BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus Interconnect
Cristiano Rodrigues, Daniel Oliveira, Sandro Pinto
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 5
The talk "BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus Interconnect," presented by Cristiano Rodrigues, Daniel Oliveira, and Sandro Pinto from the University of Minho, Portugal, unveils a groundbreaking new class of microarchitectural side-channel attacks targeting microcontrollers (MCUs). Traditionally, MCUs have been considered largely immune to such attacks due to their simpler, resource-constrained architectures, which lack complex features like caches, speculative execution, and out-of-order pipelines prevalent in high-performance CPUs. This prevailing belief has led to a false sense of security in the embedded systems domain.
AI review
This research obliterates the industry's complacent belief in MCU immunity to microarchitectural side-channels. The team's novel exploitation of bus interconnect arbitration, coupled with the ingenious 'Hardware Gadgets,' demonstrates a critical, pervasive vulnerability, even bypassing TrustZone. It forces a long-overdue re-evaluation of embedded system security.