CAMBRIDGE, Mass. — Want to protect the data on your computer? Just think like a hacker. Researchers from MIT developed two mitigation mechanisms after finding cyber attackers can exploit a component of computer processors that connects different parts of the chip.
Researchers warn hackers can launch a “side-channel attack” when programs on multiple cores run simultaneously. When running simultaneously, they can delay one another when they use the on-chip interconnect to send data across the chip at the same time.
For their study, the team reverse-engineered the on-chip interconnect to analyze how this kind of attack happens. They built an analytical model of how traffic flows between the cores on a processor. Researchers were able to launch surprisingly effective side-channel attacks. Following these attacks, researchers then developed two mitigation plans that enable a user to improve security without making any physical changes to the computer chip.
“A lot of current side-channel defenses are ad hoc — we see a little bit of leakage here and we patch it. We hope our approach with this analytical model pushes more systematic and robust defenses that eliminate whole classes of attacks at the same time,” says co-lead author Miles Dai in a university release.
Attacking the information ‘highway’
Dai says the on-chip interconnect is understudied because it is difficult to attack, despite it being a large component of the computer processor. Dai explains that a hacker needs to launch the cyberattack when traffic from two cores is interfering with each other. However, it is difficult to time the attack perfectly because traffic spends little time in the interconnect. There are multiple paths traffic can take between cores.
Researchers created programs that intentionally accessed memory caches located outside their local cores to analyze how traffic flows on the interconnect.
“By testing out different situations, trying different placements, and swapping out locations of these programs on the processor, we can understand what the rules are behind traffic flows on the interconnect,” notes Dai.
Study authors found that the interconnect is like a highway, with multiple lanes going in every direction. When the traffic flows collided, the interconnect uses a priority arbitration policy to decide which traffic flow gets to go first. Because of this, more “important” requests take precedence.
From their discovery, researchers built an analytical model of the processor that encapsulated how traffic can flow on the interconnect. Their model showed which cores were most vulnerable to a side-channel attack. Since a core is more vulnerable when it is accessed through many different lanes, a hacker could use this information to select the best core to monitor to steal information.
“If the attacker understands how the interconnect works, they can set themselves up so the execution of some sensitive code would be observable through interconnect contention. Then they can extract, bit by bit, some secret information, like a cryptographic key,” says co-lead author Riccardo Paccagnella.
How can regular people defend against cyberattacks?
When launching the side-channel attacks, the team was astonished by how quickly the attacks took place. They ended up recovering full cryptographic keys from two different victim programs. From these attacks, researchers designed the two defense mechanisms.
For the first mitigation plan, the system administrator used the model to identify which cores are most vulnerable to attack and then scheduled sensitive software to run on less vulnerable cores.
In the second strategy, the administrator reserved cores located around a susceptible program and ran only trusted software on those cares. Both strategies significantly reduced the accuracy of side-channel attacks. The tactics are easy to implement since neither requires the user to make any changes to the physical hardware.
“We hope this work highlights how the on-chip interconnect, which is such a large component of computer processors, remains an overlooked attack surface. In the future, as we build systems that have stronger isolation properties, we should not ignore the interconnect,” says Paccagnella.
The researchers presented their findings at the USENIX Security Conference.