Hello I'm Prateek Nayak, an undergraduate student studying Computer Science. This blog hosts my explanations about various interesting stuff I've understood (or thought I've understood) while exploring the microarchiteture that powers our modern computers. People say I'm a pleasant person so don't hesitate if you ever want to reach out to me regarding errors in this blog or just to discuss computer architecture in general
Note: Hyperlinks below open a new tab.
You can reach out to me via Email, Twitter, Mastodon, or Github
Avatar stolen from KnowYourMeme
Ever wondered how complicated x86 instructions are implemented in hardware? How are AMD and Intel able to achieve industry leading performance with a complicated ISA that requires deep pipeline to be implemented in hardware? The secret is Micro-operations.
As we try to squeeze in more and more memory cells into DRAM, some of the assumptions we has made previously no longer remain true. Row Hammer is an hardware exploit that takes advantage of electrical disturbance cause by DRAM row activate to flip bits in memory. In this post, we discuss briefly how and why Row Hammer exploit exists.
As we try to squeeze in more and more memory cells into DRAM, some of the assumptions we has made previously no longer remain true. Row Hammer is an hardware exploit that takes advantage of electrical disturbance cause by DRAM row activate to flip bits in memory. In this post, we discuss briefly how and why Row Hammer exploit exists.
Over the years as computer systems have exponentially improved in efficiency and performance, one thing still remains a huge bottleneck - memory. A lot of energy is spend in moving data to and from Processor only to be used a couple of times in most cases for computation. With data increasing at an unprecedented rate, the need for a solution is dire. Architects are now looking at storage systems to be used, not just for storage, but also for computation. In this post, we'll look at one such architecture known as Processing using Memory (PuM).
Comparing for equality between two numbers takes log2(n) levels of 2-input and gate, where n is number of binary digits in the numbers. To improve performance and reduce logic size, one can get away by comparing only lower few digits assuming upper digits are equal. In Predictive Data Forwarding, CPU speculatively forwards data in Line Fill Buffer and Store Buffer to outstanding loads if the lower bits of address match. This improves performance in case the speculation is right however in case of a mis-speculation, the data belonging to one process might end up with another, albeit for a short period of time, before CPU state being reset to the one before speculation began. Rogue In-flight Data Load exploits this to leak secret using cache based side channel and timing analysis.
In this post e taka a look at M1RACLES, a harmless exploit that exists in the new Apple M1 SoC. The exploit involves using a 2-bit register exposed to userspace program as a side-channel to send data across co-operating processes. Despite there being more efficient side channels to send data between co-operating processes, M1RACLES got it's own CVE as it provides a channel for two processes to talk to each other without the intervention of Operating System which goes against the ode principles of n operating system.
Just like ho measuring time taken to run instruction can give insights on runtime of victim program, measuring power consumption of CPU can also give insights on runtime of program. In this post, we lay the groundwork for understanding attacks that uses power consumption as a side channel to leak secrets from victim's address space.
Just like Meltdown, discussed previously, Spectre is another microarchitectural exploit that takes advantage of speculative execution, and the fact that hyper-threaded cores share the same Branch Target Buffer, to manipulate the execution path of victim program and leak secrets from victim's address space. In this post, we'll take a brief look at Specter and the microarchitectural implementation that allows for the exploit.
Branch Prediction is a technique employed by modern microprocessors to prevent stalling on conditional branches by speculating their outcome and executing along the speculated path. In this post we'll take a look at reasoning behind branch prediction, its evolution, and why it makes sense to be featured in general purpose processors.
Meltdown is one of the most popular CPU vulnerability that exploits the feature of modern processors such as Speculative Execution and the delay in permission check for memory access, to read data, a userspace process shouldn't have access to. In this post, we'll take a brief look at the exploit that brought security to forefront of microarchitectural design.
Some of the most serious microarchitectural vulnerabilities discovered in recent times such as Spectre and Meltdown exploit the feature in modern processors called Speculative Execution. In this post we'll take a brief look at Speculative Execution and reason why modern processors speculate in certain scenarios, and why it has become a security concern.
Most cache side channel attacks requires a method to extract the secret from the cache. Flush and Reload is one such method to extract data from cache side channel that cache replacment policy to leak secrets. It can be used in systems that don't offer an unprivileged instruction to invalidate cache lines.
Most cache side channel attacks requires a method to extract the secret from the cache. Flush and Reload is one such method to extract data from cache side channel that exploits cache invalidation instruction and accurate timers to achieve the goal
Timing Analysis is the core of most side channel attacks. In this post, we dissect the root cause that enables timing analysis and give a foundation for upcoming series of posts.
