research-article

Public Access

ZombieLoad: Cross-Privilege-Boundary Data Sampling

Authors:

Michael Schwarz,

Daniel Moghimi,

Julian Stecklina,

Thomas Prescher,

Daniel GrussAuthors Info & Claims

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Pages 753 - 768

https://doi.org/10.1145/3319535.3354252

Published: 06 November 2019 Publication History

Abstract

In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space by exploiting side-effects from transient instructions. While this attack has been mitigated through stronger isolation boundaries between user and kernel space, Meltdown inspired an entirely new class of fault-driven transient-execution attacks. Particularly, over the past year, Meltdown-type attacks have been extended to not only leak data from the L1 cache but also from various other microarchitectural structures, including the FPU register file and store buffer.

In this paper, we present the ZombieLoad attack which uncovers a novel Meltdown-type effect in the processor's fill-buffer logic. Our analysis shows that faulting load instructions (i.e., loads that have to be re-issued) may transiently dereference unauthorized destinations previously brought into the fill buffer by the current or a sibling logical CPU. In contrast to concurrent attacks on the fill buffer, we are the first to report data leakage of recently loaded and stored stale values across logical cores even on Meltdown- and MDS-resistant processors. Hence, despite Intel's claims, we show that the hardware fixes in new CPUs are not sufficient. We demonstrate ZombieLoad's effectiveness in a multitude of practical attack scenarios across CPU privilege rings, OS processes, virtual machines, and SGX enclaves. We discuss both short and long-term mitigation approaches and arrive at the conclusion that disabling hyperthreading is the only possible workaround to prevent at least the most-powerful cross-hyperthread attack scenarios on current processors, as Intel's software fixes are incomplete.

Supplementary Material

WEBM File (p753-schwarz.webm)

Download
145.06 MB

References

[1]

Abramson, J. M., Akkary, H., Glew, A. F., Hinton, G. J., Konigsfeld, K. G., Madland, P. D., Papworth, D. B., and Fetterman, M. A. Method and apparatus for dispatching and executing a load operation to memory, 1998. US Patent 5,717,882.

[2]

Abramson, J. M., Akkary, H., Glew, A. F., Hinton, G. J., Konigsfeld, K. G., Madland, P. D., Papworth, D. B., and Fetterman, M. A. Method and apparatus for dispatching and executing a load operation to memory, Feb. 1998. US Patent 5,717,882.

[3]

Allan, T., Brumley, B. B., Falkner, K., Van de Pol, J., and Yarom, Y. Amplifying side channels through performance degradation. In ACSAC (2016).

Digital Library

[4]

AMD. Software Techniques for Managing Speculation on AMD Processors, 2018. Revison 7.10.18.

[5]

ARM Limited. Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism, 2018.

[6]

Boggs, D. D., and Rodgers, S. D. Microprocessor with novel instruction for signaling event occurrence and for providing event handling information in response thereto, Apr. 1997. US Patent 5,625,788.

[7]

Bulpin, J. R., and Pratt, I. A. Multiprogramming performance of the Pentium 4 with Hyper-Threading. In Second Annual Workshop on Duplicating, Deconstruction and Debunking (WDDD) (2004).

[8]

Canella, C., Van Bulck, J., Schwarz, M., Lipp, M., von Berg, B., Ortner, P., Piessens, F., Evtyushkin, D., and Gruss, D. A Systematic Evaluation of Transient Execution Attacks and Defenses. In USENIX Security Symposium (2019).

[9]

Carruth, C. RFC: Speculative Load Hardening (a Spectre variant #1 mitigation), Mar. 2018.

[10]

Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., and Lai, T. H. Leaking Enclave Secrets via Speculative Execution. In Euro S&P (2019).

[11]

Corbet, J. Finding Spectre vulnerabilities with smatch, https://lwn.net/Articles/752408/Apr. 2018.

[12]

Costan, V., and Devadas, S. Intel SGX explained.

[13]

Evtyushkin, D., Riley, R., Abu-Ghazaleh, N. C., ECE, and Ponomarev, D. Branchscope: A new side-channel attack on directional branch predictor. In ASPLOS'18 (2018).

Digital Library

[14]

Fog, A. The microarchitecture of Intel, AMD and VIA CPUs: An optimization guide for assembly programmers and compiler makers, 2016.

