Remote Scheduler Contention Attacks

Stefan Gast; Jonas Juffinger; Lukas Maar; Christoph Royer; Andreas Kogler; Daniel Gruss

Remote Scheduler Contention Attacks

Stefan Gast^*, Jonas Juffinger, Lukas Maar, Christoph Royer, Andreas Kogler, Daniel Gruss

^*Corresponding author for this work

Institute of Applied Information Processing and Communications (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

In this paper, we investigate unexplored aspects of scheduler contention: We systematically study the leakage of all scheduler queues on AMD Zen 3 and show that all queues leak. We mount the first scheduler contention attacks on Zen 4, with a novel measurement method evoking an out-of-order race condition, more precise than the state of the art. We demonstrate the first inter-keystroke timing attacks based on scheduler contention, with an F1 score of ≥99.5 % and a standard deviation below 4 ms from the ground truth. Our end-to-end JavaScript attack transmits across Firefox instances, bypassing cross-origin policies and site isolation, with 891.9 bit/s (Zen 3) and 940.7 bit/s (Zen 4).

Original language	English
Title of host publication	Financial Cryptography and Data Security - 28th International Conference, FC 2024, Revised Selected Papers
Publication status	Published - 4 Mar 2024
Event	Financial Cryptography and Data Security 2024 - Willemstad, Curaçao Duration: 4 Mar 2024 → 8 Mar 2024 https://fc24.ifca.ai/index.html

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publisher	Springer-Verlag

Conference

Conference	Financial Cryptography and Data Security 2024
Abbreviated title	FC 2024
Country/Territory	Curaçao
City	Willemstad
Period	4/03/24 → 8/03/24
Internet address	https://fc24.ifca.ai/index.html

ASJC Scopus subject areas

Information Systems

Fields of Expertise

Information, Communication & Computing

Access to Document

remote_scheduler_contention_attacksAccepted author manuscript, 395 KB

Cite this

Remote Scheduler Contention Attacks. / Gast, Stefan ; Juffinger, Jonas ; Maar, Lukas et al.
Financial Cryptography and Data Security - 28th International Conference, FC 2024, Revised Selected Papers. 2024. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Gast, S , Juffinger, J , Maar, L, Royer, C, Kogler, A & Gruss, D 2024, Remote Scheduler Contention Attacks. in Financial Cryptography and Data Security - 28th International Conference, FC 2024, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Financial Cryptography and Data Security 2024, Willemstad, Curaçao, 4/03/24.

@inproceedings{597ae0dec68b44a097317ec6d9e98bc9,

title = "Remote Scheduler Contention Attacks",

abstract = "In this paper, we investigate unexplored aspects of scheduler contention: We systematically study the leakage of all scheduler queues on AMD Zen 3 and show that all queues leak. We mount the first scheduler contention attacks on Zen 4, with a novel measurement method evoking an out-of-order race condition, more precise than the state of the art. We demonstrate the first inter-keystroke timing attacks based on scheduler contention, with an F1 score of ≥99.5 % and a standard deviation below 4 ms from the ground truth. Our end-to-end JavaScript attack transmits across Firefox instances, bypassing cross-origin policies and site isolation, with 891.9 bit/s (Zen 3) and 940.7 bit/s (Zen 4).",

author = "Stefan Gast and Jonas Juffinger and Lukas Maar and Christoph Royer and Andreas Kogler and Daniel Gruss",

year = "2024",

month = mar,

day = "4",

language = "English",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer-Verlag",

booktitle = "Financial Cryptography and Data Security - 28th International Conference, FC 2024, Revised Selected Papers",

note = "Financial Cryptography and Data Security 2024, FC 2024 ; Conference date: 04-03-2024 Through 08-03-2024",

url = "https://fc24.ifca.ai/index.html",

}

TY - GEN

T1 - Remote Scheduler Contention Attacks

AU - Gast, Stefan

AU - Juffinger, Jonas

AU - Maar, Lukas

AU - Royer, Christoph

AU - Kogler, Andreas

AU - Gruss, Daniel

PY - 2024/3/4

Y1 - 2024/3/4

N2 - In this paper, we investigate unexplored aspects of scheduler contention: We systematically study the leakage of all scheduler queues on AMD Zen 3 and show that all queues leak. We mount the first scheduler contention attacks on Zen 4, with a novel measurement method evoking an out-of-order race condition, more precise than the state of the art. We demonstrate the first inter-keystroke timing attacks based on scheduler contention, with an F1 score of ≥99.5 % and a standard deviation below 4 ms from the ground truth. Our end-to-end JavaScript attack transmits across Firefox instances, bypassing cross-origin policies and site isolation, with 891.9 bit/s (Zen 3) and 940.7 bit/s (Zen 4).

AB - In this paper, we investigate unexplored aspects of scheduler contention: We systematically study the leakage of all scheduler queues on AMD Zen 3 and show that all queues leak. We mount the first scheduler contention attacks on Zen 4, with a novel measurement method evoking an out-of-order race condition, more precise than the state of the art. We demonstrate the first inter-keystroke timing attacks based on scheduler contention, with an F1 score of ≥99.5 % and a standard deviation below 4 ms from the ground truth. Our end-to-end JavaScript attack transmits across Firefox instances, bypassing cross-origin policies and site isolation, with 891.9 bit/s (Zen 3) and 940.7 bit/s (Zen 4).

UR - https://stefangast.eu/papers/javasquip.pdf

UR - https://fc24.ifca.ai/preproceedings/150.pdf

M3 - Conference paper

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

BT - Financial Cryptography and Data Security - 28th International Conference, FC 2024, Revised Selected Papers

T2 - Financial Cryptography and Data Security 2024

Y2 - 4 March 2024 through 8 March 2024

ER -

Remote Scheduler Contention Attacks

Abstract

Publication series

Conference

ASJC Scopus subject areas

Fields of Expertise

Access to Document

Other files and links

Fingerprint