Architecture and Hardware Security Research – Early 2021
Hardware and architecture security remained a hot research topic in the first half of 2021, with new contributions appearing in architecture, security and systems conferences. Some of these 2021 papers were overviewed in our earlier blog post , here we focus on more recently accepted papers. We overview two security conferences (S&P’21 and Usenix Security’21) and one systems conference (EuroSys’21). At the end, we briefly summarize 2021 security papers in architecture conferences (HPCA, ASPLOS and ISCA). Part II of this blog theme covering the second part of 2021 will appear at the end of the year.
Transient execution attacks continued to evolve with new variations and formalisms. Cache Out attack exploits its undocumented interaction between the L1 Cache and the line fill buffer on Intel processors, where the data evicted from L1 sometimes ends up in the fill buffers. Exploitation of this path allows the attackers to bypass previously proposed protections from leaky fill buffers. Hardware-software contracts for secure speculation paper presents a formal framework for principled hardware-software co-design that recognizes the trade-off between performance impact of defensive measures and the ability to execute a larger number of programs securely under speculation. The hardware-software contracts specify which program executions can be distinguished by attackers: they are expressed using ISA, the model of a microarchitecture, and the model of potentially leaky datapath components. This paper makes an important step towards formalizing our understanding of transient execution attacks and what it means to support secure speculation.
Timing attacks evolved beyond caches, TLBs, branch predictors and other on-chip structures. Invisible Probe paper presents a timing attack on PCIe interconnect exploiting bus congestion. If a victim’s activity involves moving data over PCIe, the adversary accessing another device can infer secret information by measuring bus congestion.
