In recent years, micro-architectural side-channel attacks have emerged as a unique and potent threat to security and privacy. Identifying these side-channels is difficult as they often originate from undocumented hardware structures, which are hidden from the software. Moreover, their root-cause lies in crucial hardware performance optimizations, making low overhead mitigation challenging. This talk will focus on both discovery of new attacks and new low-cost defenses.

First, I will discuss CPU cache-side-channel attacks, originating from cache-set conflicts. Such attacks can leak keys from encryption algorithms, cause privacy breaches like user activity fingerprinting, etc. Recently, many randomized cache defenses have been proposed as mitigations, but they have been broken by adaptive attacks. To fundamentally address this problem, we propose MIRAGE [SEC’21], a defense that eliminates set-conflicts with an abstraction of a fully associative cache. It achieves this practically with a set-associative design at less than 2% slowdown using Power-of-2-Random-Choices based load-balancing. While 2018 to 2020 saw 5 different defenses broken by 6 attacks, MIRAGE since 2020 has been unbroken.

Next, I will discuss a new side-channel vulnerability we discovered in AMD CPUs (Zen 2 & 3), called SQUIP [SP’23]. This work discovered a vulnerability with shared scheduler queues in multi-threaded AMD CPUs, which have been relatively unexplored. We reverse-engineered these CPU schedulers and demonstrated a side-channel attack exploiting scheduler queue contention that can leak a 4096-bit RSA key across SMT-threads. The vulnerability was acknowledged by AMD and assigned CVE-2021- 46778.

Finally, I will conclude with a brief description of current work on DRAM Rowhammer attacks, side-channel detection techniques, and securing machine-learning models against hardware threats.