Techly NewsGet the app

Get the latest tech news

MileSan: Detecting μ-Architectural Leakage via Differential HW/SW Taint Tracking


;DR MileSan is an RTL sanitizer that detects arbitrary exploitable information leakage by checking for the architecturally-observable differences between architectural and microarchitectural information flows. We built RandOS, a fuzzer that employs MileSan for program generation and leakage detection, and found 19 new leakages (of which 13 were assigned CVEs) across 5 RISC-V CPUs.

Microarchitectural performance optimizations introduce information flows inside CPU implementations that exceed those defined by the Instruction Set Architecture (ISA). RandOS is a new microarchitectural fuzzer that generates random programs with strictly determined architectural information flow of secret data. This work was supported by the Swiss State Secretariat for Education, Research and Innovation under contract number MB22.00057 (ERC-StG PROMISE).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of differential hw

differential hw

Photo of sw taint tracking

sw taint tracking

Photo of milesan

milesan

« Incident Report for Anthropic
EcoDataCenter Raises €600 Million Debt for AI Infrastructure »