Systems Design and Implementation (OSDI), Vol. 14.

Digital Library

[51]

Michael A Laurenzano, Mustafa M Tikir, Laura Carrington, and Allan Snavely. 2010. Pebil: Efficient static binary instrumentation for linux. In International Symposium on Performance Analysis of Systems & Software.

[52]

Sangho Lee, Ming-Wei Shih, Prasun Gera, Taesoo Kim, Hyesoon Kim, and Marcus Peinado. 2017. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In USENIX Security Symposium. 16--18.

Digital Library

[53]

Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown. ArXiv e-prints (2018).

[54]

Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, and Wenke Lee. 2015. ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks. In ACM Conference on Computer and Communications Security (CCS).

Digital Library

[55]

Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: building customized program analysis tools with dynamic instrumentation. In Acm sigplan notices.

Digital Library

[56]

Kevin J. McGrath and James K. Pickett. 2002. MICROCODE PATCH DEVICE. http://www.google.com/patents/US6438664 US Patent 6,438,664.

[57]

Microprograms. {n. d.}. {Online}. Available: https://github.com/RUB-SysSec/Microcode.

[58]

Nicholas Nethercote and Julian Seward. 2007. Valgrind: a framework for heavyweight dynamic binary instrumentation. In ACM Sigplan notices.

Digital Library

[59]

Ben Niu and Gang Tan. 2015. Per-input control-flow integrity. In CCS.

Digital Library

[60]

Kaan Onarlioglu, Leyla Bilge, Andrea Lanzi, Davide Balzarotti, and Engin Kirda. 2010. G-Free: defeating return-oriented programming through gadget-less binaries. In Annual Computer Security Applications Conference (ACSAC).

Digital Library

[61]

Yossef Oren, Vasileios P Kemerlis, Simha Sethumadhavan, and Angelos D Keromytis. 2015. The spy in the sandbox: Practical cache attacks in javascript and their implications. In ACM SIGSAC Conference on Computer and Communications Security.

Digital Library

[62]

pakt. 2012. Leaking information with timing attacks on hashtables.

[63]

Antonis Papadogiannakis, Laertis Loutsis, Vassilis Papaefstathiou, and Sotiris Ioannidis. 2013. ASIST: architectural support for instruction set randomization. In Annual Computer Security Applications Conference (ACSAC). ACM.

Digital Library

[64]

Vasilis Pappas, Michalis Polychronakis, and Angelos D Keromytis. 2012. Smashing the gadgets: Hindering return-oriented programming using in-place code randomization. In IEEE Symposium on Security and Privacy.

Digital Library

[65]

PaX Team. 2003. Address Space Layout Randomization (ASLR). {Online}. Available: pax.grsecurity.net/docs/aslr.txt.

[66]

Georgios Portokalidis and Angelos D Keromytis. 2010. Fast and practical instruction-set randomization for commodity systems. In Annual Computer Security Applications Conference (ACSAC). ACM.

Digital Library

[67]

Ted Romer, Geoff Voelker, Dennis Lee, Alec Wolman, Wayne Wong, Hank Levy, Brian Bershad, and Brad Chen. 1997. Instrumentation and optimization of Win32/Intel executables using Etch. In USENIX Windows NT Workshop.

Digital Library

[68]

Babak Salamat, Andreas Gal, and Michael Franz. 2008. Reverse stack execution in a multi-variant execution environment. In IEEE Workshop on Compiler and Architectural Techniques for Application Reliability and Security (CATARS).

[69]

Michael Schwarz, Clémentine Maurice, Daniel Gruss, and Stefan Mangard. 2017. Fantastic timers and where to find them: high-resolution microarchitectural attacks in JavaScript. In International Conference on Financial Cryptography and Data Security.

[70]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov. 2012. AddressSanitizer: A Fast Address Sanity Checker. In USENIX Annual Technical Conference.

Digital Library

[71]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitry Vyukov. 2015. Address Sanitizer In Hardware. {Online}. Available: https://github.com/google/sanitizers/wiki/AddressSanitizerInHardware.

[72]

Kanad Sinha, Vasileios P Kemerlis, and Simha Sethumadhavan. 2017. Reviving instruction set randomization. In International Symposium on Hardware Oriented Security and Trust (HOST). IEEE.

[73]

Ana Nora Sovarel, David Evans, and Nathanael Paul. 2005. Where's the FEEB? The Effectiveness of Instruction Set Randomization. In USENIX Security Symposium.

Digital Library

[74]

William Stallings. 2005. Computer Organization and Architecture: Designing for Performance (7th Edition). Prentice-Hall, Inc.

Digital Library

[75]

Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal War in Memory. In IEEE Symposium on Security and Privacy.

Digital Library

[76]

Arrigo Triulzi. 2015. Pneumonia, Shardan, Antibiotics and Nasty MOV: a Dead Hand's Tale. {Online}. Available: https://www.troopers.de/events/troopers15/449_pneumonia_shardan_antibiotics_and_nasty_mov_a_dead_hands_tale/.

[77]

Arrigo Triulzi. 2016. The Chimaera Processor. {Online}. Available: https://www.troopers.de/events/troopers16/655_the_chimaera_processor/.

[78]

Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, and Cristiano Giuffrdia. 2017. The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later. In ACM Conference on Computer and Communications Security (CCS).

Digital Library

[79]

Shuai Wang, Pei Wang, and Dinghao Wu. 2015. Reassembleable Disassembling. In USENIX Security Symposium.

