{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T01:32:16Z","timestamp":1760059936712,"version":"build-2065373602"},"reference-count":36,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2025,7,18]],"date-time":"2025-07-18T00:00:00Z","timestamp":1752796800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Cryptography"],"abstract":"<jats:p>Modern x86 processors incorporate performance-enhancing features such as prefetching mechanisms, cache coherence protocols, and support for large memory pages (e.g., 2 MB huge pages). While these architectural innovations aim to reduce memory access latency, boost throughput, and maintain cache consistency across cores, they can also expose subtle microarchitectural side channels that adversaries may exploit. This study investigates how the combination of prefetching techniques and huge pages can significantly enhance the throughput and accuracy of covert channels in controlled computing environments. Building on prior work that examined the impact of the MESI cache coherence protocol using single-cache-line access without huge pages, our approach expands the attack surface by simultaneously accessing multiple cache lines across all 512 L1 lines under a 2 MB huge page configuration. As a result, our 9-bit covert channel achieves a peak throughput of 4940 KB\/s\u2014substantially exceeding previously reported benchmarks. We further validate our channel on AMD SEV-SNP virtual machines, achieving up to an 88% decoding accuracy using write-access encoding with 2 MB huge pages, demonstrating feasibility even under TEE-enforced virtualization environments. These findings highlight the need for careful consideration and evaluation of the security implications of common performance optimizations with respect to their side-channel potential.<\/jats:p>","DOI":"10.3390\/cryptography9030051","type":"journal-article","created":{"date-parts":[[2025,7,18]],"date-time":"2025-07-18T14:03:51Z","timestamp":1752847431000},"page":"51","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Multi-Line Prefetch Covert Channel with Huge Pages"],"prefix":"10.3390","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6649-9225","authenticated-orcid":false,"given":"Xinyao","family":"Li","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, Iowa State University, Ames, IA 50011, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2101-3594","authenticated-orcid":false,"given":"Akhilesh","family":"Tyagi","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Iowa State University, Ames, IA 50011, USA"}]}],"member":"1968","published-online":{"date-parts":[[2025,7,18]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Guo, Y., Zigerelli, A., Zhang, Y., and Yang, J. (2022, January 22\u201326). Adversarial prefetch: New cross-core cache side channel attacks. Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP46214.2022.9833692"},{"key":"ref_2","unstructured":"Trippel, C., Lustig, D., and Martonosi, M. (2018). MeltdownPrime and SpectrePrime: Automatically-synthesized attacks exploiting invalidation-based coherence protocols. arXiv."},{"key":"ref_3","unstructured":"Fogh, A. (2025, July 13). Row Hammer, Java Script and MESI. Available online: https:\/\/cyber.wtf\/2016\/06\/27\/row-hammer-the-short-summary\/."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"G\u00f6tzfried, J., Eckert, M., Schinzel, S., and M\u00fcller, T. (2017, January 23\u201326). Cache Attacks on Intel SGX. Proceedings of the 10th European Workshop on Systems Security, New York, NY, USA. EuroSec\u201917.","DOI":"10.1145\/3065913.3065915"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Han, Y., and Kim, J. (2019, January 2\u20136). A Novel Covert Channel Attack Using Memory Encryption Engine Cache. Proceedings of the 56th Annual Design Automation Conference 2019, Las Vegas, NV, USA. DAC \u201919.","DOI":"10.1145\/3316781.3317750"},{"key":"ref_6","unstructured":"Lantz, D. (2021). Detection of Side-Channel Attacks Targeting Intel SGX. [Master\u2019s Thesis, Link\u00f6ping University]."