Attacks
- Mitigations for attacks come at the cost of performance
Types
Spectre and Meltdown
- Two popular attacks on processors
- Meltdown
- Breaks the fundamental isolation between the application and operating system
- Allows an unauthorized process to read data from any address that is mapped to the current process’s memory space
- Cache timing attack can get the secret before privilege checking
- Spectre
- Takes advantage of speculative execution
- There was an issue that speculative execution could move data that a program does not have access to to the cache
- Cache timing attack
- Type of side channel attack
- Can find out where a value is in the cache by seeing how long it takes to access it
Hardware Trojan Attacks
- Malicious implants in the hardware
- A couple logic gates among millions is hard to notice if they trigger so infrequently that they don’t show up on tests
- Can create back doors
- Either by changing functionality or sending out electromagnetic signals that can be picked up on by external detectors
- Finding
- Generate tests that focus on the rarely used components
- Run those tests and do side channel analysis on the currents it generates with the design
Power Side-Channel Attacks
- Measures the currents on a chip to figure out values and operations
- Is not prevented by obfuscation because if the chip is running, obfuscation is off
- Can pick up on the signals trojans send off
- Types
- Architectural Side Channel
- Time (ex: cache timing attack)
- Physical
- dynamic Power
- Leakage power
- Path delay
- Electro-magnetic emanations
- Sound
- Test/Debug
- Scan chains
- Trace buffers