NetSpectre: Read Arbitrary Memory over Network

Michael Schwarz; Martin Schwarzl; Moritz Lipp; Jon Masters; Daniel Gruß

doi:10.1007/978-3-030-29959-0_14

NetSpectre: Read Arbitrary Memory over Network

Michael Schwarz, Martin Schwarzl, Moritz Lipp, Jon Masters, Daniel Gruß

Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie (7050)

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Abstract

All Spectre attacks so far required local code execution. We present the first fully remote Spectre attack. For this purpose, we demonstrate the first access-driven remote Evict+Reload cache attack over the network, leaking 15 bits per hour. We present a novel high-performance AVX-based covert channel that we use in our cache-free Spectre attack.
We show that in particular remote Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system. We demonstrate practical NetSpectre attacks on the Google cloud, remotely leaking data and remotely breaking ASLR.

Originalsprache	englisch
Titel	Computer Security - ESORICS 2019
Untertitel	24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings
Erscheinungsort	Cham
Herausgeber (Verlag)	Springer
Seiten	279-299
Band	1
ISBN (elektronisch)	978-3-030-29959-0
ISBN (Print)	978-3-030-29958-3
DOIs	https://doi.org/10.1007/978-3-030-29959-0_14
Publikationsstatus	Veröffentlicht - Sept. 2019
Veranstaltung	ESORICS 2019: 24th European Symposium on Research in Computer Security - Luxembourg, Luxemburg Dauer: 23 Sept. 2019 → 27 Sept. 2019

Publikationsreihe

Name	Lecture Notes in Computer Science
Band	11735

Konferenz

Konferenz	ESORICS 2019
Land/Gebiet	Luxemburg
Ort	Luxembourg
Zeitraum	23/09/19 → 27/09/19

Zugriff auf Dokument

10.1007/978-3-030-29959-0_14

NetSpectre: Read Arbitrary Memory over Network
Michael Schwarz (Redner/in)
23 Sept. 2019
Aktivität: Vortrag oder Präsentation › Vortrag bei Konferenz oder Fachtagung › Science to science

Dieses zitieren

Schwarz, M., Schwarzl, M., Lipp, M., Masters, J., & Gruß, D. (2019). NetSpectre: Read Arbitrary Memory over Network. in Computer Security - ESORICS 2019: 24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings (Band 1, S. 279-299). (Lecture Notes in Computer Science; Band 11735). Springer. https://doi.org/10.1007/978-3-030-29959-0_14

NetSpectre: Read Arbitrary Memory over Network. / Schwarz, Michael; Schwarzl, Martin; Lipp, Moritz et al.
Computer Security - ESORICS 2019: 24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings. Band 1 Cham: Springer, 2019. S. 279-299 (Lecture Notes in Computer Science; Band 11735).

Publikation: Beitrag in Buch/Bericht/Konferenzband › Beitrag in einem Konferenzband › Begutachtung

Schwarz, M, Schwarzl, M, Lipp, M, Masters, J & Gruß, D 2019, NetSpectre: Read Arbitrary Memory over Network. in Computer Security - ESORICS 2019: 24th European Symposium on Research in Computer Security, Luxembourg, September 23–27, 2019, Proceedings. Bd. 1, Lecture Notes in Computer Science, Bd. 11735, Springer, Cham, S. 279-299, ESORICS 2019, Luxembourg, Luxemburg, 23/09/19. https://doi.org/10.1007/978-3-030-29959-0_14

@inproceedings{944abad99129416caab37e5e8857027e,

title = "NetSpectre: Read Arbitrary Memory over Network",

abstract = "All Spectre attacks so far required local code execution. We present the first fully remote Spectre attack. For this purpose, we demonstrate the first access-driven remote Evict+Reload cache attack over the network, leaking 15 bits per hour. We present a novel high-performance AVX-based covert channel that we use in our cache-free Spectre attack.We show that in particular remote Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system. We demonstrate practical NetSpectre attacks on the Google cloud, remotely leaking data and remotely breaking ASLR.",

author = "Michael Schwarz and Martin Schwarzl and Moritz Lipp and Jon Masters and Daniel Gru{\ss}",

year = "2019",

month = sep,

doi = "10.1007/978-3-030-29959-0_14",

language = "English",

isbn = "978-3-030-29958-3",

volume = "1",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "279--299",

booktitle = "Computer Security - ESORICS 2019",

note = "ESORICS 2019 : 24th European Symposium on Research in Computer Security ; Conference date: 23-09-2019 Through 27-09-2019",

}

TY - GEN

T1 - NetSpectre: Read Arbitrary Memory over Network

AU - Schwarz, Michael

AU - Schwarzl, Martin

AU - Lipp, Moritz

AU - Masters, Jon

AU - Gruß, Daniel

PY - 2019/9

Y1 - 2019/9

N2 - All Spectre attacks so far required local code execution. We present the first fully remote Spectre attack. For this purpose, we demonstrate the first access-driven remote Evict+Reload cache attack over the network, leaking 15 bits per hour. We present a novel high-performance AVX-based covert channel that we use in our cache-free Spectre attack.We show that in particular remote Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system. We demonstrate practical NetSpectre attacks on the Google cloud, remotely leaking data and remotely breaking ASLR.

AB - All Spectre attacks so far required local code execution. We present the first fully remote Spectre attack. For this purpose, we demonstrate the first access-driven remote Evict+Reload cache attack over the network, leaking 15 bits per hour. We present a novel high-performance AVX-based covert channel that we use in our cache-free Spectre attack.We show that in particular remote Spectre attacks perform significantly better with the AVX-based covert channel, leaking 60 bits per hour from the target system. We demonstrate practical NetSpectre attacks on the Google cloud, remotely leaking data and remotely breaking ASLR.

U2 - 10.1007/978-3-030-29959-0_14

DO - 10.1007/978-3-030-29959-0_14

M3 - Conference paper

SN - 978-3-030-29958-3

VL - 1

T3 - Lecture Notes in Computer Science

SP - 279

EP - 299

BT - Computer Security - ESORICS 2019

PB - Springer

CY - Cham

T2 - ESORICS 2019

Y2 - 23 September 2019 through 27 September 2019

ER -

NetSpectre: Read Arbitrary Memory over Network

Abstract

Publikationsreihe

Konferenz

Zugriff auf Dokument

Fingerprint

Aktivitäten

NetSpectre: Read Arbitrary Memory over Network

Dieses zitieren