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Miketic, I., Dhananjay, K., and Salman, E. (2023). Covert Channel Communication as an Emerging Security Threat in 2.5D\/3D Integrated Systems. Sensors, 23.","DOI":"10.3390\/s23042081"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Cho, H., Zhang, P., Kim, D., Park, J., Lee, C.H., Zhao, Z., Doup\u00e9, A., and Ahn, G.J. (2018, January 3\u20137). Prime+Count: Novel Cross-world Covert Channels on ARM TrustZone. Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, Puerto Rico, USA. ACSAC \u201918.","DOI":"10.1145\/3274694.3274704"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Li, X., and Tyagi, A. (2022). Cross-World Covert Channel on ARM Trustzone through PMU. Sensors, 22.","DOI":"10.3390\/s22197354"},{"key":"ref_10","unstructured":"x86 (2020, May 01). x86 and amd64 Instruction Reference. Available online: https:\/\/www.felixcloutier.com\/x86\/."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Younis, Y.A., Kifayat, K., Shi, Q., and Askwith, B. (2015, January 26\u201328). A new prime and probe cache side-channel attack for cloud computing. Proceedings of the 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, Liverpool, UK.","DOI":"10.1109\/CIT\/IUCC\/DASC\/PICOM.2015.259"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1145\/3399742","article-title":"Spectre attacks: Exploiting speculative execution","volume":"63","author":"Kocher","year":"2020","journal-title":"Commun. ACM"},{"key":"ref_13","unstructured":"Zhang, X., and Wu, Y. (2023). PrefetchX: Cross-Core Channels via Shared Hardware Prefetchers. arXiv."},{"key":"ref_14","unstructured":"Barth, P., Weiss, F., and Gotsman, A. (2023). BandwidthBreach: Exploiting Memory Pipeline Congestion for High-Speed Covert Channels. arXiv."},{"key":"ref_15","unstructured":"Kumar, A., and Heninger, N. (2023). Write+Sync: Durable Covert Channels via Filesystem Flushes. arXiv."},{"key":"ref_16","unstructured":"Schwarz, M., Lipp, M., Gruss, D., and Mangard, S. (2019, January 19\u201323). SgxPectre Attacks: Stealing Intel Secrets from SGX Enclaves via Speculative Execution. Proceedings of the IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"174","DOI":"10.1145\/358923.358939","article-title":"Data prefetch mechanisms","volume":"32","author":"Vanderwiel","year":"2000","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2907071","article-title":"A survey of recent prefetching techniques for processor caches","volume":"49","author":"Mittal","year":"2016","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"K\u00fchn, R., M\u00fchlig, J., and Teubner, J. (2024, January 10). How to Be Fast and Not Furious: Looking Under the Hood of CPU Cache Prefetching. Proceedings of the 20th International Workshop on Data Management on New Hardware, Santiago, Chile.","DOI":"10.1145\/3662010.3663451"},{"key":"ref_20","unstructured":"Oren, N. (2000). A Survey of prefetching techniques. Relat\u00f3rio T\u00e9cnico Julho De, Available online: https:\/\/www.academia.edu\/download\/30738526\/oren00survey.pdf."},{"key":"ref_21","unstructured":"TechOverflow (2025, January 07). Advantages and Disadvantages of Hugepages. Available online: https:\/\/techoverflow.net\/2017\/02\/18\/advantages-and-disadvantages-of-hugepages\/."},{"key":"ref_22","unstructured":"Ashwathnarayana, S. (2025, January 07). Understanding Huge Pages. Available online: https:\/\/www.netdata.cloud\/blog\/understanding-huge-pages\/."},{"key":"ref_23","unstructured":"(2025, January 07). Red Hat. Chapter 9. What Huge Pages Do and How They Are Consumed by Applications; n.d. Available online: https:\/\/docs.redhat.com\/en\/documentation\/openshift_container_platform\/4.2\/html\/scalability_and_performance\/what-huge-pages-do-and-how-they-are-consumed."