MASCAT: Preventing Microarchitectural Attacks Before Distribution

Gorka Irazoqui, Thomas Eisenbarth, Berk Sunar


Microarchitectural attacks have gained popularity lately for the threat they pose and for their stealthiness. They are stealthy as they only exploit common harmless resources accessible at lowest privilege level, e.g. timed memory and cache accesses. Microarchitectural attacks have proven successful on shared cloud instances across VMs, on smartphones with sandboxing, and on numerous embedded platforms. Further they have shown to have catastrophic consequences such as critical data recovery or memory isolation bypassing. Due to the rise of malicious code, app store operators such as Microsoft, Apple and Google are already vetting apps before releasing them. Microarchitectural attacks however still bypass such detection mechanisms as they mainly utilize standard resources and look harmless. Given the rise of malicious code in app stores and in online repositories it becomes essential to scan applications for such stealthy attacks to prevent their distribution. We present a static code analysis tool, MASCAT, capable of scanning for ever-evolving microarchitectural attacks. MASCAT can be used by app store service providers to perform large scale fully automated analysis of applications. The initial MASCAT suite is built to include cache/DRAM access attacks and rowhammer. MASCAT detects several patterns that are common and necessary to execute microarchitectural attacks. MASCAT currently has a detection rate of 96% and an average false positive rate tested in 1200 applications of 0.75%. Further, our tool can easily be extended to cover newer attack vectors as they emerge.

Original languageEnglish
Title of host publicationCODASPY 2018 - Proceedings of the 8th ACM Conference on Data and Application Security and Privacy
Number of pages12
PublisherAssociation for Computing Machinery
Publication date13.03.2018
ISBN (Print)978-145035632-9
Publication statusPublished - 13.03.2018
Event8th ACM Conference on Data and Application Security and Privacy - Tempe, United States
Duration: 19.03.201821.03.2018
Conference number: 135355


Dive into the research topics of 'MASCAT: Preventing Microarchitectural Attacks Before Distribution'. Together they form a unique fingerprint.

Cite this