Advanced Search
Turn off MathJax
Article Contents
Article Navigation >  Journal of Electronics & Information Technology  > 2025  > 
LIU Chang, HUANG Qilin, LIU Yuchuan, LIN Shihong, QIN Zhongyuan, CHEN Liquan, LYU Yongqiang. A Survey of Data Prefetcher Security on Modern Processors[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250412
Citation: LIU Chang, HUANG Qilin, LIU Yuchuan, LIN Shihong, QIN Zhongyuan, CHEN Liquan, LYU Yongqiang. A Survey of Data Prefetcher Security on Modern Processors[J]. Journal of Electronics & Information Technology. doi: 10.11999/JEIT250412
shu

A Survey of Data Prefetcher Security on Modern Processors

doi: 10.11999/JEIT250412 cstr: 32379.14.JEIT250412
  • 1.

    Department of Computer Science and Technology, Tsinghua University, Beijing 100084, China

  • 2.

    School Of Cyber Science and Engineering, Southeast University, Nanjing 211189, China

  • 3.

    Beijing National Research Center for Information Science and Technology, Tsinghua University, Beijing 100084, China

  • Received Date: 2025-05-13
  • Rev Recd Date: 2025-08-28
    • Available Online: 2025-09-02
    Abstract
  •   Significance   The data prefetcher is a key microarchitectural component in modern processors, designed to enhance memory access performance by speculatively preloading data into the cache based on predictions of future access patterns. While effective at reducing cache misses, prefetcher design has historically neglected security considerations, resulting in various forms of information leakage. Recent studies have shown that data prefetchers can be exploited in side-channel attacks targeting cryptographic libraries, operating systems, hypervisors, and trusted execution environments. However, most existing attacks focus on specific implementations (eg., "one-spot" attacks) fail to comprehensively capture the broader attack surface exposed by diverse prefetcher designs. Two fundamental research questions remain open: (1) Do current attacks fully characterize all exploitable vectors in modern prefetchers, or are additional vectors yet to be explored? (2) How can the security of different prefetcher designs be systematically and quantitatively assessed to support comparative analysis and guide secure design? This paper addresses both questions through a systematic survey of data prefetcher attacks and a model-driven analysis. By generalizing known attack mechanisms, this work proposes a formalized framework for understanding and evaluating the security of data prefetchers.  Methods  To capture the behavior of data prefetchers, this study first presents a memory access model that specifies the instruction address, data address, and access attributes for each memory operation, which can be extended to represent access sequences. Building on this, a prefetcher model is proposed in which a prefetcher is trained by a sequence of memory accesses and triggered by a single access to generate a set of prefetches. Each prefetcher is characterized by design parameters. Attacker and victim profiles are then incorporated to construct attack models based on reduced memory access representations, enabling formalization of 20 known prefetcher-based attacks. Finally, a security evaluation framework is proposed, comprising 24 metrics across three dimensions—design parameters, isolation, and attack feasibility. This framework supports quantitative scoring and comparison of prefetcher designs.  Results and Prospects   In terms of attack modeling, the analysis shows that the 20 known attacks cover only a limited portion of the overall attack space. This study proposes several previously unexplored attack vectors, including those that exploit cache hit effects and speculative execution, attacks that leverage indexing collisions using instruction and data addresses, and additional side channels resulting from prefetcher-induced effects on other microarchitectural components, such as Translation Lookaside Buffer (TLB) state and cache coherence state. In terms of evaluation, this paper examines five commercial processors featuring different prefetchers: Intel’s Stride prefetcher and eXtended Page Table (XPT), AMD’s Stride prefetcher, Arm’s Spatial Memory Streaming (SMS) prefetcher, and Apple’s Data Memory Prefetcher (DMP). The findings reveal that all five prefetchers exhibit varying degrees of vulnerability to side-channel leakage, depending on their design parameters, isolation strategies, and the feasibility of exploitation. The paper further assesses three mitigation strategies and shows that while some measures substantially enhance security, residual risks remain, highlighting the need for improved countermeasures.  Discussion   Beyond characterizing existing attack vectors and evaluating the security of current prefetcher implementations, this study also outlines emerging directions for secure prefetcher design. Existing work primarily focuses on the Stride prefetcher, with preliminary defenses based on control registers that allow software to constrain the address range eligible for prefetching. This reduces the likelihood that secret-dependent memory accesses affect prefetcher state or trigger the prefetching of sensitive cache lines. Nevertheless, these approaches remain at an early stage, and a comprehensive framework for the systematic design of secure prefetchers has yet to be developed.  Conclusions  This paper presents a systematic study of data prefetcher security. It proposes a model-driven framework for analyzing potential attack vectors and introduces a quantitative method for evaluating prefetcher security. These contributions lay a theoretical foundation for identifying new attack mechanisms, guiding the development of effective countermeasures, and informing the secure design of data prefetchers in future processor architectures.