[15]

Garcia, C. P., and Brumley, B. B. Constant-time callees with variable-time callers. In USENIX Security Symposium (2017).

[16]

Ge, Q., Yarom, Y., Cock, D., and Heiser, G. A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware. Journal of Cryptographic Engineering (2016).

[17]

Glew, A. F., Akkary, H., Colwell, R. P., Hinton, G. J., Papworth, D. B., and Fetterman, M. A. Method and apparatus for implementing a non-blocking translation lookaside buffer, Oct. 1996. US Patent 5,564,111.

[18]

Glew, A. F., Akkary, H., and Hinton, G. J. Translation lookaside buffer that is non-blocking in response to a miss for use within a microprocessor capable of processing speculative instructions, 1997. US Patent 5,613,083.

[19]

Gras, B., Razavi, K., Bos, H., and Giuffrida, C. Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks. In USENIX Security Symposium (2018).

[20]

Gruss, D., Lipp, M., Schwarz, M., Fellner, R., Maurice, C., and Mangard, S. KASLR is Dead: Long Live KASLR. In International Symposium on Engineering Secure Software and Systems (2017), Springer, pp. 161--176.

[21]

Gruss, D., Maurice, C., Fogh, A., Lipp, M., and Mangard, S. Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR. In CCS (2016).

Digital Library

[22]

Gruss, D., Maurice, C., Wagner, K., and Mangard, S. Flush+Flush: A Fast and Stealthy Cache Attack. In DIMVA (2016).

Digital Library

[23]

Gruss, D., Schwarz, M., Wübbeling, M., Guggi, S., Malderle, T., More, S., and Lipp, M. Use-after-freemail: Generalizing the use-after-free problem and applying it to email services. In AsiaCCS (2018).

Digital Library

[24]

Gruss, D., Spreitzer, R., and Mangard, S. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In USENIX Security Symposium (2015).

Digital Library

[25]

Guarnieri, M., Kö pf, B., Morales, J. F., Reineke, J., and Sá nchez, A. SPECTECTOR: Principled Detection of Speculative Information Flows. arXiv:1812.08639 (2018).

[26]

Gueron, S. Intel Advanced Encryption Standard (Intel AES) Instructions Set -- Rev 3.01, 2012.

[27]

Hennessy, J. L., and Patterson, D. A. Computer Architecture: A Quantitative Approach, 6 ed. Morgan Kaufmann, 2017.

[28]

Horn, J. speculative execution, variant 4: speculative store bypass, https://bugs.chromium.org/p/project-zero/issues/detail?id=15282018.

[29]

Intel. Intel 64 and IA-32 Architectures Software Developer's Manual, Volume 3 (3A, 3B & 3C): System Programming Guide, 2016.

[30]

Intel. Intel Software Guard Extensions SDK for Linux OS Developer Reference, May 2016. Rev 1.5.

[31]

Intel. Intel 64 and IA-32 Architectures Optimization Reference Manual, 2017.

[32]

Intel. Intel Analysis of Speculative Execution Side Channels, https://software.intel.com/security-software-guidance/api-app/sites/default/files/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdfJuly 2018.

[33]

Intel. Intel Xeon Processor E3--1200 v3 Product Family Specification Update, https://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-e3--1200v3-spec-update.pdfAug. 2018.

[34]

Intel. L1 Terminal Fault SA-00161, https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-faultAug. 2018.

[35]

Intel. Deep Dive: Intel Analysis of Microarchitectural Data Sampling, https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-samplingMay 2019.

[36]

Intel. Intel® C+ Compiler 19.0 Developer Guide and Reference, Apr. 2019.

[37]

Intel. Side Channel Vulnerability MDS, https://www.intel.com/content/www/us/en/architecture-and-technology/mds.htmlMay 2019.

[38]

Islam, S., Moghimi, A., Bruhns, I., Krebbel, M., Gulmezoglu, B., Eisenbarth, T., and Sunar, B. SPOILER: Speculative load hazards boost rowhammer and cache attacks. In USENIX Security Symposium (2019).

[39]

Jang, Y., Lee, S., and Kim, T. Breaking Kernel Address Space Layout Randomization with Intel TSX. In CCS (2016).

Digital Library

[40]

Johnson, S. P., Savagaonkar, U. R., Scarlata, V. R., McKeen, F. X., and Rozas, C. V. Technique for supporting multiple secure enclaves, June 2012. US Patent 2012/0159184 A1.

