Vulnerability Verification And Exploit Of New Security Vulnerabilities In Microarchitecture

The processor microarchitecture is an important part of the computer system.Chip manufacturers use advanced microarchitecture design to achieve the leading performance and power consumption,but they don't pay attention to safety.Once the microarchitecture of the processor appears the vulnerability,it will directly affect the whole computer system.In recent years,researchers have discovered a number of microarchitecture vulnerabilities that affect a large number of processors such as Intel,ARM,and AMD.This shows that there are a lot of security threats in our processors.Processor microarchitecture security has become a very important and meaningful research area.In this paper,power supply voltage management vulnerability based on power consumption and branch prediction vulnerability based on performance are studied.To provide research support for the design of more secure processor microarchitecture.This paper first studies the voltage management vulnerability of Intel processor,that named "VoltJockey".We verify the existence of this vulnerability and exploit it to attack the AES encryption algorithm on newer Intel processors.In addition,we have found that VoltJockey can be used to attack RSA encryption algorithms on Intel processors,and even RSA algorithms running in Intel's trusted execution environment.Secondly,this paper studies the branch prediction vulnerability on ARM processor.We summarizes the 6-step attack model of the branch prediction vulnerability,and classifies the attack methods of the branch prediction vulnerability that have been found.Nine branch prediction exploits were verified on several mainstream ARMv8 architecture processors.In addition,we also verify the existing defense of the ARM processor,and the test results can help the ARM processor to establish a more perfect defense system.Finally,we have discovered a new prediction execution vulnerability,the sequential prediction vulnerability,which is an ARM processor only prediction execution vulnerability.We described in detail how this vulnerability works and how to use sequential prediction vulnerabilities to leak data.We verify the existence of the sequential prediction vulnerability on the latest commercial ARM servers.Our study shows that ARM processors and x86 processors differ in predictive execution vulnerability,and it is necessary to study predictive execution vulnerability on ARM processors separately.