HarTBleed: Using Hardware Trojans for Data Leakage Exploits

Asmit De, Mohammad Nasim Imtiaz Khan, Karthikeyan Nagarajan, Swaroop Ghosh

Research output: Contribution to journalArticle

Abstract

Data and information leakage is an important security concern in current systems. Several data leakage prevention (DLP) techniques have been proposed in the literature to prevent external as well as internal data leakage. Most of these solutions try to trace data flow and perform privilege checks to ensure the security of the data at the software and system level. Architecture level leakage vulnerabilities such as Spectre and Meltdown can be mitigated by performance-expensive software patches or by modifying the architecture itself. However, these solutions assume that the underlying hardware platform is secure and free from tampering. In this article, we present HarTBleed, a class of system attacks involving hardware compromised with a Trojan embedded in the CPU. We show that attacks crafted specifically to make use of the Trojan can be used to obtain sensitive information from the address space of a process. We propose the use of a capacitor-based Trojan trigger that exploits the virtual addressing of L1 cache to activate a Trojan payload that resets a target translation lookaside buffer (TLB) entry to maliciously map to sensitive data in memory. Extensive circuit simulation indicates that the proposed Trojan trigger is not activated during test or normal operation even under a wide range of process/temperature conditions. Therefore, it remains undetected. A successful HarTBleed-based exploit is demonstrated using an attack code by modeling the Trojan effects in the GEM5 simulator.

Original languageEnglish (US)
Article number8959377
Pages (from-to)968-979
Number of pages12
JournalIEEE Transactions on Very Large Scale Integration (VLSI) Systems
Volume28
Issue number4
DOIs
StatePublished - Apr 2020

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'HarTBleed: Using Hardware Trojans for Data Leakage Exploits'. Together they form a unique fingerprint.

  • Cite this