The 2020 Pwnie Nominee For Most Innovative Research

NetCAT: Practical Cache Attacks from the Network.

Pietro Frigo

NetCAT shows that network-based cache side-channel attacks are a realistic threat. Cache attacks have been traditionally used to leak sensitive data on a local setting (e.g., from an attacker-controlled virtual machine to a victim virtual machine that share the CPU cache on a cloud platform). The NetCAT team showed that untrusted clients over the network can now access sensitive data such as keystrokes in an SSH session from remote servers with no local access. This work targeted a feature in modern Intel Xeon processors called DDIO, which grants network devices and other peripherals direct access to the CPU cache. Originally, intended as a performance optimization in fast networks, the team showed DDIO has severe security implications, exposing servers in local untrusted networks to remote side-channel attacks. Intel agreed this was a significant vulnerability, awarded NetCAT a bounty and recommended that users “limit direct access from untrusted networks when DDIO & RDMA are enabled“. To the best of our knowledge, this is the first time a major hardware vendor like Intel cautioned against using a CPU feature in untrusted local networks.

NetCAT