Take A Way - Exploring the Security Implications of AMD's Cache Way Predictors: A Presentation and Classification

Processors are very complex and their functionality is not openly documented. They possess many techniques to improve performance and latency. Caches, speculative execution and branch prediction are prominent examples of such techniques. They gained a lot of attention in the last few years, as a new class of attacks emerged, that exploits their behaviour. This new class of attacks is named ?Transient Execution Attacks? and exploit incorrectly predicted and executed instructions that lead to the access of secret values. Those attacks are often coupled with cache side-channel attacks to leak the accessed secret values across security boundaries. Recently a new paper named ?Take A Way? was released, which leverages the cache way predictor, used by AMD CPUs, to leak data. In this presentation, I want to give you an understanding on how and why this new exploit works, how it can be used and whether it is a new transient execution attack or not.