    • FullText(HTML)
  • loading
    • References(63)
  • [1]
    LIPP M, SCHWARZ M, GRUSS D, et al. Meltdown: Reading kernel memory from user space[C]. The 27th USENIX Conference on Security Symposium, Baltimore, USA, 2018: 973–990.
    [2]
    KOCHER P, HORN J, FOGH A, et al. Spectre attacks: Exploiting speculative execution[C]. 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, USA, 2019: 1–19. doi: 10.1109/SP.2019.00002.
    [3]
    VON BULCK J, MINKIN M, WEISSE O, et al. Foreshadow: Extracting the keys to the Intel SGX kingdom with transient out-of-order execution[C]. The 27th USENIX Conference on Security Symposium, Baltimore, USA, 2018: 991–1008.
    [4]
    CANELLA C, GENKIN D, GINER L, et al. Fallout: Leaking data on meltdown-resistant CPUs[C]. The 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 2019: 769–784. doi: 10.1145/3319535.3363219.
    [5]
    SCHWARZ M, LIPP M, MOGHIMI D, et al. ZombieLoad: Cross-privilege-boundary data sampling[C]. The 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 2019: 753–768. doi: 10.1145/3319535.3354252.
    [6]
    VAN SCHAIK S, MILBURN A, ÖSTERLUND S, et al. RIDL: Rogue in-flight data load[C]. 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, USA, 2019: 88–105. doi: 10.1109/SP.2019.00087.
    [7]
    RAGAB H, BARBERIS E, BOS H, et al. Rage against the machine clear: A systematic analysis of machine clears and their implications for transient execution attacks[C]. The 30th USENIX Security Symposium, 2021: 1451–1468. (查阅网上资料, 未找到本条文献出版地信息, 请确认).
    [8]
    MOGHIMI D. Downfall: Exploiting speculative data gathering[C]. The 32nd USENIX Conference on Security Symposium, Anaheim, USA, 2023: 7179–7193.
    [9]
    BARBERIS E, FRIGO P, MUENCH M, et al. Branch history injection: On the effectiveness of hardware mitigations against cross-privilege spectre-v2 attacks[C]. The 31st USENIX Security Symposium, Boston, USA, 2022: 971–988.
    [10]
    BEHNIA M, SAHU P, PACCAGNELLA R, et al. Speculative interference attacks: Breaking invisible speculation schemes[C]. The 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, 2021: 1046–1060. doi: 10.1145/3445814.3446708.(查阅网上资料,未找到出版地信息,请确认补充).
    [11]
    BHATTACHARYYA A, SANDULESCU A, NEUGSCHWANDTNER M, et al. SMoTherSpectre: Exploiting speculative execution through port contention[C]. The 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 2019: 785–800. doi: 10.1145/3319535.3363194.
    [12]
    REN Xida, MOODY L, TARAM M, et al. I see dead μops: Leaking secrets via Intel/AMD micro-op caches[C]. 2021 ACM/IEEE 48th Annual International Symposium on Computer Architecture (ISCA), Valencia, Spain, 2021: 361–374. doi: 10.1109/ISCA52012.2021.00036.
    [13]
    YAROM Y and FALKNER K. FLUSH+RELOAD: A high resolution, low noise, L3 cache side-channel attack[C]. The 23rd USENIX Conference on Security Symposium, San Diego, USA, 2014: 719–732.
    [14]
    LIU Fangfei, YAROM Y, GE Qian, et al. Last-level cache side-channel attacks are practical[C]. 2015 IEEE Symposium on Security and Privacy, San Jose, USA, 2015: 605–622. doi: 10.1109/SP.2015.43.
    [15]
    GRUSS D, MAURICE C, WAGNER K, et al. Flush+Flush: A fast and stealthy cache attack[C]. The 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, San Sebastián, Spain, 2016: 279–299. doi: 10.1007/978-3-319-40667-1_14.
    [16]
    GUO Yanan, XIN Xin, ZHANG Youtao, et al. Leaky Way: A conflict-based cache covert channel bypassing set associativity[C]. 2022 55th IEEE/ACM International Symposium on Microarchitecture (MICRO), Chicago, USA, 2022: 646–661. doi: 10.1109/MICRO56248.2022.00053.
    [17]
    ZHANG Ruiyi, GERLACH L, WEBER D, et al. CacheWarp: Software-based fault injection using selective state reset[C]. The 33rd USENIX Conference on Security Symposium, Philadelphia, USA, 2024: 64.
    [18]
    DENG Shuwen, XIONG Wenjie, and SZEFER J. A benchmark suite for evaluating caches’ vulnerability to timing attacks[C]. The 25th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Lausanne, Switzerland, 2020: 683–697. doi: 10.1145/3373376.3378510.
    [19]
    GRAS B, RAZAVI K, BOS H, et al. Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks[C]. The 27th USENIX Conference on Security Symposium, Baltimore, USA, 2018: 955–972.
    [20]
    TATAR A, TRUJILLO D, GIUFFRIDA C, et al. TLB; DR: Enhancing TLB-based attacks with TLB desynchronized reverse engineering[C]. The 31st USENIX Security Symposium, Boston, USA, 2022: 989–1007.
    [21]
