Today’s world moves at such a breakneck speed that it has transformed us into a society that loathes to wait. Online deliveries turn up at our doorsteps in two hours or less, credit card applications are approved near-instantaneously, and nobody has to wait a week anymore after an episode’s cliffhanger ending. Minimal delays is the name of the game — and we expect the same from our devices too.
To meet these demands, electronics such as laptops and smartphones are embedded with a tiny structure, called prefetchers, that’s found within their processing units. “The goal of this piece of hardware is to help the device try to do things quicker and earlier,” explains Trevor E. Carlson, an assistant professor at NUS Computing.
As its name suggests, prefetchers do this by predicting what the user might request and preparing for it ahead of time, akin to how an attentive scrub nurse is ever ready with a surgeon’s next tool in the operating theatre. The prefetcher looks for patterns — websites you commonly access, applications you often use, and so on — and takes advantage of them. “It says: ‘Oh I’ve seen this in the past, I know what’s going to happen, so I can speed it up,’” says Carlson.
“What the prefetcher does is it tries to get the data you need before you actually request it and brings it close by,” he says. This, in turn, helps cut down the waiting time involved when it comes to performing a particular task.
There’s a catch, however. “We put these things in our computers and phones to make them faster, but they leave ‘breadcrumbs’ around,” says Carlson. Such digital footprints allow hackers and other bad guys to flush out a prefetcher’s history, obtaining information such as the user’s personal data, browser activity, and private encryption keys.
Additionally, hackers can manipulate this backdoor security flaw and use it to transmit victim data to other hardware. “This is called a side-channel, where data is passed between two different applications without the victim knowing,” says Carlson.
Despite these risks, the security of prefetchers is poorly understood. Which is why in March 2021, Carlson and two of his PhD students, Yun Chen and Pei Lingfeng, gathered in his office and attempted to make inroads into the problem.
Following the breadcrumbs
The first step, Carlson reasoned, was to practise some white-hat hacking — in other words, to figure out how to attack the prefetcher and get it to leak data. “We’re attacking these systems because we want to fix the problem,” he says. “If we’re able to exploit the system, it helps us gain a better understanding of it, which would then allow us to both reverse engineer as well as propose fixes to prevent issues like these in the future.”
For their work, the team focused on one specific type of prefetcher, the Instruction Pointer-based stride (IP-stride) prefetcher, that’s found in the vast majority of Intel computers and is able to predict future memory accesses based on past history.
To assess its potential security flaws, they created an attack called AfterImage — named for what continues to linger in your mind’s eye after a camera flashes or when you view something extremely bright. “An afterimage is something you see when it’s no longer there,” explains Carlson. “A similar thing happens with prefetchers: some data gets left behind in the CPU.”
“Our creation AfterImage is about trying to extract that data or get at it in some way,” he says.
Testing revealed that the new attack was remarkably effective, with two different variations successfully prying data from the Intel prefetcher nine out of ten times. Additional attacks revealed that it could transfer information at a rate of 833 bytes per second, with an error rate of under 6%. The researchers also demonstrated that they could precisely time their attacks. “We determined how to extract data from the CPU with AfterImage,” says Carlson.
His team’s investigation provided an in-depth study of the IP-stride prefetcher, revealing many features that were previously unknown. “Before this, we didn’t have a detailed structure of the hardware, we didn’t understand how it was built, how it trains things, how many simultaneous things it can remember at one time,” he says. “None of these things are documented anywhere.”
“Unless you fully understand them, you really can’t try to take advantage of them,” he adds.
Closing the loop
Carlson says that AfterImage offers up a number of benefits. For one, the system is quick to train. For another, it’s algorithm agnostic, meaning that it can be applied to different software applications or workloads.
More importantly, AfterImage opens up avenues for preventing such attacks on prefetchers in the real world. “Mitigation is the whole reason why we’re doing what we’re doing,” says Carlson. “If we can propose something that is easily deployed today, then the threat of such attacks becomes a much less severe problem.”
He adds: “There could be people who have discovered this flaw and are already exploiting it. We want to make sure that we help close the loop by making the knowledge public with the blessing of Intel.”
On that front, he and his students have also proposed a handful of strategies to guard against such prefetcher data leaks. Some are straightforward enough to implement now (for instance, modifications to operating systems, which involves very small overheads), while others are designed to be incorporated into the hardware of the future.
The trio explain their findings in a paper that was published in January. They also presented their work in Vancouver, Canada in March, at the ACM Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS).
Carlson and his team have now turned their attention to other types of prefetchers, studying them for the security flaws they might entail. “One problem is that we don’t know if the attackers are already exploiting these vulnerabilities,” he says. “If they are, then that can be a big problem. We’re helping to uncover these problems hopefully sooner rather than later.”
“If so, we can come up with smart mitigation measures,” he says. “That’s really the focus of our group.”
