33rd USENIX Security Symposium was held in Philadelphia in August 2024. Following recent trends, the symposium featured several sessions dedicated to hardware and microarchitectural security. The program includes papers targeting side-channels and covert channels through prefetchers and branch predictors, transient execution attacks and defenses, adversarial attacks, memory exploitation attacks, new variants of rowhammer attacks, as well as exploitations and defenses targeting cloud environments. In this blog post, we summarize the main contributions of these papers, breaking them down into two broad categories: attacks and mitigations.

Attacks and Exploitations

Transient Execution Attacks

InSpectre Gadget (received a Distinguished Paper Award) demonstrated that a significant residual attack surface remains even in the presence of most recent mitigations for Spectre-v2 cross-privilege attacks. The authors proposed an automated analysis tool to discover unconventional exploitable gadgets that allow to create attacks on the most recent processors, bypassing mitigations. Shesha is another discovery tool targeting transient execution attacks such as Spectre and Meltdown. This work aims to automate the process of finding such attacks based on Particle Swarm Optimization which has a faster convergence rate than existing fuzzing-based approaches, uncovering new variations of transient execution attacks.

GPU Attacks

Guo et al. proposed buffer overflow attacks that overcome challenges related to the memory organization of GPUs. Buffer overflow attacks on GPUs can easily enable Return-Oriented Programming (ROP), code injection attacks, and/or Jump-Oriented Programming (JOP) attacks. To construct successful buffer overflow attacks, the authors reverse-engineered the NVIDIA GPU memory space layout and addressing (local, global, and shared). They also found that data pages can be executable and code pages can be writable, making traditional memory exploitation mechanisms (which are mitigated on CPUs) possible on GPUs. Another GPU attack is Invalidate+Compare which introduces a novel, timer-free GPU cache attack primitive, targeting NVIDIA GPUs. The authors reverse-engineered cache properties and demonstrated attacks that reveal sensitive information, such as visited websites and virtual keystrokes.

Rowhammer Attacks

New variations of Rowhammer attacks are still being discovered to improve the performance of the attack and avoid existing mitigations. SledgeHammer amplifies Rowhammer attacks by exploiting bank-level parallelism in DDR4 memory. The authors introduce a new hammering technique that significantly increases bit flips. They successfully demonstrated Rowhammer attacks in modern web browsers like Chrome and Firefox under default settings, bypassing existing defenses without the need for transparent huge pages. ZenHammer is the first successful Rowhammer attack on AMD Zen-based CPUs (AMD Zen 2 and Zen 3 systems). The authors reverse-engineered the DRAM addressing functions, synchronized with refresh commands, and optimized memory access patterns. This work is also the first work to trigger Rowhammer bit flips on a DDR5 device.

Several schemes were proposed to exploit rowhammer attacks. FrameFlip introduces a novel hardware-based fault injection attack that universally depletes DNN model inference accuracy with a single bit-flip in the runtime code. The attack targets machine learning codebases, bypassing current defenses and demonstrating significant degradation in DNN performance across various architectures. Go Go Gadget Hammer introduces a novel Rowhammer exploit that targets nested pointer dereferences in kernel code, enabling arbitrary data leakage. Their attack can bypass existing defenses and achieve a leakage rate of 82.6 bits/second by flipping targeted kernel pointers.

Side-Channel Attacks and Covert Channels

Attacks targeting various microarchitectural components have been presented. GoFetch reveals how Data Memory-Dependent Prefetchers (DMPs) in Apple’s M-series CPUs can be exploited to break constant-time cryptographic implementations. The authors demonstrated end-to-end attacks that extracted cryptographic keys from both classical and post-quantum algorithms, including OpenSSL Diffie-Hellman and CRYSTALS-Kyber. Indirector introduced high-precision Branch Target Injection (BTI) attacks that exploit the Indirect Branch Predictor (IBP) in modern Intel CPUs. The authors reverse-engineered the IBP structure and demonstrated how their findings enable new attacks that bypass existing hardware defenses, compromising system security even with mitigations like IBRS (Indirect Branch Restricted Speculation), STIBP (Single Thread Indirect Branch Predictor), and IBPB (Indirect Branch Predictor Barrier) in place. Pixel Thief uncovered a new cache-based side-channel attack on SVG filters in modern browsers, allowing attackers to recover sensitive information from embedded iframes and history data. The authors demonstrated the attack’s effectiveness in bypassing existing defenses in Firefox and Chrome, achieving unprecedented data leakage rates. Peep With A Mirror presented a novel method for breaking Android app sandboxing via an unprivileged cache side-channel attack. The authors demonstrated how their attack, using the ANDROSCOPE framework, can non-intrusively monitor app-specific behaviors, such as driving routes and keystroke dynamics, thereby compromising app privacy.

Attacks in the Cloud

Side and covert channel attacks targeting cloud environments were also explored. HECKLER demonstrated a novel attack on confidential VMs (CVMs) running on AMD SEV-SNP and Intel TDX platforms by injecting malicious interrupts via the hypervisor. The authors showed how these interrupts can alter register states and bypass authentication or compromise the integrity of running applications. Sync+Sync introduced a novel covert channel attack that leverages the “fsync” system call in persistent storage, allowing secretive communication across various isolation environments like cross-file, cross-container, and cross-VM. 

Defenses and Mitigations

BeeBox proposed a defense against transient execution attacks such as Spectre-PHT and Spectre-STL targeting Berkeley Packet Filter (BPF) used for filtering network packets. Their approach is mainly based on sandboxing BPF to isolate sensitive data in BPF prone to speculative execution. SpecLFB limits protection to unsafe speculative loads by utilizing existing Line-Fill-Buffer (LFB) to prevent unsafe speculative loads. This prevents unsafe transfers from lower-level caches to higher-level caches. DMAAUTH is an approach to defend against DMA attacks targeting IOMMU (such as invalidation and subpage attacks) by checking DMA pointer integrity. In their approach, all DMA transactions are checked using a hardware-based authenticator. To ensure the full control of the OS kernel on DMA pointers and to support both pointer integrity and arithmetic, higher bits are signed and lower bits are used for arithmetic.

In the domain of non-traditional microarchitectures,  Microarchitectural Weird Machines (µWM) performs computation based on microarchitectural side effects, cache residency and transient execution. Wang et al. proposed a practical µWM to compute complex functions, in contrast to current µWMs which can obfuscate only simple computations. The authors designed a compiler which can generate µWM from C/C++ code.

ABACuS is a low-cost and scalable mitigation targeting Rowhammer attacks. It utilizes shared row activation counters across all DRAM banks. The system efficiently tracks and mitigates RowHammer attacks with minimal performance, energy, and area overheads. NetShaper introduced a differentially private network side-channel mitigation system which adapts traffic shaping to provide quantifiable privacy guarantees with low overhead. The authors presented a middlebox-based implementation that secures applications such as video streaming and web services, defeating state-of-the-art side-channel attacks by obfuscating traffic patterns. 

In summary, security conferences (and in particular USENIX Security Symposium) continue to feature an impressive volume of papers that are of interest to our community.  

About the Authors:

Ghadeer Almusaddar is a Ph.D. candidate at Binghamton University. Her research interests are in the areas of hardware security in heterogeneous systems with current focus on GPUs. 

Yicheng Zhang is a third-year Ph.D. candidate at University of California, Riverside. His research interest lies in AR/VR security and hardware security.

Disclaimer: These posts are written by individual contributors to share their thoughts on the Computer Architecture Today blog for the benefit of the community. Any views or opinions represented in this blog are personal, belong solely to the blog author and do not represent those of ACM SIGARCH or its parent organization, ACM.