Digital Library

[80]

Richard Wartell, Vishwath Mohan, Kevin W Hamlen, and Zhiqiang Lin. 2012. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In ACM Conference on Computer and Communications Security (CCS).

Digital Library

[81]

David J Wheeler and Roger M Needham. 1994. TEA, a tiny encryption algorithm. In International Workshop on Fast Software Encryption.

[82]

Working Intel CET Bits Now Land In GCC8 2017. Working Intel CET Bits Now Land In GCC8. https://www.phoronix.com/scan.php?page=news_item&px=Intel-CET-Working-GCC8.

Cited By

Zhao LShuang HXu SHuang WCui RBettadpur PLie D(2024)A Survey of Hardware Improvements to Secure Program ExecutionACM Computing Surveys10.1145/367239256:12(1-37)Online publication date: 12-Jun-2024
https://dl.acm.org/doi/10.1145/3672392
Liu WTan BFung JChakrabarty K(2024)Theoretical Patchability Quantification for IP-Level Hardware Patching Designs2024 29th Asia and South Pacific Design Automation Conference (ASP-DAC)10.1109/ASP-DAC58780.2024.10473895(951-956)Online publication date: 22-Jan-2024
https://doi.org/10.1109/ASP-DAC58780.2024.10473895
Zhao SMashtizadeh ABaumann ACrooks NSchwarzkopf M(2023)Metal: An Open Architecture for Developing Processor FeaturesProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595915(15-22)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595915
Show More Cited By

Index Terms

An Exploratory Analysis of Microcode as a Building Block for System Defenses
1. Security and privacy
  1. Software and application security
  2. Systems security

Recommendations

Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization
ASPLOS '19: Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems

This paper describes context-sensitive fencing (CSF), a microcode-level defense against multiple variants of Spectre. CSF leverages the ability to dynamically alter the decoding of the instruction stream, to seamlessly inject new micro-ops, including ...
An Instruction Fetch Unit for a High-Performance Personal Computer

The instruction fetch unit (IFU) of the Dorado personal computer speeds up the emulation of instructions by prefetching, decoding, and preparing later instructions in parallel with the execution of earlier ones. It dispatches the machine's microcoded ...
Dual-IS: Instruction Set Modality for Efficient Instruction Level Parallelism
Architecture of Computing Systems
Abstract
Exploiting instruction level parallelism (ILP) is a widely used method for increasing performance of processors. While traditional very long instruction word (VLIW) processors can exploit ILP energy-efficiently thanks to static instruction ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

October 2018

2359 pages

ISBN:9781450356930

DOI:10.1145/3243734

General Chairs:
David Lie
University of Toronto
,
Mohammad Mannan
Concordia University
,
Program Chairs:
Michael Backes
CISPA Helmholtz Center i.G.
,
XiaoFeng Wang
Indiana University

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 October 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

German Federal Ministry of Education and Research
European Research Council

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15 - 19, 2018

Toronto, Canada

Acceptance Rates

CCS '18 Paper Acceptance Rate 134 of 809 submissions, 17%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
584
Total Downloads

Downloads (Last 12 months)36
Downloads (Last 6 weeks)2

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Zhao LShuang HXu SHuang WCui RBettadpur PLie D(2024)A Survey of Hardware Improvements to Secure Program ExecutionACM Computing Surveys10.1145/367239256:12(1-37)Online publication date: 12-Jun-2024
https://dl.acm.org/doi/10.1145/3672392
Liu WTan BFung JChakrabarty K(2024)Theoretical Patchability Quantification for IP-Level Hardware Patching Designs2024 29th Asia and South Pacific Design Automation Conference (ASP-DAC)10.1109/ASP-DAC58780.2024.10473895(951-956)Online publication date: 22-Jan-2024
https://doi.org/10.1109/ASP-DAC58780.2024.10473895
Zhao SMashtizadeh ABaumann ACrooks NSchwarzkopf M(2023)Metal: An Open Architecture for Developing Processor FeaturesProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595915(15-22)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595915
Liu WTan BFung JKarri RChakrabarty K(2023)Hardware-Supported Patching of Security Bugs in Hardware IP BlocksIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2022.316851342:1(54-67)Online publication date: Jan-2023
https://doi.org/10.1109/TCAD.2022.3168513
Borrello PEasdon CSchwarzl MCzerny RSchwarz M(2023)CustomProcessingUnit: Reverse Engineering and Customization of Intel Microcode2023 IEEE Security and Privacy Workshops (SPW)10.1109/SPW59333.2023.00031(285-297)Online publication date: May-2023
https://doi.org/10.1109/SPW59333.2023.00031
Silva VPinto PCardoso PCabral JTavares A(2021)HAL-ASOS Accelerator Model: Evolutive Elasticity by DesignElectronics10.3390/electronics1017207810:17(2078)Online publication date: 27-Aug-2021
https://doi.org/10.3390/electronics10172078
Yang ZLi QZhang PChen Z(2020)Reverse Engineering of Intel Microcode Update StructureIEEE Access10.1109/ACCESS.2020.30242438(169676-169687)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.3024243
Zhao LChoi JDemirag DButler KMannan MAyday EClark J(2019)One-Time Programs Made PracticalFinancial Cryptography and Data Security10.1007/978-3-030-32101-7_37(646-666)Online publication date: 30-Sep-2019
https://doi.org/10.1007/978-3-030-32101-7_37

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents