RSTCON - Secure Undervolting with Instruction Traps - Daniel Gruss & Jonas Juffinger

Описание: RSTCON is an annual technical security conference aimed at resetting our focus to cutting-edge research, exploitation, and tradecraft targeting the sensors, systems, and architectures utilized by critical industry.

Abstract: https://rstcon.org/2024/talks/#suit-s...

Modern CPUs dynamically scale voltage and frequency for efficiency. However, too low voltages can result in security-critical errors. Hence, vendors use a generous safety margin to avoid errors at the cost of higher energy overheads.

In this work, we present SUIT, a novel hardware-software co-design to reduce the safety margin substantially without compromising reliability or security. We observe that not all instructions are equally affected by undervolting faults and that most faultable instructions are infrequent in practice. Hence, SUIT addresses infrequent faultable instructions via two separate DVFS curves, a conservative and an efficient one. For frequent faultable instructions, SUIT statically relaxes the critical path in hardware. Consequently, the instruction is not faultable anymore on the efficient DVFS curve at the cost of performance overheads for this specific instruction. For infrequent faultable instructions, SUIT introduces a trap mechanism preventing execution on the efficient curve. With this trap mechanism, SUIT temporarily switches to the conservative DVFS curve and switches back if no faultable instruction was executed within a certain time frame. We evaluate all building blocks of SUIT, using both measurements on real hardware and simulations, showing a performance overhead of 3.79 %, and a CPU efficiency gain of 20.8 % on average on SPEC CPU2017.

Daniel caught our eyes as a student when he published Rowhammer attacks from JavaScript, cache attacks on ARM, and the Flush+Flush leak primitive. His work on keystroke timing attacks and using high-resolution timers from JavaScript showed the practicality of leveraging side-channels without system-level access. After graduation, his work included the legendary Spectre/Meltdown vulnerabilities. Daniel is an associate professor at the Graz University of Technology, leading the CoreSec group in the Secure Systems area. Jonas has focused on Rowhammer attacks and countermeasures such as CSI:Rowhammer and PTGuard. We are thrilled to have Daniel and Jonas Juffinger here to present SUIT.

Jonas is a PhD candidate of Daniel Gruss’ at the Institute of Applied Information Processing and Communications at Graz University of Technology. In his work he focuses on Rowhammer attacks and mitigations like Half-Double Rowhammer or CSI:Rowahmmer. He also researches side channels, microarchitectural attacks and power aware computing.

See https://rstcon.org/ for more information.