Clémentine Maurice, postdoctoral researcher in the Secure Systems Group of the Institute of Applied Information Processing and Communications of TU Graz, gives a talk on “Reverse-engineering CPUs for fun and profit“.
Abstract: Hardware is often considered as an abstract layer that behaves correctly, just executing instructions and outputing a result. However, the internal state of the hardware leaks information about the programs that are executing, paving the way for covert or side-channel attacks. Yet, the internal state of a CPU is tightly tied with its microarchitecture, which is becoming increasingly complex and is often undocumented by manufacturers.
In this talk, we present methods to reverse-engineer modern CPU components. In the first part, we present one automatic and generic method to reverse engineer the addressing function of the last-level cache in Intel CPUs, using performance counters. As the last-level cache is shared between cores, we then explain how to use this function in a cross-core side-channel attack. In the second part, we focus on the DRAM addressing function on both x86 and ARM CPUs. We then demonstrate covert and side-channel attacks across CPUs without any shared memory, leveraging DRAM row buffers.