MCU-Wide Timing Side Channels and Their Detection

MCU-Wide Timing Side Channels and Their Detection

Microarchitectural timing side channels have been thoroughly investigated as a security threat in hardware designs featuring shared buffers (e.g., caches) or parallelism between attacker and victim task execution. However, contradicting common intuitions, recent activities demonstrate that this thre...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2024-07
Hauptverfasser: Müller, Johannes, Duque Antón, Anna Lena, Deutschmann, Lucas, Mehmedagić, Dino, Rodrigues, Cristiano, Oliveira, Daniel, Devarajegowda, Keerthikumara, Mohammad Rahmani Fadiheh, Pinto, Sandro, Stoffel, Dominik, Kunz, Wolfgang
Format: Artikel
Sprache:eng
Schlagworte:
Channels
Computer Science - Cryptography and Security
Formal method
Security
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Microarchitectural timing side channels have been thoroughly investigated as a security threat in hardware designs featuring shared buffers (e.g., caches) or parallelism between attacker and victim task execution. However, contradicting common intuitions, recent activities demonstrate that this threat is real even in microcontroller SoCs without such features. In this paper, we describe SoC-wide timing side channels previously neglected by security analysis and present a new formal method to close this gap. In a case study on the RISC-V Pulpissimo SoC, our method detected a vulnerability to a previously unknown attack variant that allows an attacker to obtain information about a victim's memory access behavior. After implementing a conservative fix, we were able to verify that the SoC is now secure w.r.t. the considered class of timing side channels.
ISSN:2331-8422
DOI:10.48550/arxiv.2309.12925