Understanding the MicroScope Microarchitectural Replay Attack Through a New Implementation

Abstract: Side-channel attacks, where information is extracted through analysis of the implementation of a computer system by a malicious adversary, constitute security vulnerabilities that may be hard to mitigate. They however suffer from noise originating from, for example, other processes or frequent cache evictions, which forces an attacker to repeat the attack a large number of times in order to obtain useful information. Some systems, like secure enclaves, already implement security mechanisms that make these kinds of attacks harder to execute. With MicroScope, a new framework structured as a kernel module, even these mechanisms can be evaded. Due to its novelty, documentation on how MicroScope is implemented and results obtained from MicroScopeassisted side-channel attacks are limited. The result presented in this thesis consists of a detailed, low level description of how the MicroScope framework functions in order to compromise a target machine, and how to execute a MicroScope-assisted side-channel replay attack. In conclusion, using the methods outlined in this thesis, it is possible to execute such an attack with the malicious intent of obtaining protected data.