Institute of Computing Technology, Chinese Academy IR
| Oxpecker: Leaking Secrets via Fetch Target Queue | |
| Li, Shan1; Xu, Zheliang1; Shen, Haihua1; Li, Huawei1,2 | |
| 2025-07-01 | |
| 发表期刊 | IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS
 |
| ISSN | 0278-0070 |
| 卷号 | 44期号:7页码:2461-2474 |
| 摘要 | Modern processors integrate carefully designed micro-architectural components within the front-end to optimize performance. These components include instruction cache, micro-operation cache, and instruction prefetcher. Through experimentation, we observed that the rate of instruction generation in the fetch unit markedly exceeds the execution rate in the decode unit. However, existing frameworks of processors fail to explain this phenomenon. Consequently, we empirically validate the presence of an optimization feature, referred to as the fetch target queue (FTQ), within the Intel processor. To the best of our knowledge, our study represents the first empirical validation of FTQ across various Intel processors and provides a comprehensive characterization of unrecorded FTQ micro-structural details on Intel processors. Our analysis uncovers overlooked insights that front-end rollbacks caused by the incorrectly ordered instructions or mismatched instruction lengths stored in FTQ introduce specific execution latencies. Based on these observations, we introduce the Oxpecker attack, consisting of two attack primitives, which leverages the FTQ to construct novel side-channel attacks. We construct two distinct exploitation scenarios for each attack primitive to demonstrate the Oxpecker attack's capability to leak secret control flow information and break Kernel Address Space Layout Randomization. |
| 关键词 | Program processors Prefetching Security Pipelines Integrated circuits Design automation Prevention and mitigation Manuals Decoding Optimization Branch prediction unit (BPU) fetch target queue (FTQ) front-end hardware security instruction fetch unit instruction prefetcher |
| DOI | 10.1109/TCAD.2025.3527903 |
| 收录类别 | SCI |
| 语种 | 英语 |
| 资助项目 | National Key Research and Development Program of China[2022YFB4500402] ; Fundamental Research Funds for the Central Universities |
| WOS研究方向 | Computer Science ; Engineering |
| WOS类目 | Computer Science, Hardware & Architecture ; Computer Science, Interdisciplinary Applications ; Engineering, Electrical & Electronic |
| WOS记录号 | WOS:001513216800024 |
| 出版者 | IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC |
| 引用统计 | |
| 文献类型 | 期刊论文 |
| 条目标识符 | http://119.78.100.204/handle/2XEOYT63/42300 |
| 专题 | 中国科学院计算技术研究所期刊论文_英文 |
| 通讯作者 | Shen, Haihua; Li, Huawei |
| 作者单位 | 1.Univ Chinese Acad Sci, Sch Comp Sci & Technol, Beijing 101408, Peoples R China 2.Chinese Acad Sci, Inst Comp Technol, State Key Lab Processors, Beijing 100190, Peoples R China |
| 推荐引用方式 GB/T 7714 | Li, Shan,Xu, Zheliang,Shen, Haihua,et al. Oxpecker: Leaking Secrets via Fetch Target Queue[J]. IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS,2025,44(7):2461-2474. |
| APA | Li, Shan,Xu, Zheliang,Shen, Haihua,&Li, Huawei.(2025).Oxpecker: Leaking Secrets via Fetch Target Queue.IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS,44(7),2461-2474. |
| MLA | Li, Shan,et al."Oxpecker: Leaking Secrets via Fetch Target Queue".IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED CIRCUITS AND SYSTEMS 44.7(2025):2461-2474. |
| 条目包含的文件 | 条目无相关文件。 | |||||
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。
修改评论