[41]

Kemerlis, V. P., Polychronakis, M., and Keromytis, A. D. ret2dir: Rethinking kernel isolation. In USENIX Security Symposium (2014).

[42]

Kiriansky, V., and Waldspurger, C. Speculative Buffer Overflows: Attacks and Defenses. arXiv:1807.03757 (2018).

[43]

Kocher, P. Spectre mitigations in Microsoft's C/C+ compiler, 2018.

[44]

Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M., and Yarom, Y. Spectre attacks: Exploiting speculative execution. In S&P (2019).

[45]

Koruyeh, E. M., Khasawneh, K., Song, C., and Abu-Ghazaleh, N. Spectre Returns! Speculation Attacks using the Return Stack Buffer. In WOOT (2018).

Digital Library

[46]

Lee, J., Jang, J., Jang, Y., Kwak, N., Choi, Y., Choi, C., Kim, T., Peinado, M., and Kang, B. B. Hacking in darkness: Return-oriented programming against secure enclaves. In USENIX Security Symposium (2017).

[47]

Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Fogh, A., Horn, J., Mangard, S., Kocher, P., Genkin, D., Yarom, Y., and Hamburg, M. Meltdown: Reading Kernel Memory from User Space. In USENIX Security Symposium (2018).

[48]

Liu, F., Yarom, Y., Ge, Q., Heiser, G., and Lee, R. B. Last-Level Cache Side-Channel Attacks are Practical. In S&P (2015).

Digital Library

[49]

LWN. The current state of kernel page-table isolation, https://lwn.net/SubscriberLink/741878/eb6c9d3913d7cb2b/Dec. 2017.

[50]

LWN. Spectre v1 defense in gcc, https://lwn.net/Articles/759423/July 2018.

[51]

Maisuradze, G., and Rossow, C. ret2spec: Speculative Execution Using Return Stack Buffers. In CCS (2018).

[52]

Maurice, C., Neumann, C., Heen, O., and Francillon, A. C5: Cross-Cores Cache Covert Channel. In DIMVA (2015).

Digital Library

[53]

Maurice, C., Weber, M., Schwarz, M., Giner, L., Gruss, D., Alberto Boano, C., Mangard, S., and Römer, K. Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud. In NDSS (2017).

[54]

Michael Larabel. Intel Hyper Threading Performance With A Core i7 On Ubuntu 18.04 LTS, https://www.phoronix.com/scan.php?page=article&item=intel-ht-2018&num=4June 2018.

[55]

Minkin, M., Moghimi, D., Lipp, M., Schwarz, M., Van Bulck, J., Genkin, D., Gruss, D., Piessens, F., Sunar, B., and Yarom, Y. Fallout: Reading Kernel Writes From User Space. arXiv:1905.12701 (2019).

[56]

Moghimi, A., Irazoqui, G., and Eisenbarth, T. Cachezoom: How sgx amplifies the power of cache attacks. In CHES (2017).

[57]

Ousterhout, J. K., et al. Scheduling techniques for concurrent systems. In ICDCS (1982).

[58]

Percival, C. Cache missing for fun and profit. In BSDCan (2005).

[59]

Pessl, P., Gruss, D., Maurice, C., Schwarz, M., and Mangard, S. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In USENIX Security Symposium (2016).

[60]

Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds. In CCS (2009).

[61]

Schwarz, M., Canella, C., Giner, L., and Gruss, D. Store-to-Leak Forwarding: Leaking Data on Meltdown-resistant CPUs. arXiv:1905.05725 (2019).

[62]

Schwarz, M., Gruss, D., Lipp, M., Maurice, C., Schuster, T., Fogh, A., and Mangard, S. Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features. AsiaCCS (2018).

[63]

Schwarz, M., Lipp, M., Gruss, D., Weiser, S., Maurice, C., Spreitzer, R., and Mangard, S. KeyDrown: Eliminating Software-Based Keystroke Timing Side-Channel Attacks. In NDSS (2018).

[64]

Schwarz, M., Maurice, C., Gruss, D., and Mangard, S. Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript. In FC (2017).

Digital Library

[65]

Schwarz, M., Schwarzl, M., Lipp, M., and Gruss, D. NetSpectre: Read Arbitrary Memory over Network. In ESORICS (2019).

