Daniel Moghimi - Revisiting Isolated and Trusted Execution via μarch Cryptanalysis (PhD Defense)

Microarchitectural vulnerabilities are considered a severe threat to the security and privacy of virtualized environments. Researchers have recently proposed several mitigations to circumvent these attacks. However, these mitigations are limited in terms of understanding of the microarchitecture and potential attack vectors. This study discovers new information channels based on low-level analysis of the CPU's memory subsystem. Consequently, we propose multiple techniques that improve previous attack vectors. In particular, microarchitectural data sampling allows a local adversary to leak the actual data bits from other processes. To better understand these attacks, we also developed a new fuzzing tool to automate the reproduction of sophisticated proof of concepts. Microarchitectural vulnerabilities go beyond affecting traditional security boundaries. Trusted execution environments (TEEs) support a wide range of applications like privacy-preserving artificial intelligence. However, we present that the unique adversarial model suggested by TEEs exposes the computation to unusual attack vectors. Additionally, Security co-processors like the Trusted Platform Module (TPM) are responsible for executing cryptographic operations in a physically isolated fashion. While TPM claims stronger security guarantees through security certification, we show that these cryptographic co-processors' obscurity may leave them vulnerable to timing attacks. Conclusively, to show the impact of security failures because of these new classes of vulnerabilities, we demonstrate several realistic end-to-end attacks. We present key extraction from encryption and digital signature operations by combining our findings with theoretical cryptanalysis techniques and devising new algorithmic approaches. Our results show that existing mitigations against microarchitectural attacks are insufficient and lead to critical vulnerabilities on deployed products. In retrospect, we present the ideas, tools, and techniques under the framework of microarchitectural cryptanalysis. We discuss the importance of applying these techniques to future systems with heterogeneous microarchitecture and the essential need for developing analysis and automation tools in this direction.