Skip to Main content Skip to Navigation
Conference papers

Diminisher: A Linux Kernel based Countermeasure for TAA Vulnerability

Ameer Hamza 1 Maria Mushtaq 2, 3, 4 Muhammad Khurram Bhatti 1 David Novo 5 Florent Bruguier 5 Pascal Benoit 5 
4 SSH - Secure and Safe Hardware
LTCI - Laboratoire Traitement et Communication de l'Information
5 ADAC - ADAptive Computing
LIRMM - Laboratoire d'Informatique de Robotique et de Microélectronique de Montpellier
Abstract : TSX Asynchronous Abort (TAA) vulnerability is a class of Side-Channel Attack (SCA) that allows an application to leak data from internal CPU buffers through asynchronous Transactional Synchronization Extension (TSX) aborts that are exploited by the recent Microarchitectural Data Sampling (MDS) attacks. Cross-core TAA attacks can be prevented through microcode updates where CPU buffers are flushed during Operating System (OS) context switching, but there is no solution to our knowledge that exists for hyper-threaded TAA attacks in which the attacker leaks data from sibling hardware threads through asynchronous abort. In this work, we have proposed Diminisher, a Linux kernel-based detection and mitigation solution for both hyper-threaded and cross-core TAA attacks. Diminisher can be logically divided into three phases, i.e., scheduling, detection, and mitigation. Diminisher is a lightweight tool to prevent TAA vulnerability. The novelty lies in the methodology that we propose enabling easy extensions to cover other hyper-threaded attacks for which no satisfactory solutions exist yet. Diminisher detects and mitigates the TAA attacks around 99% of the time at a low-performance overhead of 2.5%.
Complete list of metadata
Contributor : Maria Mushtaq Connect in order to contact the contributor
Submitted on : Monday, October 11, 2021 - 10:53:03 AM
Last modification on : Friday, August 5, 2022 - 3:02:14 PM
Long-term archiving on: : Wednesday, January 12, 2022 - 7:14:52 PM


Files produced by the author(s)



Ameer Hamza, Maria Mushtaq, Muhammad Khurram Bhatti, David Novo, Florent Bruguier, et al.. Diminisher: A Linux Kernel based Countermeasure for TAA Vulnerability. CPS4CIP 2021 - 2nd International Workshop on Cyber-Physical Security for Critical Infrastructures Protection, Oct 2021, virtual event, Germany. pp.477-495, ⟨10.1007/978-3-030-95484-0_28⟩. ⟨hal-03372868⟩



Record views


Files downloads