Showing 1–3 of 3 results for author: Aimoniotis, P

Clueless: A Tool Characterising Values Leaking as Addresses

Authors: Xiaoyue Chen, Pavlos Aimoniotis, Stefanos Kaxiras

Abstract: Clueless is a binary instrumentation tool that characterises explicit cache side channel vulnerabilities of programs. It detects the transformation of data values into addresses by tracking dynamic instruction dependencies. Clueless tags data values in memory if it discovers that they are used in address calculations to further access other data. Clueless can report on the amount of data that ar… ▽ More Clueless is a binary instrumentation tool that characterises explicit cache side channel vulnerabilities of programs. It detects the transformation of data values into addresses by tracking dynamic instruction dependencies. Clueless tags data values in memory if it discovers that they are used in address calculations to further access other data. Clueless can report on the amount of data that are used as addresses at each point during execution. It can also be specifically instructed to track certain data in memory (e.g., a password) to see if they are turned into addresses at any point during execution. It returns a trace on how the tracked data are turned into addresses, if they do. We demonstrate Clueless on SPEC 2006 and characterise, for the first time, the amount of data values that are turned into addresses in these programs. We further demonstrate Clueless on a micro benchmark and on a case study. The case study is the different implementations of AES in OpenSSL: T-table, Vector Permutation AES (VPAES), and Intel Advanced Encryption Standard New Instructions (AES-NI). Clueless shows how the encryption key is transformed into addresses in the T-table implementation, while explicit cache side channel vulnerabilities are note detected in the other implementations. △ Less

Submitted 25 January, 2023; originally announced January 2023.

Comments: Accepted by Hardware and Architectural Support for Security and Privacy (HASP) 2022

"It's a Trap!"-How Speculation Invariance Can Be Abused with Forward Speculative Interference

Authors: Pavlos Aimoniotis, Christos Sakalis, Magnus Själander, Stefanos Kaxiras

Abstract: Speculative side-channel attacks access sensitive data and use transmitters to leak the data during wrong-path execution. Various defenses have been proposed to prevent such information leakage. However, not all speculatively executed instructions are unsafe: Recent work demonstrates that speculation invariant instructions are independent of speculative control-flow paths and are guaranteed to eve… ▽ More Speculative side-channel attacks access sensitive data and use transmitters to leak the data during wrong-path execution. Various defenses have been proposed to prevent such information leakage. However, not all speculatively executed instructions are unsafe: Recent work demonstrates that speculation invariant instructions are independent of speculative control-flow paths and are guaranteed to eventually commit, regardless of the speculation outcome. Compile-time information coupled with run-time mechanisms can then selectively lift defenses for speculation invariant instructions, reclaiming some of the lost performance. Unfortunately, speculation invariant instructions can easily be manipulated by a form of speculative interference to leak information via a new side-channel that we introduce in this paper. We show that forward speculative interference whereolder speculative instructions interfere with younger speculation invariant instructions effectively turns them into transmitters for secret data accessed during speculation. We demonstrate forward speculative interference on actual hardware, by selectively filling the reorder buffer (ROB) with instructions, pushing speculative invariant instructions in-or-out of the ROB on demand, based on a speculatively accessed secret. This reveals the speculatively accessed secret, as the occupancy of the ROB itself becomes a new speculative side-channel. △ Less

Submitted 2 December, 2022; v1 submitted 22 September, 2021; originally announced September 2021.

Comments: Presented at 28th IEEE International Symposium on High-Performance Computer Architecture (HPCA-28) 2022 in "Best of CAL" session and IEEE International Symposium On Secure And Private Execution Enviroment Design (SEED) 2021. A version of this manuscript has been published in IEEE Computer Architecture Letters (CAL) 2021

MapVisual: A Visualization Tool for Memory Access Patterns

Authors: Pavlos Aimoniotis, Maria Rafaela Gkeka, Nikolaos Bellas

Abstract: Memory bandwidth is strongly correlated to the complexity of the memory access pattern of a running application. To improve memory performance of applications with irregular and/or unpredictable memory patterns, we need tools to analyze these patterns during application development. In this work, we present a software tool for the analysis and visualization of memory access patterns. We perform me… ▽ More Memory bandwidth is strongly correlated to the complexity of the memory access pattern of a running application. To improve memory performance of applications with irregular and/or unpredictable memory patterns, we need tools to analyze these patterns during application development. In this work, we present a software tool for the analysis and visualization of memory access patterns. We perform memory tracing and profiling, we do data processing and filtering, and we use visualization algorithms to produce three dimensional graphs that describe the patterns both in space and in time. Finally, we evaluate our toolflow on a variety of applications. △ Less

Submitted 9 March, 2021; originally announced March 2021.