Details

About the talk

Researchers present TLBleed, a novel side-channel attack that leaks information out of Translation Lookaside Buffers (TLBs). TLBleed shows a reliable side channel without relying on the CPU data or instruction caches. This, therefore, bypasses several proposed CPU cache side-channel protections. Their TLBleed exploit successfully leaks a 256-bit EdDSA key from libgcrypt (used in e.g. GPG) with a 98% success rate after just a single observation of signing operation on a co-resident hyperthread and just 17 seconds of analysis time.

Presentation from the talk
Loader Loading...
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

Further, they show how another exploit based on TLBleed can leak bits from the side-channel resistant RSA implementation in libgcrypt. They use novel machine learning techniques to achieve this level of performance. These techniques will likely improve the quality of future side-channel attacks. This talk contains details about the architecture and complex behavior of modern, multilevel TLB’s on several modern Intel microarchitectures that is undocumented and publically presented for the first time.

Ben Gras

Ben Gras

Security Researcher, Vrije Universiteit Amsterdam

Ben Gras has been in the VUSec security research group since 2015. He has worked on software reliability, defensive research projects, and most recently, offensive research. The offensive research was most noticeably making cross-VM Rowhammer exploitation reliable and a cache-based MMU side-channel attack. Most recently is this TLB side channel. He also can raise one eyebrow independently of the other.
In Feb-July 2017, he did a research internship with Cisco in the security research group in Knoxville, TN.
He is presently pursuing a Ph.D. in mischief.
Kaveh Razavi

Kaveh Razavi

Security Researcher, Vrije Universiteit Amsterdam

Kaveh Razavi is a security researcher at the Vrije Universiteit Amsterdam in the Netherlands. He is currently most interested in reliable exploitation and mitigation of hardware vulnerabilities and side-channel attacks on OS/hardware interfaces. He has previously been part of a CERT team specializing on operating system security, has worked on authentication systems of a Swiss bank, and has spent two summers in Microsoft Research building large-scale system prototypes. He holds a BSc from the Sharif University of Technology, Tehran, an MSc from ETH Zurich and a Ph.D. from Vrije Universiteit Amsterdam.