All Your PC Are Belong to Us: Exploiting Non-control-Transfer Instruction BTB Updates for Dynamic PC Extraction

Leaking a program's instruction address (PC) pattern, completely and precisely, has long been a sought-after capability for micro-architectural side-channel attackers. Case in point, such a primitive would be sufficient to construct powerful control-flow leakage attacks (inferring program secrets impacting control flow) that defeat existing control-flow leakage mitigations, or even reverse-engineer private binaries through PC-trace granular fingerprinting. However, current side-channel attack techniques only capture PCs at a coarse granularity or for only specific instruction types. In this paper, we propose the first micro-architectural side-channel attack that is capable of directly observing the exact PCs of arbitrary victim dynamic instructions-i.e., even the PCs of non-control-transfer instructions and even if the program code is private. Our attack exploits several previously overlooked characteristics in modern Intel Branch Target Buffers (BTBs). The core observation is perhaps counter-intuitive: despite being a structure related to control-flow prediction, the BTB incurs observable state changes after the execution of potentially any instruction, not just control-transfer instructions. Through reverse-engineering and analyzing said BTB vulnerabilities, we design and implement an attack framework named NightVision. We demonstrate how NightVision is capable of efficiently and accurately identifying a subset, or the entirety, of a victim program's dynamic PC trace (depending on the attacker's capabilities). We show how NightVision enables a new control-flow attack that bypasses prior defenses. Additionally, we show that when combined with code fingerprinting techniques, NightVision enables reverse-engineering of private programs.