    DENG Shuwen, XIONG Wenjie, and SZEFER J. Secure TLBs[C]. The 46th International Symposium on Computer Architecture, Phoenix, USA, 2019: 346–359. doi: 10.1145/3307650.3322238.
    [22]
    LIPP M, GRUSS D, and SCHWARZ M. AMD prefetch attacks through power and time[C]. The 31st USENIX Security Symposium, Boston, USA, 2022: 643–660.
    [23]
    YAVARZADEH H, AGARWAL A, CHRISTMAN M, et al. Pathfinder: High-resolution control-flow attacks exploiting the conditional branch predictor[C]. The 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, La Jolla, USA, 2024: 770–784. doi: 10.1145/3620666.3651382.
    [24]
    YU Jiyong, JAEGER T, and FLETCHER C W. All your PC are belong to Us: Exploiting non-control-transfer instruction BTB updates for dynamic PC extraction[C]. The 50th Annual International Symposium on Computer Architecture, Orlando, USA, 2023: 1–14. doi: 10.1145/3579371.3589100.
    [25]
    LI Luyi, YAVARZADEH H, and TULLSEN D M. Indirector: High-precision branch target injection attacks exploiting the indirect branch predictor[C]. The 33rd USENIX Conference on Security Symposium, Philadelphia, USA, 2024: 120.
    [26]
    CHOWDHURYY M H I and YAO Fan. Leaking secrets through modern branch predictors in the speculative world[J]. IEEE Transactions on Computers, 2022, 71(9): 2059–2072. doi: 10.1109/TC.2021.3122830.
    [27]
    LIU Chang, FENG Shuaihu, LI Yuan, et al. MDPeek: Breaking balanced branches in SGX with memory disambiguation unit side channels[C]. The 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Rotterdam, Netherlands, 2025: 622–638. doi: 10.1145/3676641.3716004.
    [28]
    LIU Chang, WANG Dongsheng, LYU Yongqiang, et al. Uncovering and exploiting AMD speculative memory access predictors for fun and profit[C]. 2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA), Edinburgh, UK, 2024: 31–45. doi: 10.1109/HPCA57654.2024.00014.
    [29]
    ISLAM S, MOGHIMI A, BRUHNS I, et al. SPOILER: Speculative load hazards boost rowhammer and cache attacks[C]. The 28th USENIX Conference on Security Symposium, Santa Clara, USA, 2019: 621–637.
    [30]
    HETTERICH L, THOMAS F, GERLACH L, et al. ShadowLoad: Injecting state into hardware prefetchers[C]. The 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Rotterdam, Netherlands, 2025: 1060–1075. doi: 10.1145/3676641.3716020.
    [31]
    CHEN Boru, WANG Yingchen, SHOME P, et al. GoFetch: Breaking constant-time cryptographic implementations using data memory-dependent prefetchers[C]. The 33rd USENIX Conference on Security Symposium, Philadelphia, USA, 2024: 1117–1134.
    [32]
    CHEN Yun, PEI Lingfeng, and CARLSON T E. AfterImage: Leaking control flow data and tracking load operations via the hardware prefetcher[C]. The 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Vancouver, Canada, 2023: 16–32. doi: 10.1145/3575693.3575719.
    [33]
    CHEN Yun, HAJIABADI A, PEI Lingfeng, et al. PREFETCHX: Cross-core cache-agnostic prefetcher-based side-channel attacks[C]. 2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA), Edinburgh, UK, 2024: 395–408. doi: 10.1109/HPCA57654.2024.00037.
    [34]
    CHEN Yun, PASHRASHID A, WU Yongzheng, et al. Prime+Reset: Introducing a novel cross-world covert-channel through comprehensive security analysis on ARM TrustZone[C]. 2024 Design, Automation & Test in Europe Conference & Exhibition (DATE), Valencia, Spain, 2024: 1–6. doi: 10.23919/DATE58400.2024.10546531.
    [35]
    VICARTE J R S, FLANDERS M, PACCAGNELLA R, et al. Augury: Using data memory-dependent prefetchers to leak data at rest[C]. 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, USA, 2022: 1491–1505. doi: 10.1109/SP46214.2022.9833570.
    [36]
    SCHLÜTER T, CHOUDHARI A, HETTERICH L, et al. FetchBench: Systematic identification and characterization of proprietary prefetchers[C]. The 2023 ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark, 2023: 975–989. doi: 10.1145/3576915.3623124.
    [37]
    IBRAHIM A, NEMATI H, SCHLÜTER T, et al. Microarchitectural leakage templates and their application to cache-based side channels[C]. The 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, USA, 2022: 1489–1503. doi: 10.1145/3548606.3560613.
    [38]
    XIAO Chong, TANG Ming, and GUILLEY S. Exploiting the microarchitectural leakage of prefetching activities for side-channel attacks[J]. Journal of Systems Architecture, 2023, 139: 102877. doi: 10.1016/J.SYSARC.2023.102877.
    [39]
    SHIN Y, KIM H C, KWON D, et al. Unveiling hardware-based data prefetcher, a hidden source of information leakage[C]. The 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, Canada, 2018: 131–145. doi: 10.1145/3243734.3243736.
    [40]
    WANG Daimeng, QIAN Zhiyun, ABU-GHAZALEH N, et al. PAPP: Prefetcher-aware prime and probe side-channel attack[C]. The 56th Annual Design Automation Conference 2019, Las Vegas, USA, 2019: 1–6. doi: 10.1145/3316781.3317877.
    [41]
    WANG Quancheng, TANG Ming, XU Ke, et al. Unveiling and evaluating vulnerabilities in branch predictors via a three-step modeling methodology[J]. ACM Transactions on Architecture and Code Optimization, 2025, 22(1): 1–26. doi: 10.1145/3711923.
    [42]
    刘畅, 杨毅, 李昊儒, 等. 处理器分支预测攻击研究综述[J]. 计算机学报, 2022, 45(12): 2475–2509. doi: 10.11897/SP.J.1016.2022.02475.

