BUSted!!! Microarchitectural Side-Channel Attacks on the MCU Bus Interconnect

Spectre and Meltdown have pushed the research community toward an otherwise-unavailable understanding of the security implications of processors' microarchitecture. Notwithstanding, research efforts have concentrated on highend processors (e.g., Intel, AMD, Arm Cortex-A), and very little has been done for microcontrollers (MCU) that power billions of small embedded and IoT devices. In this paper, we present BUSted. BUSted is a novel side-channel attack that explores the side effects of the MCU bus interconnect arbitration logic to bypass security guarantees enforced by memory protection primitives. Side-channel attacks on MCUs pose incremental and unforeseen challenges, which are strictly tied to the resource-constrained nature of these systems (e.g., single-core CPU, stateless bus). We devise a unique approach that relies on the concept of hardware gadgets. We present practical attacks on state-of-the-art Armv8-M MCUs with TrustZone-M, running the Trusted Firmware-M (TF-M). In contrast to the Nemesis attack, our attack is practical on Arm Cortex-M MCUs, and our findings suggest that it can scale across the full MCU spectrum.