Transient Execution Attacks
A transient execution attack exploits the microarchitectural side effects of transient instructions, thus allowing a malicious adversary to access information that would ordinarily be prohibited by architectural access control mechanisms. To successfully launch a transient execution attack, the adversary must be able to:
Access a victim’s secret.
Transmit that secret over a covert channel.
Receive the secret from the covert channel.
Steps 1 and 2 are collectively referred to as the disclosure gadget3. Note that the underlying incidental channel is functioning as a covert channel because the adversary controls both its input and its output.
Transient execution attacks can be categorized according to their impact on hardware-based protection features. A hardware protection domain (referred to simply as domain in this context) consists of code and data within a protection boundary that is defined by hardware-enforced access control mechanisms such as privilege level (ring), page tables, and protection keys. Examples of domains include processes, Intel® Software Guard Extensions (Intel® SGX) enclaves, Virtual Machines (VMs), and ring 0 operating system (OS) code. Domains can also be distinct machines or devices connected over a network, bus, or other hardware interface; the content of network/bus traffic constitutes the legitimate channel, and other measurable attributes of the transmission (latency, for instance) may create incidental channels.
A transient execution attack is characterized by the relationship between the disclosure gadget and the victim/adversary domains: a transient execution attack is domain-bypass if the disclosure gadget is in the adversary’s domain, cross-domain if the disclosure gadget is in the victim’s domain, or in-domain if the disclosure gadget is in an adversary-controlled sandbox4 within the victim’s domain. The following sections describe these in more detail.