Micro-architectural Attacks

Ever heard about Spectre and Meltdown? These are two hardware vulnerabilities in modern Intel, AMD or ARM processors, which created quite a havoc around 2018. There were measurable impacts on the stock prices of Intel and AMD.

All such attacks belong to a class of attacks called micro-architectural attacks. How do they differ from well-known attacks such as buffer overflow, etc.? Well, these attacks exploit the micro-architecture of modern processors. One such micro-architectural resource is the cache. Typically, the attacker runs a spy process and observes the hit-miss pattern of the cache, exploiting the timing difference between a cache-hit and a cache-miss event. Such timing observation can expose sensitive information, such as the secret key of AES. Another popular source of information leakage is the speculative execution in modern processors, which has been the main driving force behind the performance of modern processors for the last 30 years.  Lastly, there are methods, such as Row-Hammer and Plundervolt, for fault injection, which bring most fault attack threats from the embedded world to the remote server world.

Micro-architectural attacks are one of the most extensively researched areas in computer security. Finding the attacks has been the most prominent research direction so far. However, we are also slowly moving towards developing countermeasures at the micro-architectural level. Also, a sizable community works on formally verifying the security of the upcoming micro-architectures. Overall, this area has yet to see many pathbreaking innovations.