dEEpEst Posted August 2, 2023 Share Posted August 2, 2023 Collide+Power Leaking Inaccessible Data with Software-based Power Side Channels Collide+Power is a novel method to exploit the fundamental way we build and share components in CPUs. We do not target specific programs but instead the underlying CPU hardware itself. This advance in software-based power side channels echoes the discovery of Meltdown and Spectre — where similarly, the underlying hardware provided unforeseen attack possibilities, leaking actual data values. The root of the problem is that shared CPU components, like the internal memory system, combine attacker data and data from any other application, resulting in a combined leakage signal in the power consumption. Thus, knowing its own data, the attacker can determine the exact data values used in other applications. We present two attacks belonging to the Collide+Power attack family: The first attack breaks the isolation between CPU hyperthreads, leaking arbitrary data across programs. The second attack breaks the isolation between user programs and the operating system, leaking arbitrary data not just from the operating system but any security domain on the same computer. The Collide+Power technique can enhance any side-channel signal related to power, such as RAPL This is the hidden content, please Sign In or Sign Up or frequency throttling This is the hidden content, please Sign In or Sign Up . While the leakage rates with current proof-of-concepts are comparably low, future attacks may be faster and indicate the necessity of security patches. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts