We present TLBleed, a novel side-channel attack that leaks information out of Translation Lookaside Buffers (TLBs). TLBleed shows a reliable side channel without relying on the CPU data or instruction caches. This therefore bypasses several proposed CPU cache side-channel protections, such as page coloring, CAT, and TSX. Our TLBleed exploit successfully leaks a 256-bit EdDSA key from cryptographic signing code, which would be safe from cache attacks with cache isolation turned on, but would no longer be safe with TLBleed. We achieve a 98% success rate after just a single observation of signing operation on a co-resident hyperthread and just 17 seconds of analysis time. Further, we show how another exploit based on TLBleed can leak bits from a side-channel resistant RSA implementation. We use novel machine learning techniques to achieve this level of performance. These techniques will likely improve the quality of future side-channel attacks. This talk contains details about the architecture and complex behavior of modern, multilevel TLB's on several modern Intel microarchitectures that is undocumented, and will be publically presented for the first time.
Ben Gras has been in the systems security research group of the VU Amsterdam since 2015. He has worked on software reliability, defensive research projects, and most recently, offensive research. Offensive research was most noticeably making cross-VM Rowhammer exploitation reliable and a cache-based ASLR-breaking MMU sidechannel attack, both of which have been widely reported on, perhaps most prominently in Wired and Arstechnica. At Cisco, he developed a infrastructure-as-a-target defensive system. He is currently working on a PhD in systems security research. He is frequently asked for expert commentary, most recently by Wired.com, BBC, Dutch national newspapers, and HBO Vice news tonight.