Your Processor Leaks Information - and There's Nothing You Can Do About It
This reveals a fundamental security vulnerability in modern processors that affects system protection mechanisms, with broad implications for computing security.
The paper investigates timing channels in microarchitectural features like CPU caches and branch predictors across x86 and ARM processors, finding that at least one significant channel persists despite flushing mechanisms, making it impossible to close all channels on contemporary hardware.
Timing channels are information flows, encoded in the relative timing of events, that bypass the system's protection mechanisms. Any microarchitectural state that depends on execution history and affects the rate of progress of later executions potentially establishes a timing channel, unless explicit steps are taken to close it. Such state includes CPU caches, TLBs, branch predictors and prefetchers; removing the channels requires that the OS can partition such state or flush it on a switch of security domains. We measure the capacities of channels based on these microarchitectural features on several generations of processors across the two mainstream ISAs, x86 and ARM, and investigate the effectiveness of the flushing mechanisms provided by the respective ISA.We find that in all processors we studied, at least one significant channel remains. This implies that closing all timing channels seems impossible on contemporary mainstream processors.