    LIU Chang, YANG Yi, LI Haoru, et al. A survey of branch prediction attacks on modern processors[J]. Chinese Journal of Computers, 2022, 45(12): 2475–2509. doi: 10.11897/SP.J.1016.2022.02475.
    [43]
    吝常青. 基于RISC-V处理器的硬件数据预取安全机制研究[D]. [硕士论文], 中国科学院大学, 2020.

    LIN Changqing. Research on hardware data prefetch security mechanism based on RISC-V processor[D]. [Master dissertation], University of Chinese Academy of Sciences, 2020. (查阅网上资料, 未找到本条文献英文翻译信息, 请确认).
    [44]
    吝常青, 田鑫, 侯锐, 等. 基于边界检测的安全数据预取方案[J]. 信息安全学报, 2022, 7(1): 114–125. doi: 10.19363/J.cnki.cn10-1380/tn.2022.01.08.

    LIN Changqing, TIAN Xin, HOU Rui, et al. Security data prefetching scheme based on boundary detection[J]. Journal of Cyber Security, 2022, 7(1): 114–125. doi: 10.19363/J.cnki.cn10-1380/tn.2022.01.08.
    [45]
    NATH S, NAVARRO-TORRES A, ROS A, et al. Secure prefetching for secure cache systems[C]. 2024 57th IEEE/ACM International Symposium on Microarchitecture (MICRO), Austin, USA, 2024: 92–104. doi: 10.1109/MICRO61859.2024.00017.
    [46]
    NEMATI H, BUIRAS P, LINDNER A, et al. Validation of abstract side-channel models for computer architectures[C]. The 32nd International Conference on Computer Aided Verification, Los Angeles, USA, 2020: 225–248. doi: 10.1007/978-3-030-53288-8_12.
    [47]
    ZHANG Zhiyuan, TAO Mingtian, O’CONNELL S, et al. BunnyHop: Exploiting the instruction prefetcher[C]. The 32nd USENIX Conference on Security Symposium, Anaheim, USA, 2023: 7321–7337.
    [48]
    BHATTACHARYA S, REBEIRO C, and MUKHOPADHYAY D. Hardware prefetchers leak: A revisit of SVF for cache-timing attacks[C]. 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops, Vancouver, Canada, 2012: 17–23. doi: 10.1109/MICROW.2012.13.
    [49]
    DIDIER G, MAURICE C, GEIMER A, et al. Characterizing prefetchers using cacheobserver[C]. 2022 IEEE 34th International Symposium on Computer Architecture and High Performance Computing (SBAC-PAD), Bordeaux, France, 2022: 170–179. doi: 10.1109/SBAC-PAD55451.2022.00028.
    [50]
    ROHAN A, PANDA B, and AGARWAL P. Reverse engineering the stream prefetcher for profit[C]. 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Genoa, Italy, 2020: 682–687. doi: 10.1109/EUROSPW51379.2020.00098.
    [51]
    WANG Quancheng, TANG Ming, XU Ke, et al. Modeling, derivation, and automated analysis of branch predictor security vulnerabilities[C]. 2024 IEEE International Symposium on High-Performance Computer Architecture (HPCA), Edinburgh, UK, 2024: 409–423. doi: 10.1109/HPCA57654.2024.00038.
    [52]
    CRONIN P and YANG Chengmo. A fetching tale: Covert communication with the hardware prefetcher[C]. 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), McLean, USA, 2019: 101–110. doi: 10.1109/HST.2019.8741033.
    [53]
    FUCHS A and LEE R B. Disruptive prefetching: Impact on side-channel attacks and cache designs[C]. The 8th ACM International Systems and Storage Conference, Haifa, Israel, 2015: 14. doi: 10.1145/2757667.2757672.