Digital Library

[66]

Schwarz, M., Weiser, S., Gruss, D., Maurice, C., and Mangard, S. Malware Guard Extension: Using SGX to Conceal Cache Attacks. In DIMVA (2017).

[67]

Schönherr, J. H., Juurlink, B., and Richling, J. Topology-aware equipartitioning with coscheduling on multicore systems. In 6th International Workshop on Multi-/Many-core Computing Systems (MuCoCoS) (2013).

[68]

Shamir, A. How to share a secret. Communications of the ACM (1979).

[69]

Stecklina, J. [RFC] x86/speculation: add L1 Terminal Fault / Foreshadow demo, https://lkml.org/lkml/2019/1/21/606Jan. 2019.

[70]

Stecklina, J., and Prescher, T. LazyFP: Leaking FPU Register State using Microarchitectural Side-Channels. arXiv:1806.07480 (2018).

[71]

Van Bulck, J., Minkin, M., Weisse, O., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Wenisch, T. F., Yarom, Y., and Strackx, R. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In USENIX Security Symposium (2018).

Digital Library

[72]

Van Bulck, J., Piessens, F., and Strackx, R. SGX-Step: A practical attack framework for precise enclave execution control. In Workshop on System Software for Trusted Execution (2017).

Digital Library

[73]

Van Bulck, J., Piessens, F., and Strackx, R. Nemesis: Studying microarchitectural timing leaks in rudimentary CPU interrupt logic. In CCS (2018).

[74]

Van Bulck, J., Weichbrodt, N., Kapitza, R., Piessens, F., and Strackx, R. Telling your secrets without page faults: Stealthy page table-based attacks on enclaved execution. In USENIX Security Symposium (2017).

[75]

van Schaik, S., Milburn, A., Österlund, S., Frigo, P., Maisuradze, G., Razavi, K., Bos, H., and Giuffrida, C. RIDL: Rogue in-flight data load. In S&P (2019).

[76]

Wang, G., Chattopadhyay, S., Gotovchits, I., Mitra, T., and Roychoudhury, A. oo7: Low-overhead Defense against Spectre Attacks via Binary Analysis. arXiv:1807.05843 (2018).

[77]

Weichbrodt, N., Kurmus, A., Pietzuch, P., and Kapitza, R. Asyncshock: Exploiting synchronisation bugs in Intel SGX enclaves. In ESORICS (2016).

[78]

Weisse, O., Van Bulck, J., Minkin, M., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Strackx, R., Wenisch, T. F., and Yarom, Y. Foreshadow-NG: Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution, 2018.

[79]

Wu, Z., Xu, Z., and Wang, H. Whispers in the Hyper-space: High-speed Covert Channel Attacks in the Cloud. In USENIX Security Symposium (2012).

[80]

Xu, Y., Bailey, M., Jahanian, F., Joshi, K., Hiltunen, M., and Schlichting, R. An exploration of L2 cache covert channels in virtualized environments. In CCSW'11 (2011).

Digital Library

[81]

Xu, Y., Cui, W., and Peinado, M. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In S&P (May 2015).

Digital Library

[82]

Yarom, Y., and Falkner, K. Flush+Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack. In USENIX Security Symposium (2014).

Digital Library

Cited By

Tan QYang YBourgeat TMalik SYan MEeckhout LSmaragdakis GLiang KSampson AKim MRossbach C(2025)RTL Verification for Secure Speculation Using Contract Shadow LogicProceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 110.1145/3669940.3707243(970-986)Online publication date: 3-Feb-2025
https://dl.acm.org/doi/10.1145/3669940.3707243
Gruss D(2025)MeltdownEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1688(1516-1520)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1688
Zhang RGerlach LWeber DHetterich LLü YKogler ASchwarz MBalzarotti DXu W(2024)CacheWarpProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3698964(1135-1151)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3698964
Show More Cited By

Index Terms

ZombieLoad: Cross-Privilege-Boundary Data Sampling
1. Security and privacy
  1. Security in hardware
    1. Hardware attacks and countermeasures
      1. Side-channel analysis and countermeasures
  2. Systems security
    1. Operating systems security

Recommendations

KASLR: Break It, Fix It, Repeat
ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

In this paper, we analyze the hardware-based Meltdown mitigations in recent Intel microarchitectures, revealing that illegally accessed data is only zeroed out. Hence, while non-present loads stall the CPU, illegal loads are still executed. We present ...
The Evolution of Transient-Execution Attacks
GLSVLSI '20: Proceedings of the 2020 on Great Lakes Symposium on VLSI