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Luo, T., Wang, X., Hu, J., Luo, Y., and Wang, Z. (2015, January 4\u20137). Improving TLB performance by increasing hugepage ratio. Proceedings of the 2015 15th IEEE\/ACM International Symposium on Cluster, Cloud and Grid Computing, Shenzhen, China.","DOI":"10.1109\/CCGrid.2015.36"},{"key":"ref_25","unstructured":"Easyperf (2025, January 07). Performance Benefits of Using Huge Pages for Code. Available online: https:\/\/easyperf.net\/blog\/2022\/09\/01\/Utilizing-Huge-Pages-For-Code."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Panwar, A., Prasad, A., and Gopinath, K. (2018, January 24\u201328). Making huge pages actually useful. Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems, Williamsburg, VA, USA.","DOI":"10.1145\/3173162.3173203"},{"key":"ref_27","unstructured":"Fan, R. (2025, January 07). A Comprehensive Guide to Using Huge Pages in Oracle Databases. Available online: https:\/\/rootfan.com\/huge-pages-in-oracle\/."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Dutta, S.B., Naghibijouybari, H., Abu-Ghazaleh, N., Marquez, A., and Barker, K. (2021, January 14\u201318). Leaky buddies: Cross-component covert channels on integrated CPU-GPU systems. Proceedings of the 48th Annual International Symposium on Computer Architecture, Valencia, Spain. ISCA \u201921.","DOI":"10.1109\/ISCA52012.2021.00080"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Cook, J., Drean, J., Behrens, J., and Yan, M. (2022, January 18\u201322). There\u2019s always a bigger fish: A clarifying analysis of a machine-learning-assisted side-channel attack. Proceedings of the 49th Annual International Symposium on Computer Architecture, New York, NY, USA. ISCA \u201922.","DOI":"10.1145\/3470496.3527416"},{"key":"ref_30","unstructured":"Van Bulck, J., Minkin, M., Weisse, O., Genkin, D., Kasikci, B., Piessens, F., Silberstein, M., Wenisch, T.F., Yarom, Y., and Strackx, R. (2018, January 15\u201317). Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. Proceedings of the 27th USENIX Security Symposium, Baltimore, MD, USA."},{"key":"ref_31","unstructured":"ARM Limited (2025, April 05). ARM Architecture Reference Manual, ARMv8, for ARMv8-A Architecture Profile. Available online: https:\/\/developer.arm.com\/documentation\/ddi0487\/latest."},{"key":"ref_32","unstructured":"AMD (2025, May 01). Huge Pages and Performance Optimization. Available online: https:\/\/docs.amd.com\/r\/en-US\/ug1586-onload-user\/Huge-Pages."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Li, X., and Tyagi, A. (2023). Block-active ADMM to Minimize NMF with Bregman Divergences. Sensors, 23.","DOI":"10.3390\/s23167229"},{"key":"ref_34","unstructured":"Gao, T., Sun, S., Liu, H., and Gao, H. (2025, January 24\u201328). Global Convergence in Neural ODEs: Impact of Activation Functions. Proceedings of the Thirteenth International Conference on Learning Representations (ICLR), Singapore."},{"key":"ref_35","first-page":"54918","article-title":"Wide Neural Networks as Gaussian Processes: Lessons from Deep Equilibrium Models","volume":"36","author":"Gao","year":"2023","journal-title":"Adv. Neural Inf. Process. Syst. (Neurips)"},{"key":"ref_36","unstructured":"Gao, T., Liu, H., Liu, J., Rajan, H., and Gao, H. (2022, January 25\u201329). A Global Convergence Theory for Deep ReLU Implicit Networks via Over-Parameterization. Proceedings of the International Conference on Learning Representations (ICLR), Virtual."}],"container-title":["Cryptography"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2410-387X\/9\/3\/51\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:12:19Z","timestamp":1760033539000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2410-387X\/9\/3\/51"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,7,18]]},"references-count":36,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2025,9]]}},"alternative-id":["cryptography9030051"],"URL":"https:\/\/doi.org\/10.3390\/cryptography9030051","relation":{},"ISSN":["2410-387X"],"issn-type":[{"type":"electronic","value":"2410-387X"}],"subject":[],"published":{"date-parts":[[2025,7,18]]}}}