ABSynthe: Automatic Blackbox Side-channel Synthesis on Commodity Microarchitectures

The past decade has seen a plethora of side-channel attacks on various CPU components. Each new attack typically follows a whitebox analysis approach, which involves (i) identifying a specific shared CPU component, (ii) reversing its behavior on a specific microarchitecture, and (iii) surgically exploiting such knowledge to leak information (e.g., by actively evicting shared entries to monitor victim accesses). This approach requires lengthy reverse engineering, repeated for every component and microarchitecture, and does not allow for attacking unknown shared resources. In this paper, we present ABSynthe, a system that takes a target program and a microarchitecture as inputs and automatically synthesizes new side channels. The key insight is that by limiting ourselves to (typically on-core) contention-based side channels, we can treat the target CPU microarchitecture as a black box, enabling automation. To make ABSynthe possible, we have automatically generated leakage maps for a variety of x86_64 microarchitectures. These leakage maps show a complex picture of interaction between different x86_64 instructions and justify a black box approach to finding the best sequence of instructions that cause information to leak from a given software target, which we also treat as a black box. To recover the secret information using the optimized sequence of instructions, ABSynthe relies on a recurrent neural network to craft practical side-channel attacks that recover a secret bit stream. Our evaluation shows that ABSynthe can synthesize better attacks by exploiting contention on multiple components at the same time compared to state of the art contention-based attacks that focus on a single component. Furthermore, the automation made possible by ABSynthe allows us to synthesize cross-thread attacks for a variety of microarchitectures (from Intel, AMD and ARM) on four different cryptographic software targets, in both native and virtualized environments. The results show that ABSynthe can recover cryptographic key bit streams with high accuracy. As an example, ABSynthe recovers a full 256-bit EdDSA key from just a single trace capture with 100% success rate on one of our test beds.