A component in computer processors that connects different parts of the chip can be exploited by malicious agents looking to steal secret information from programs running on the computer, MIT researchers have found.
Modern computer processors contain many computing units, called cores, which share the same hardware resources. The on-chip interconnect is the component that allows these cores to communicate with each other. But when programs on multiple cores are running concurrently, they may lag when using the interconnect to send data to the chip at the same time.
By monitoring and measuring these delays, a malicious agent could conduct what is known as a “side channel attack” and reconstruct secret information stored in a program, such as a cryptographic key or password.
MIT researchers reverse-engineered the on-chip interconnect to study how this type of attack would be possible. Based on their findings, they built an analytical model of traffic flow between processor cores, which they used to design and launch surprisingly effective side-channel attacks. Next, they developed two mitigation strategies that allow a user to improve security without making physical changes to the computer chip.
“A lot of current lateral defenses are ad hoc – we’re seeing a bit of leakage here and fixing it. We hope our approach with this analytical model will push for more systematic and robust defenses that eliminate entire classes of attacks at once. says co-lead author Miles Dai, MEng ’21.
Dai wrote the article with co-lead author Riccardo Paccagnella, a graduate student at the University of Illinois at Urbana-Champaign; Miguel Gomez-Garcia ’22; John McCalpin, researcher at the Texas Advanced Computing Center; and lead author Mengjia Yan, Homer A. Burnell Career Development Assistant Professor of Electrical Engineering and Computer Science (EECS) and member of the Computer Science and Artificial Intelligence Laboratory (CSAIL). The research is presented at the USENIX Security Conference.
A modern CPU looks like a two-dimensional grid, with multiple cores arranged in rows and columns. Each core has its own cache where data is stored, and there is also a larger cache that is shared across the processor. When a program on one core needs to access data in a cache on another core or in the shared cache, it must use the on-chip interconnect to send that request and retrieve the data.
Although it is an important component of the processor, the on-chip interconnect remains understudied because it is difficult to attack, says Dai. A hacker needs to launch the attack when the traffic from two cores is actually interfering with each other, but because the traffic spends so little time in the interconnect, timing the attack at the right time is difficult. The interconnect is also complex, and there are multiple paths that traffic can take between cores.
To study how traffic flows over the interconnect, MIT researchers created programs that would intentionally access memory caches outside of their local cores.
“By testing different situations, trying different locations, and swapping the locations of these programs on the CPU, we can figure out what rules govern traffic flows on the interconnect,” Dai says.
They discovered that the interconnection is like a highway, with multiple lanes going in all directions. When two traffic streams collide, the interconnect uses a priority arbitration policy to decide which traffic stream should go first. More “important” requests take priority, such as those from programs essential to the operation of a computer.
Using this information, the researchers built an analytical model of the processor that summarizes how traffic can flow across the interconnect. The model shows which cores would be most vulnerable to a side channel attack. A kernel would be more vulnerable if it was accessible by many different routes. An attacker could use this information to select the best kernel to monitor to steal information from a victim program.
“If the attacker understands how the interconnect works, they can configure themselves so that the execution of sensitive code is observable through an interconnect conflict. Then they can extract, small little by little, secret information, like a cryptographic key,” says Paccagnella.
When researchers used this model to launch side-channel attacks, they were surprised at how quickly the attacks worked. They were able to recover full cryptographic keys from two different victim programs.
After studying these attacks, they used their analytical model to design two mitigation mechanisms.
In the first strategy, the system administrator would use the model to identify the cores most vulnerable to attack, and then schedule sensitive software to run on less vulnerable cores. For the second mitigation strategy, the administrator can reserve cores located around a sensitive program and only run trusted software on those cores.
The researchers found that both mitigation strategies were able to significantly reduce the accuracy of side-channel attacks. Neither requires the user to make changes to the physical hardware, so mitigations would be relatively easy to implement, Dai says.
Ultimately, they hope their work will inspire more researchers to study the security of on-chip interconnects, Paccagnella says.
“We hope this work highlights how the on-chip interconnect, which is such an important component of computer processors, remains an overlooked attack surface. In the future, as we build systems with stronger isolation properties, we must not ignore interconnection,” he adds.
This work was funded, in part, by the National Science Foundation and the Air Force Office of Scientific Research.