Historically, non-architectural state was considered non-observable. Side-channel attacks, in particular on caches, already showed that this is not entirely correct and meta-information, such as the cache state, can be extracted. Transient-execution ...
Fallout: Leaking Data on Meltdown-resistant CPUs
CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

Meltdown and Spectre enable arbitrary data leakage from memory via various side channels. Short-term software mitigations for Meltdown are only a temporary solution with a significant performance overhead. Due to hardware fixes, these mitigations are ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '19: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

November 2019

2755 pages

ISBN:9781450367479

DOI:10.1145/3319535

General Chairs:
Lorenzo Cavallaro
King's College London, UK
,
Johannes Kinder
Bundeswehr University Munich, Germany
,
Program Chairs:
XiaoFeng Wang
Indiana University, USA
,
Jonathan Katz
George Mason University, USA

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Austrian Research Promotion Agency (FFG)
Research Foundation - Flanders (FWO)
National Science Foundation
European Research Council (ERC)

Conference

CCS '19

Sponsor:

SIGSAC

CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security

November 11 - 15, 2019

London, United Kingdom

Acceptance Rates

CCS '19 Paper Acceptance Rate 149 of 934 submissions, 16%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

212
Total Citations
View Citations
2,844
Total Downloads

Downloads (Last 12 months)574
Downloads (Last 6 weeks)72

Reflects downloads up to 10 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tan QYang YBourgeat TMalik SYan MEeckhout LSmaragdakis GLiang KSampson AKim MRossbach C(2025)RTL Verification for Secure Speculation Using Contract Shadow LogicProceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 110.1145/3669940.3707243(970-986)Online publication date: 3-Feb-2025
https://dl.acm.org/doi/10.1145/3669940.3707243
Gruss D(2025)MeltdownEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_1688(1516-1520)Online publication date: 8-Jan-2025
https://doi.org/10.1007/978-3-030-71522-9_1688
Zhang RGerlach LWeber DHetterich LLü YKogler ASchwarz MBalzarotti DXu W(2024)CacheWarpProceedings of the 33rd USENIX Conference on Security Symposium10.5555/3698900.3698964(1135-1151)Online publication date: 14-Aug-2024
https://dl.acm.org/doi/10.5555/3698900.3698964
Kitayama TNishihira YKanaoka AKakizaki YOhigashi T(2024)Development of an Outsourcing Password Evaluation System Using Intel SGX2024 International Symposium on Information Theory and Its Applications (ISITA)10.23919/ISITA60732.2024.10858277(407-412)Online publication date: 10-Nov-2024
https://doi.org/10.23919/ISITA60732.2024.10858277
Wu ZZeng HBies ASridharan M(2024)Kawa: An Abstract Language for Scalable and Variable Detection of Spectre VulnerabilitiesCompanion Proceedings of the 2024 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3689491.3689971(37-39)Online publication date: 20-Oct-2024
https://dl.acm.org/doi/10.1145/3689491.3689971
Gerhorst LHerzog HWägemann POtt MKapitza RHönig T(2024)VeriFence: Lightweight and Precise Spectre Defenses for Untrusted Linux Kernel ExtensionsProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678907(644-659)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678907
Kühn RMühlig JTeubner J(2024)How to Be Fast and Not Furious: Looking Under the Hood of CPU Cache PrefetchingProceedings of the 20th International Workshop on Data Management on New Hardware10.1145/3662010.3663451(1-10)Online publication date: 10-Jun-2024
https://dl.acm.org/doi/10.1145/3662010.3663451
Lim HKim JLee HLuo BLiao XXu JKirda ELie D(2024)uMMU: Securing Data Confidentiality with Unobservable Memory SubsystemProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690340(2993-3007)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690340
Wilke LSieck FEisenbarth TLuo BLiao XXu JKirda ELie D(2024)TDXdown: Single-Stepping and Instruction Counting Attacks against Intel TDXProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690230(79-93)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690230
Godbole AManerkar YSeshia SLuo BLiao XXu JKirda ELie D(2024)SemPat: From Hyperproperties to Attack Patterns for Scalable Analysis of Microarchitectural SecurityProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690214(2756-2770)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690214
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten