Saved in:
Bibliographic Details
Main Authors: Gast, Stefan, Juffinger, Jonas, Maar, Lukas, Royer, Christoph, Kogler, Andreas, Gruss, Daniel
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2404.07042
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866929309206183936
author Gast, Stefan
Juffinger, Jonas
Maar, Lukas
Royer, Christoph
Kogler, Andreas
Gruss, Daniel
author_facet Gast, Stefan
Juffinger, Jonas
Maar, Lukas
Royer, Christoph
Kogler, Andreas
Gruss, Daniel
contents In this paper, we investigate unexplored aspects of scheduler contention: We systematically study the leakage of all scheduler queues on AMD Zen 3 and show that all queues leak. We mount the first scheduler contention attacks on Zen 4, with a novel measurement method evoking an out-of-order race condition, more precise than the state of the art. We demonstrate the first inter-keystroke timing attacks based on scheduler contention, with an F1 score of $\geq$ 99.5 % and a standard deviation below 4 ms from the ground truth. Our end-to-end JavaScript attack transmits across Firefox instances, bypassing cross-origin policies and site isolation, with 891.9 bit/s (Zen 3) and 940.7 bit/s (Zen 4).
format Preprint
id arxiv_https___arxiv_org_abs_2404_07042
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Remote Scheduler Contention Attacks
Gast, Stefan
Juffinger, Jonas
Maar, Lukas
Royer, Christoph
Kogler, Andreas
Gruss, Daniel
Cryptography and Security
In this paper, we investigate unexplored aspects of scheduler contention: We systematically study the leakage of all scheduler queues on AMD Zen 3 and show that all queues leak. We mount the first scheduler contention attacks on Zen 4, with a novel measurement method evoking an out-of-order race condition, more precise than the state of the art. We demonstrate the first inter-keystroke timing attacks based on scheduler contention, with an F1 score of $\geq$ 99.5 % and a standard deviation below 4 ms from the ground truth. Our end-to-end JavaScript attack transmits across Firefox instances, bypassing cross-origin policies and site isolation, with 891.9 bit/s (Zen 3) and 940.7 bit/s (Zen 4).
title Remote Scheduler Contention Attacks
topic Cryptography and Security
url https://arxiv.org/abs/2404.07042