CAPEC-663: Exploitation of Transient Instruction Execution
An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access control over restricted resources. Typically, the adversary conducts a covert channel attack to target non-discarded microarchitectural changes caused by transient executions such as speculative execution, branch prediction, instruction pipelining, and/or out-of-order execution. The transient execution results in a series of instructions (gadgets) which construct covert channel and access/transfer the secret data.
Last updated
Overview
CAPEC-663 (Exploitation of Transient Instruction Execution) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
How the attack works
The phases an attacker typically follows to carry out this attack.
- Step 1Explore
[Survey target application and relevant OS shared code libraries] Adversary identifies vulnerable transient instruction sets and the code/function calls to trigger them as well as instruction sets or code fragments (gadgets) to perform attack.
- Utilize Disassembler and Debugger tools to examine and trace instruction set execution of source code and shared code libraries on a system.
- Step 2Explore
[Explore cache and identify impacts] Utilize tools to understand the impact of transient instruction execution upon address spaces and CPU operations.
- Run OS or application specific tools that examine the contents of cache.
- Step 1Experiment
[Cause conditions for identified transient instruction set execution] Adversary ensures that specific code/instructions of the target process are executed by CPU, so desired transient instructions are executed.
- Step 2Experiment
[Cause specific secret data to be cached from restricted address space] Executed instruction sets (gadgets) in target address space, initially executed via adversary-chosen transient instructions sets, establish covert channel and transfer secret data across this channel to cache.
- Prediction-based - adversary trains CPU to incorrectly predict/speculate conditions for instruction execution to be true, hence executing adversary-chosen transient instructions. These prediction-based methods include: Pattern History Table (PHT)/Input Validation Bypass, Branch Target Buffer (BTB)/Branch Target Injection, Return Stack Buffer (RSB)/Return Address Injection, and Store To Load (STL)/Speculative Store Bypass.
- Exception/Fault-based - adversary has CPU execute transient instructions that raise an exception allowing inaccessible memory space to be accessed via out-of-order execution. These exception/fault-based methods include: Supervisor-only Bypass, Virtual Translation Bypass, System Register Bypass, FPU Register Bypass, Read-only Bypass, Protection Key Bypass, and Bounds Check Bypass.
- Step 1Exploit
[Perform covert channel attack to obtain/access secret data] Adversary process code removes instructions/data from shared cache set, waits for target process to reinsert them back into cache, to identify location of secret data via a timing method. Adversary continuously repeat this process to identify and access entirety of targeted secret data.
- Flush+Reload - adversary frequently flushes targeted memory cache line using a dedicated machine flush instruction, and uses another process to measure time taken for CPU to load victim secret data.
- Evict+Time - adversary causes victim to load target set into cache and measures time for victim process to load this data, setting a baseline. Adversary evicts a specified cache line and causes victim process to execute again, and measures any change in execution time, to determine if cache line was accessed.
- Prime+Probe - adversary primes cache by filling cache line(s) or set(s) with data, after some time victim process evicts this adversary data to replace it with secret data. The adversary then probes/accesses all the previously accessed cache lines detecting cache misses, which determine that their attacker data has been evicted and replaced with secret data from victim process.
What the attacker needs
Prerequisites
- The adversary needs at least user execution access to a system and a maliciously crafted program/application/process with unprivileged code to misuse transient instruction set execution of the CPU.
Skills required
- High skill: Detailed knowledge on how various CPU architectures and microcode perform transient execution for various low-level assembly language code instructions/operations.
- High skill: Detailed knowledge on compiled binaries and operating system shared libraries of instruction sequences, and layout of application and OS/Kernel address spaces for data leakage.
Resources required
- C2C mechanism or direct access to victim system, capable of dropping malicious program and collecting covert channel attack data.
- Malicious program capable of triggering execution of transient instructions or vulnerable instruction sequences of victim program and performing a covert channel attack to gather data from victim process memory space. Ultimately, the speed with which an attacker discovers a secret is directly proportional to the computational resources of the victim machine.
Consequences
What a successful CAPEC-663 attack can achieve.
Read Data
Affects: Confidentiality
Bypass Protection Mechanism
Affects: Access Control
Execute Unauthorized Commands
Affects: Authorization
How to mitigate it
Defenses that reduce the risk of CAPEC-663.
- Implementation: DAWG (Dynamically Allocated Way Guard) - processor cache properly divided between different programs/processes that don't share resources
- Implementation: KPTI (Kernel Page-Table Isolation) to completely separate user-space and kernel space page tables
- Configuration: Architectural Design of Microcode to limit abuse of speculative execution and out-of-order execution
- Configuration: Disable SharedArrayBuffer for Web Browsers
- Configuration: Disable Copy-on-Write between Cloud VMs
- Configuration: Privilege Checks on Cache Flush Instructions
- Implementation: Non-inclusive Cache Memories to prevent Flush+Reload Attacks
How to detect it
Indicators that this attack may be underway.
- File Signatures for Malicious Software capable of abusing Transient Instruction Set Execution
Examples
A web browser with user-privileges executes JavaScript code imbedded within a malicious website. The system does not disable shared buffers for the web browser and there is no restriction or check upon user-process execution of flush or evict instructions. The Javascript code executes vulnerable transient instructions upon system to cause microarchitectural changes that establish covert channel and transfer sensitive/secret data into shared cache from address space of either kernel, web browser or another executing process on the system.
Frequently asked questions
Common questions about CAPEC-663.
- What is CAPEC-663?
- An adversary exploits a hardware design flaw in a CPU implementation of transient instruction execution to expose sensitive data and bypass/subvert access control over restricted resources. Typically, the adversary conducts a covert channel attack to target non-discarded microarchitectural changes caused by transient executions such as speculative execution, branch prediction, instruction pipelining, and/or out-of-order execution. The transient execution results in a series of instructions (gadgets) which construct covert channel and access/transfer the secret data.
- How does a Exploitation of Transient Instruction Execution attack work?
- It typically unfolds over 5 phases. It begins with: [Survey target application and relevant OS shared code libraries] Adversary identifies vulnerable transient instruction sets and the code/function calls to trigger them as well as instruction sets or code fragments (gadgets) to perform attack.
- How do you prevent CAPEC-663?
- Implementation: DAWG (Dynamically Allocated Way Guard) - processor cache properly divided between different programs/processes that don't share resources
- What weaknesses does CAPEC-663 target?
- CAPEC-663 exploits 3 CWE weaknesses, including CWE-1037 (Processor Optimization Removal or Modification of Security-critical Code), CWE-1264 (Hardware Logic with Insecure De-Synchronization between Control and Data Channels), CWE-1303 (Non-Transparent Sharing of Microarchitectural Resources).
- How severe is CAPEC-663?
- MITRE rates CAPEC-663 as Very High severity with low likelihood of attack.
References
Attack-pattern data is sourced from the MITRE CAPEC catalog (v3.9). Weakness associations link to the corresponding CWE entries on RadicalNotion.AI.
Defend against CAPEC-663
Track the CVEs and weaknesses attackers exploit with this technique, with AI-written analysis and remediation guidance.