Projects per year
Abstract
Interrupts are a fundamental for inter-process and cross-core communication in modern systems. Controlling these communication mechanisms historically requires switches into the kernel or hypervisor, incurring high performance costs. To alleviate these costs, Intel introduced new hardware mechanisms to send inter-processor interrupts (IPIs) from user space without switching into the kernel, and from virtual machines without switching into the hypervisor. However, it is unclear whether this direct, unsupervised interaction between unprivileged (or virtualized) workloads and the underlying hardware introduces a significant change in the attack surface.
In this paper, we present the IPI side channel, a novel side-channel attack exploiting the recently introduced user interrupts and IPI virtualization features on Intel Sapphire Rapids and the upcoming Intel Arrow Lake processors. The IPI side channel is the first cross-core interrupt detection side channel, allowing an attacker to monitor interrupts delivered to any physical core of the same processor. Our attack is based on precise measurements of the hardware delivery time of interrupts from user space and virtual machines. More specifically, we exploit that interrupts are delivered through a cross-core bus, leading to timing variations on the attackerβs local IPIs. We present multiple case studies to compare the IPI side channel with the state of the art: First, we present an unprivileged cross-core covert channel with a native true capacity of 434.7 kbit/s (π=100, ΟΛΟΛ π₯ =0.03) and a cross-VM capacity of 3.45 kbit/s (π=100, ΟΛΟΛ =0.01). Second, we demonstrate a native inter-keystroke timing attack with an F1F1β score of 97.9 % . Third, we present an open-world website fingerprinting attack on the top 100 websites, achieving an F1F1β score of 89.0 % in a native scenario and an F1F1β score of 71.0 % in a cross-VM (thin client) scenario. Further- more, we discuss the broader context of the IPI side channels and categorize interrupt side channels and mitigations.
In this paper, we present the IPI side channel, a novel side-channel attack exploiting the recently introduced user interrupts and IPI virtualization features on Intel Sapphire Rapids and the upcoming Intel Arrow Lake processors. The IPI side channel is the first cross-core interrupt detection side channel, allowing an attacker to monitor interrupts delivered to any physical core of the same processor. Our attack is based on precise measurements of the hardware delivery time of interrupts from user space and virtual machines. More specifically, we exploit that interrupts are delivered through a cross-core bus, leading to timing variations on the attackerβs local IPIs. We present multiple case studies to compare the IPI side channel with the state of the art: First, we present an unprivileged cross-core covert channel with a native true capacity of 434.7 kbit/s (π=100, ΟΛΟΛ π₯ =0.03) and a cross-VM capacity of 3.45 kbit/s (π=100, ΟΛΟΛ =0.01). Second, we demonstrate a native inter-keystroke timing attack with an F1F1β score of 97.9 % . Third, we present an open-world website fingerprinting attack on the top 100 websites, achieving an F1F1β score of 89.0 % in a native scenario and an F1F1β score of 71.0 % in a cross-VM (thin client) scenario. Further- more, we discuss the broader context of the IPI side channels and categorize interrupt side channels and mitigations.
Original language | English |
---|---|
Title of host publication | ACM Conference on Computer and Communications Security (CCS) 2024 |
DOIs | |
Publication status | Published - 14 Oct 2024 |
Event | ACM Conference on Computer and Communications Security: CCS 2024 - Salt Lake City, United States Duration: 14 Oct 2024 β 18 Oct 2024 |
Conference
Conference | ACM Conference on Computer and Communications Security |
---|---|
Abbreviated title | CCS β24 |
Country/Territory | United States |
City | Salt Lake City |
Period | 14/10/24 β 18/10/24 |
Keywords
- side-channel attack
- user interrupts
- IPI virtualization
- interrupt detection
- Website fingerprinting
Fields of Expertise
- Information, Communication & Computing
Fingerprint
Dive into the research topics of 'Cross-Core Interrupt Detection: Exploiting User and Virtualized IPIs'. Together they form a unique fingerprint.Projects
- 2 Active
-
-
FWF - NeRAM - Next-Generation Rowhammer Attacks and Mitigations
1/12/22 β 30/11/25
Project: Research project