Towards Practical Fabrication Stage Attacks Using Interrupt-Resilient Hardware Trojans
arxiv(2024)
摘要
We introduce a new class of hardware trojans called interrupt-resilient
trojans (IRTs). Our work is motivated by the observation that hardware trojan
attacks on CPUs, even under favorable attack scenarios (e.g., an attacker with
local system access), are affected by unpredictability due to non-deterministic
context switching events. As we confirm experimentally, these events can lead
to race conditions between trigger signals and the CPU events targeted by the
trojan payloads (e.g., a CPU memory access), thus affecting the reliability of
the attacks. Our work shows that interrupt-resilient trojans can successfully
address the problem of non-deterministic triggering in CPUs, thereby providing
high reliability guarantees in the implementation of sophisticated hardware
trojan attacks. Specifically, we successfully utilize IRTs in different attack
scenarios against a Linux-capable CPU design and showcase its resilience
against context-switching events. More importantly, we show that our design
allows for seamless integration during fabrication stage attacks.We evaluate
different strategies for the implementation of our attacks on a tape-out ready
high-speed RISC-V microarchitecture in a 28nm commercial technology process and
successfully implement them with an average overhead delay of only 20
picoseconds, while leaving the sign-off characteristics of the layout intact.
In doing so, we challenge the common wisdom regarding the low flexibility of
late supply chain stages (e.g., fabrication) for the insertion of powerful
trojans. To promote further research on microprocessor trojans, we open-source
our designs and provide the accompanying supporting software logic.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要