New CPU side channel attack

Scumbag · November 11, 2020, 8:32am

Intel, AMD and ARM are all vulnerable.

The site mentions microcode update is also necessary, however the corresponding Xen Security Advisory makes no mention of microcode.

icequbes1 · November 11, 2020, 5:01pm

Intel Advisory, “2020.2 IPU - Intel® RAPL Interface Advisory”

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html

Would like to note the researchers confirmed with Intel that Intel chips were vulnerable, however they did not say AMD and ARM were actually vulnerable; only that they may be potentially vulnerable due to the presence of a RAPL-like interface. They did not verify these claims on those chips:

From https://platypusattack.com/:

We disclosed the problem to AMD and ARM as well. However, currently, we are not aware of any official statement regarding affected products from these vendors.

Within our research, we focused on Intel’s RAPL implementation as the threat model of Intel SGX allows a privileged attacker to achieve a more precise execution control of the victim. However, starting with the Zen microarchitecture, AMD CPUs also provide a RAPL interface that even allows measuring the energy consumption per individual core. With Linux kernel 5.8, this interface also grants access to unprivileged applications, however, currently limited to AMD Rome CPUs.

Furthermore, other processor vendors like ARM and NVIDIA have on-board energy meters that can be used. Marvell and Ampere also provide kernel drivers to provide unprivileged access to hardware sensors. However, as we do not or have only limited access to these devices, we were not able to conduct any experiments on these devices.

adw · November 12, 2020, 11:03am

Scumbag · November 12, 2020, 4:24pm

icequbes1:

Intel Advisory, “2020.2 IPU - Intel® RAPL Interface Advisory”

INTEL-SA-00389

Scumbag:

Intel, AMD and ARM are all vulnerable.

Would like to note the researchers confirmed with Intel that Intel chips were vulnerable, however they did not say AMD and ARM were actually vulnerable; only that they may be potentially vulnerable due to the presence of a RAPL-like interface. They did not verify these claims on those chips:

From https://platypusattack.com/:

We disclosed the problem to AMD and ARM as well. However, currently, we are not aware of any official statement regarding affected products from these vendors.

Within our research, we focused on Intel’s RAPL implementation as the threat model of Intel SGX allows a privileged attacker to achieve a more precise execution control of the victim. However, starting with the Zen microarchitecture, AMD CPUs also provide a RAPL interface that even allows measuring the energy consumption per individual core. With Linux kernel 5.8, this interface also grants access to unprivileged applications, however, currently limited to AMD Rome CPUs.

Furthermore, other processor vendors like ARM and NVIDIA have on-board energy meters that can be used. Marvell and Ampere also provide kernel drivers to provide unprivileged access to hardware sensors. However, as we do not or have only limited access to these devices, we were not able to conduct any experiments on these devices.

Ah yes it was more my assumption that they are probably vulnerable.

Xen seems to assume that ARM is vulnerable as well:
For ARM systems, all versions of Xen are vulnerable. The fix restricts
access to the AMU (Activity Monitors Unit) interface, introduced in
Armv8.4.
https://xenbits.xen.org/xsa/advisory-351.html

AMD has a statement now:
In a paper titled, “Software-based Power Side Channel Attacks on AMD”, researchers from Graz University of Technology describe a differential power analysis method to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks.

In line with industry partners, AMD has updated the RAPL interface to require privileged access. The change is in the process of being integrated into Linux distributions.
https://www.amd.com/en/corporate/product-security