Creating a Spider Goat: Using Transactional Memory Support for Security

by Igor Muttik, Alex Nayshtut
Sept. 19, 2017 0 comments Black Hat belen_caty

Often a solution from one area helps solve problems in a completely different field. In this session, we will show you how Intel CPU improvements designed to speed up computations have boosted security by creating a flexible memory monitor capable of detecting and reversing unauthorized memory changes. Modern CPUs support the detection and resolution of memory conflicts between multiple threads that access the same data: This is called the Transactional Synchronisation Extension (TSX) in modern Intel CPUs. Hardware-supported TSX technology (represented by XBEGIN and XEND instructions) helps avoid expensive software locks. Instead, TSX can automatically detect read/write memory conflicts and roll back corresponding RAM changes. We will show how TSX capabilities can be used for security. A special security thread reads protected RAM cells (data or code) in TSX mode; any other (potentially malicious) thread writing to the same cells will cause the CPU to abort the transaction.