Paper Info
Title
Fallout: Leaking Data on Meltdown-resistant CPUs
Abstract
Meltdown and Spectre enable arbitrary data leakage from memory via various side channels. Short-term software mitigations for Meltdown are only a temporary solution with a significant performance overhead. Due to hardware fixes, these mitigations are disabled on recent processors. In this paper, we show that Meltdown-like attacks are still possible on recent CPUs which are not vulnerable to Meltdown. We identify two behaviors of the store buffer, a microarchitectural resource to reduce the latency for data stores, that enable powerful attacks. The first behavior, Write Transient Forwarding forwards data from stores to subsequent loads even when the load address differs from that of the store. The second, Store-to-Leak exploits the interaction between the TLB and the store buffer to leak metadata on store addresses. Based on these, we develop multiple attacks and demonstrate data leakage, control flow recovery, and attacks on ASLR. Our paper shows that Meltdown-like attacks are still possible, and software fixes with potentially significant performance overheads are still necessary to ensure proper isolation between the kernel and user space.
Year
DOI
Venue
2019
10.1145/3319535.3363219
Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
Keywords
Field
DocType
meltdown, side-channel attack, spectre, store buffer, store-to-load
Metadata,Computer security,Computer science,Control flow,Communication channel,Exploit,Software,Side channel attack,User space,Translation lookaside buffer
Conference
ISBN
Citations 
PageRank 
978-1-4503-6747-9
17
0.65
References 
Authors
0
12
Name
Order
Citations
PageRank
Claudio Canella1414.90
Daniel Genkin257931.18
Lukas Giner3352.30
daniel gruss459034.22
moritz lipp520113.16
Marina Minkin6302.28
Ahmad Moghimi7864.34
Frank Piessens82455162.28
Michael Schwarz925122.35
Berk Sunar1095668.31
Jo Van Bulck1112810.30
Yuval Yarom1277535.54