Microarchitectural Attacks and Security

Microarchitectural attacks are a sophisticated class of cybersecurity threats that exploit the physical implementation of a processor's design rather than traditional software vulnerabilities. These attacks leverage side channels—unintended information pathways created by performance-optimizing hardware features like caches, speculative execution, and branch prediction—to leak sensitive information. By observing subtle, measurable effects such as timing differences in memory access, an attacker can infer secret data, like cryptographic keys or passwords, from otherwise isolated and protected processes. The field of microarchitectural security, therefore, focuses on understanding, detecting, and mitigating these hardware-level vulnerabilities through a combination of software patches, compiler-based defenses, and the development of more resilient processor architectures.

1. Foundations of Microarchitectural Security
   1. Computer Architecture Fundamentals
      1. Instruction Set Architecture (ISA)
         1. Definition and Purpose of ISA
         2. ISA Components
            1. Instruction Formats
            2. Addressing Modes
            3. Register Sets
            4. Data Types
         3. Common ISA Examples
            1. x86-64
            2. ARM
            3. RISC-V
         4. ISA vs Microarchitecture Distinction
      2. Microarchitectural Implementation
         1. Definition of Microarchitecture
         2. Implementation Variations for Same ISA
         3. Performance vs Security Trade-offs
      3. Microarchitectural State
         1. Architectural State
            1. Programmer-Visible Registers
            2. Memory Contents
            3. Program Counter
         2. Non-Architectural State
            1. Cache Contents
            2. Branch Predictor State
            3. Pipeline Registers
            4. Translation Buffers
         3. State Persistence Characteristics
         4. State Visibility and Access Control
      4. Hardware-Software Abstraction
         1. Abstraction Layer Model
         2. Hardware-Software Contract
         3. Security Assumptions in Abstraction
         4. Abstraction Violations and Security Implications
   2. Performance Optimization Features
      1. Memory Hierarchy and Caches
         1. Cache Fundamentals
            1. Temporal Locality
            2. Spatial Locality
            3. Cache Performance Metrics
         2. Cache Hierarchy Levels
            1. L1 Instruction Cache
            2. L1 Data Cache
            3. L2 Unified Cache
            4. L3 Shared Cache
            5. Last Level Cache (LLC)
         3. Cache Organization Schemes
            1. Direct-Mapped Caches
            2. Set-Associative Caches
            3. Fully-Associative Caches
            4. Cache Line Size and Alignment
         4. Cache Replacement Policies
            1. Least Recently Used (LRU)
            2. Random Replacement
            3. Pseudo-LRU
         5. Cache Coherence in Multi-Core Systems
            1. MESI Protocol States
            2. MOESI Protocol Extensions
            3. Directory-Based Coherence
            4. Snooping Protocols
         6. Inclusive vs Exclusive Cache Hierarchies
         7. Cache Partitioning and Sharing
      2. Instruction Execution Optimization
         1. Pipelining
            1. Pipeline Stages
               1. Instruction Fetch
               2. Instruction Decode
               3. Execute
               4. Memory Access
               5. Write Back
            2. Pipeline Hazards
               1. Data Hazards
               2. Control Hazards
               3. Structural Hazards
            3. Hazard Resolution Techniques
         2. Superscalar Execution
            1. Multiple Issue Pipelines
            2. Instruction-Level Parallelism
            3. Resource Allocation
         3. Out-of-Order Execution
            1. Instruction Scheduling
            2. Reorder Buffer Operation
            3. Register Renaming Mechanisms
            4. Dependency Tracking
            5. Commit and Retirement
      3. Speculative Execution Mechanisms
         1. Branch Prediction
            1. Static Branch Prediction
            2. Dynamic Branch Prediction
            3. Two-Level Adaptive Predictors
            4. Tournament Predictors
            5. Perceptron-Based Predictors
         2. Branch Target Prediction
            1. Branch Target Buffer (BTB) Structure
            2. BTB Indexing and Tagging
            3. Indirect Branch Prediction
         3. Return Address Prediction
            1. Return Stack Buffer (RSB) Operation
            2. RSB Overflow Handling
         4. Speculative Memory Operations
            1. Load Speculation
            2. Store-to-Load Forwarding
            3. Memory Disambiguation
      4. Simultaneous Multithreading (SMT)
         1. SMT Architecture Principles
         2. Resource Sharing in SMT
            1. Execution Units
            2. Cache Resources
            3. Branch Predictors
            4. TLB Sharing
         3. Thread Scheduling in SMT
         4. Performance Benefits and Costs
      5. Memory Management
         1. Virtual Memory System
            1. Address Translation Process
            2. Page Table Structure
            3. Multi-Level Page Tables
         2. Translation Lookaside Buffer (TLB)
            1. TLB Organization
            2. TLB Hierarchy
            3. TLB Miss Handling
            4. TLB Sharing Models
         3. Memory Protection Mechanisms
            1. Privilege Levels
            2. Page Protection Bits
            3. Segmentation
      6. Prefetching Systems
         1. Hardware Prefetchers
            1. Stream Prefetchers
            2. Stride Prefetchers
            3. Pattern-Based Prefetchers
         2. Software Prefetching
            1. Prefetch Instructions
            2. Compiler-Directed Prefetching
         3. Prefetch Buffer Management
   3. Side Channel Fundamentals
      1. Side Channel Definition and Characteristics
         1. Information Leakage Mechanisms
         2. Unintended Information Channels
         3. Observable vs Exploitable Channels
      2. Side Channels vs Covert Channels
         1. Definitional Differences
         2. Threat Model Distinctions
         3. Communication vs Observation
      3. Side Channel Classification
         1. Timing-Based Channels
            1. Execution Time Variations
            2. Cache Access Timing
            3. Memory Access Timing
         2. Power-Based Channels
            1. Dynamic Power Consumption
            2. Static Power Variations
         3. Electromagnetic Channels
            1. EM Radiation Patterns
            2. Near-Field vs Far-Field
         4. Acoustic Channels
            1. CPU Fan Modulation
            2. Coil Whine Patterns
         5. Fault-Based Channels
            1. Induced Hardware Faults
            2. Error Patterns
      4. Historical Development
         1. Early Timing Attacks
         2. Power Analysis Evolution
         3. Microarchitectural Attack Emergence