Empirical Study of Proposed Meltdown Attack Implementation on BOOM v3

• Published in: 2022 IEEE 65th International Midwest Symposium on Circuits and Systems (MWSCAS) pp. 1 - 4
• Main Authors: Lin, Chien-Hsiang, Su, Yi-Pei, Chen, Yean-Ru, Chou, Yu-Ting, Chen, Sao-Jie
• Format: Conference Proceeding
• Language: English
• Published: IEEE 07.08.2022
• Subjects: BOOM v3; Circuits and systems; Codes; Costs; Hardware; Meltdown; Out of order; RISC-V processor; Security; security vulnerability; Transient analysis; transient attacks
• ISSN: 1558-3899
• DOI: 10.1109/MWSCAS54063.2022.9859354

In recent years, the discovery of transient attacks such as Spectre and Meltdown has brought a huge impact on many processor manufacturers. Therefore, these manufacturers must pay more attention to the security verification of their products and understand the principles of these transient attacks in order to avoid developing products with security vulnerabilities. The Meltdown attack exploits the hardware vulnerability of permission checking and the out-of-order execution feature that is implemented on modern processors, thereby leaking some protected important data. In this paper, we provide a sample code of Meltdown attack to show the open source RISC-V processor - BOOM v3 (Berkeley Out-of-Order Machine) which is claimed to have mitigation mechanism for Meltdown attack is still vulnerable. We also analyze the implementation of BOOM's permission check and the features of out-of-order to illustrate why our sample attack can attack it successfully. According to our experimental results, the simulation time of this code costs 3.9 ms to show that BOOM v3 will be affected by Meltdown attack.