Fabrication attacks

Zero-overhead malicious modifications enabling modern microprocessor privilege escalation

Nektarios Georgios Tsoutsos, Mihalis Maniatakos

    Research output: Contribution to journalArticle

    Abstract

    The wide deployment of general purpose and embedded microprocessors has emphasized the need for defenses against cyber-attacks. Due to the globalized supply chain, however, there are several stages where a processor can be maliciously modified. The most promising stage, and the hardest during which to inject the hardware trojan, is the fabrication stage. As modern microprocessor chips are characterized by very dense, billion-transistor designs, such attacks must be very carefully crafted. In this paper, we demonstrate zero overhead malicious modifications on both high-performance and embedded microprocessors. These hardware trojans enable privilege escalation through execution of an instruction stream that excites the necessary conditions to make the modification appear. The minimal footprint, however, comes at the cost of a small window of attack opportunities. Experimental results show that malicious users can gain escalated privileges within a few million clock cycles. In addition, no system crashes were reported during normal operation, rendering the modifications transparent to the end user.

    Original languageEnglish (US)
    Article number6646239
    Pages (from-to)81-93
    Number of pages13
    JournalIEEE Transactions on Emerging Topics in Computing
    Volume2
    Issue number1
    DOIs
    StatePublished - Jan 1 2014

    Fingerprint

    Microprocessor chips
    Fabrication
    Supply chains
    Clocks
    Transistors
    Hardware
    Hardware security

    Keywords

    • fabrication attacks
    • Hardware trojans
    • malicious modification
    • microprocessors
    • privilege escalation
    • zero overhead

    ASJC Scopus subject areas

    • Computer Science (miscellaneous)
    • Information Systems
    • Human-Computer Interaction
    • Computer Science Applications

    Cite this

    Fabrication attacks : Zero-overhead malicious modifications enabling modern microprocessor privilege escalation. / Tsoutsos, Nektarios Georgios; Maniatakos, Mihalis.

    In: IEEE Transactions on Emerging Topics in Computing, Vol. 2, No. 1, 6646239, 01.01.2014, p. 81-93.

    Research output: Contribution to journalArticle

    @article{7a40f30d9f1b4756a88f2664fed92aee,
    title = "Fabrication attacks: Zero-overhead malicious modifications enabling modern microprocessor privilege escalation",
    abstract = "The wide deployment of general purpose and embedded microprocessors has emphasized the need for defenses against cyber-attacks. Due to the globalized supply chain, however, there are several stages where a processor can be maliciously modified. The most promising stage, and the hardest during which to inject the hardware trojan, is the fabrication stage. As modern microprocessor chips are characterized by very dense, billion-transistor designs, such attacks must be very carefully crafted. In this paper, we demonstrate zero overhead malicious modifications on both high-performance and embedded microprocessors. These hardware trojans enable privilege escalation through execution of an instruction stream that excites the necessary conditions to make the modification appear. The minimal footprint, however, comes at the cost of a small window of attack opportunities. Experimental results show that malicious users can gain escalated privileges within a few million clock cycles. In addition, no system crashes were reported during normal operation, rendering the modifications transparent to the end user.",
    keywords = "fabrication attacks, Hardware trojans, malicious modification, microprocessors, privilege escalation, zero overhead",
    author = "Tsoutsos, {Nektarios Georgios} and Mihalis Maniatakos",
    year = "2014",
    month = "1",
    day = "1",
    doi = "10.1109/TETC.2013.2287186",
    language = "English (US)",
    volume = "2",
    pages = "81--93",
    journal = "IEEE Transactions on Emerging Topics in Computing",
    issn = "2168-6750",
    publisher = "IEEE Computer Society",
    number = "1",

    }

    TY - JOUR

    T1 - Fabrication attacks

    T2 - Zero-overhead malicious modifications enabling modern microprocessor privilege escalation

    AU - Tsoutsos, Nektarios Georgios

    AU - Maniatakos, Mihalis

    PY - 2014/1/1

    Y1 - 2014/1/1

    N2 - The wide deployment of general purpose and embedded microprocessors has emphasized the need for defenses against cyber-attacks. Due to the globalized supply chain, however, there are several stages where a processor can be maliciously modified. The most promising stage, and the hardest during which to inject the hardware trojan, is the fabrication stage. As modern microprocessor chips are characterized by very dense, billion-transistor designs, such attacks must be very carefully crafted. In this paper, we demonstrate zero overhead malicious modifications on both high-performance and embedded microprocessors. These hardware trojans enable privilege escalation through execution of an instruction stream that excites the necessary conditions to make the modification appear. The minimal footprint, however, comes at the cost of a small window of attack opportunities. Experimental results show that malicious users can gain escalated privileges within a few million clock cycles. In addition, no system crashes were reported during normal operation, rendering the modifications transparent to the end user.

    AB - The wide deployment of general purpose and embedded microprocessors has emphasized the need for defenses against cyber-attacks. Due to the globalized supply chain, however, there are several stages where a processor can be maliciously modified. The most promising stage, and the hardest during which to inject the hardware trojan, is the fabrication stage. As modern microprocessor chips are characterized by very dense, billion-transistor designs, such attacks must be very carefully crafted. In this paper, we demonstrate zero overhead malicious modifications on both high-performance and embedded microprocessors. These hardware trojans enable privilege escalation through execution of an instruction stream that excites the necessary conditions to make the modification appear. The minimal footprint, however, comes at the cost of a small window of attack opportunities. Experimental results show that malicious users can gain escalated privileges within a few million clock cycles. In addition, no system crashes were reported during normal operation, rendering the modifications transparent to the end user.

    KW - fabrication attacks

    KW - Hardware trojans

    KW - malicious modification

    KW - microprocessors

    KW - privilege escalation

    KW - zero overhead

    UR - http://www.scopus.com/inward/record.url?scp=84930240167&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84930240167&partnerID=8YFLogxK

    U2 - 10.1109/TETC.2013.2287186

    DO - 10.1109/TETC.2013.2287186

    M3 - Article

    VL - 2

    SP - 81

    EP - 93

    JO - IEEE Transactions on Emerging Topics in Computing

    JF - IEEE Transactions on Emerging Topics in Computing

    SN - 2168-6750

    IS - 1

    M1 - 6646239

    ER -