1. 14

The SPOILER attack exploits dependency resolution logic that serves the speculative load to to gain information about physical page mappings. Microarchitectural side-channel attacks such as Rowhammer and cache attacks rely on the reverse engineering of the virtual-to-physical address mapping. SPOILER speeds up this reverse engineering by a factor of 256, improving the Prime+Probe attack by a 4096 factor speed up of the eviction set search, even from sandboxed environments like JavaScript. The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments.


Stories with similar links:

  1. SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks via skunkwerks 2 years ago | 0 points | 3 comments