Remote Scheduler Contention Attacks

Stefan Gast*, Jonas Juffinger, Lukas Maar, Christoph Royer, Andreas Kogler, Daniel Gruss

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

In this paper, we investigate unexplored aspects of scheduler contention: We systematically study the leakage of all scheduler queues on AMD Zen 3 and show that all queues leak. We mount the first scheduler contention attacks on Zen 4, with a novel measurement method evoking an out-of-order race condition, more precise than the state of the art. We demonstrate the first inter-keystroke timing attacks based on scheduler contention, with an F1 score of ≥99.5 % and a standard deviation below 4 ms from the ground truth. Our end-to-end JavaScript attack transmits across Firefox instances, bypassing cross-origin policies and site isolation, with 891.9 bit/s (Zen 3) and 940.7 bit/s (Zen 4).
Original languageEnglish
Title of host publicationFinancial Cryptography and Data Security - 28th International Conference, FC 2024, Revised Selected Papers
Publication statusPublished - 4 Mar 2024
EventFinancial Cryptography and Data Security 2024: FC 2024 - Willemstad, Curaçao
Duration: 4 Mar 20248 Mar 2024
https://fc24.ifca.ai/index.html

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PublisherSpringer-Verlag

Conference

ConferenceFinancial Cryptography and Data Security 2024
Abbreviated titleFC 2024
Country/TerritoryCuraçao
CityWillemstad
Period4/03/248/03/24
Internet address

ASJC Scopus subject areas

  • Information Systems

Fields of Expertise

  • Information, Communication & Computing

Fingerprint

Dive into the research topics of 'Remote Scheduler Contention Attacks'. Together they form a unique fingerprint.

Cite this