    [54]
    KIM J, CHUANG J, GENKIN D, et al. FLOP: Breaking the apple M3 CPU via false load output predictions[C]. The 34th USENIX Security Symposium, Seattle, USA, 2025.
    [55]
    WICHELMANN J, RABICH A, PÄTSCHKE A, et al. Obelix: Mitigating side-channels through dynamic obfuscation[C]. 2024 IEEE Symposium on Security and Privacy (SP), San Francisco, USA, 2024: 4182–4199. doi: 10.1109/SP54263.2024.00261.
    [56]
    GUO Yanan, ZIGERELLI A, ZHANG Youtao, et al. Adversarial prefetch: New cross-core cache side channel attacks[C]. 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, USA, 2022: 1458–1473. doi: 10.1109/SP46214.2022.9833692.
    [57]
    GRUSS D, MAURICE C, FOGH A, et al. Prefetch side-channel attacks: Bypassing SMAP and kernel ASLR[C]. The 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 2016: 368–379. doi: 10.1145/2976749.2978356.
    [58]
    NESBIT K J and SMITH J E. Data cache prefetching using a global history buffer[C]. 10th International Symposium on High Performance Computer Architecture (HPCA'04), Madrid, Spain, 2004: 96–105. doi: 10.1109/HPCA.2004.10030.
    [59]
    JOSEPH D and GRUNWALD D. Prefetching using Markov predictors[C]. The 24th Annual International Symposium on Computer Architecture, Denver, USA, 1997: 252–263. doi: 10.1145/264107.264207.
    [60]
    WENISCH T F, SOMOGYI S, HARDAVELLAS N, et al. Temporal streaming of shared memory[C]. 32nd International Symposium on Computer Architecture (ISCA'05), Madison, USA, 2005: 222–233. doi: 10.1109/ISCA.2005.50.
    [61]
    SOMOGYI S, WENISCH T F, AILAMAKI A, et al. Spatio-temporal memory streaming[C]. The 36th Annual International Symposium on Computer Architecture, Austin, USA, 2009: 69–80. doi: 10.1145/1555754.1555766.
    [62]
    GRANNÆS M, JAHRE M, and NATVIG L. Multi-level hardware prefetching using low complexity delta correlating prediction tables with partial matching[C]. The 5th International Conference on High Performance Embedded Architectures and Compilers, Pisa, Italy, 2010: 247–261. doi: 10.1007/978-3-642-11515-8_19.
    [63]
    FALSAFI B and WENISCH T F. A Primer on Hardware Prefetching[M]. San Rafael: Morgan & Claypool Publishers, 2014: 1–53. doi: 10.2200/S00581ED1V01Y201405CAC028.
    • Relative Articles
    • Supplements(0)
    • Cited By
  • 加载中

Catalog

    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Figures(4)  / Tables(6)

    Get Citation
    PDF
    XML

    Article Metrics

    Article views (32) PDF downloads(3) Cited by()
    Proportional views
    Related

    © 2018 JOURNAL OF ELECTRONICS & INFORMATION TECHNOLOGY 京ICP备20021838号-8

    Institute of Electronics, Chinese Academy of Sciences, P.O.Box 2702, Beijing100190

    Tel:010-58887066Fax:021-64253812Email:jeit@mail.ie.ac.cn

    Supported by: Beijing Renhe Information Technology Co. Ltd

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return