LVI Hijacking Transient Execution with Load Value Injection
Daniel Gruss, Daniel Moghimi, Jo Van Bulck Hardwear.io Virtual Con, April 30, 2020
1 Daniel Gruss, Daniel Moghimi, Jo Van Bulck National Geographic Processor security: Hardware isolation mechanisms
App App App Enclave
VM OS VM OS
Hypervisor (VMM)
3 Daniel Gruss, Daniel Moghimi, Jo Van Bulck CPU Cache
printf("%d", i); printf("%d", i);
4 Daniel Gruss, Daniel Moghimi, Jo Van Bulck CPU Cache
Cache miss printf("%d", i); printf("%d", i);
4 Daniel Gruss, Daniel Moghimi, Jo Van Bulck CPU Cache
Request Cache miss printf("%d", i); printf("%d", i);
4 Daniel Gruss, Daniel Moghimi, Jo Van Bulck CPU Cache
Request Cache miss printf("%d", i); i printf("%d", i); Response
4 Daniel Gruss, Daniel Moghimi, Jo Van Bulck CPU Cache
Request Cache miss printf("%d", i); i printf("%d", i); Response
Cache hit
4 Daniel Gruss, Daniel Moghimi, Jo Van Bulck CPU Cache
DRAM access, slow
Request Cache miss printf("%d", i); i printf("%d", i); Response
Cache hit No DRAM access, much faster 4 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Flush+Reload
Shared Memory ATTACKER VICTIM
flush access access
5 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Flush+Reload
Shared Memory ATTACKER VICTIM
flush cached Shared Memory access access cached
5 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Flush+Reload
Shared Memory ATTACKER VICTIM
flush Shared Memory access access
5 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Flush+Reload
Shared Memory ATTACKER VICTIM
flush access access
5 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Flush+Reload
Shared Memory ATTACKER VICTIM
flush access access
5 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Flush+Reload
Shared Memory ATTACKER VICTIM
flush Shared Memory access access
5 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Flush+Reload
Shared Memory ATTACKER VICTIM
flush Shared Memory access access
5 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Flush+Reload
Shared Memory ATTACKER VICTIM
flush Shared Memory access access
fast if victim accessed data, slow otherwise
5 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Memory Access Latency
Cache Hits
107
104
101 Number of Accesses 50 100 150 200 250 300 350 400 Latency [Cycles]
6 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Memory Access Latency
Cache Hits Cache Misses
107
104
101 Number of Accesses 50 100 150 200 250 300 350 400 Latency [Cycles]
6 Daniel Gruss, Daniel Moghimi, Jo Van Bulck
We can communicate across protection walls using microarchitectural side-channels! Leaky processors: Jumping over protection walls with side-channels
App App App Enclave
VM OS VM OS
Hypervisor (VMM)
9 Daniel Gruss, Daniel Moghimi, Jo Van Bulck
Side-channel attacks are known for decades already – what’s new?
4000
3000
2000 DO WE JUST SUCK AT... COMPUTERS? YUP. ESPECIALLY SHARED ONES. 1000
1990 1994 1998 2002 2006 2010 2014 2018
10 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Side-channel attacks are known for decades already – what’s new?
4000
3000
2000 DO WE JUST SUCK AT... COMPUTERS? YUP. ESPECIALLY SHARED ONES. 1000
1990 1994 1998 2002 2006 2010 2014 2018
10 Daniel Gruss, Daniel Moghimi, Jo Van Bulck 4/30/2020
Pipeline Bubble
Fetch Decode Execute Commit
movb $20, %al F D
add %rax, %rcx F
sub %rdx, %rsi
jne target:
add %rax, %rax
target:
11 Daniel Gruss, Daniel Moghimi, Jo Van Bulck
1
1 4/30/2020
Pipeline Bubble
Fetch Decode Execute Commit
movb $20, %al F D X
add %rax, %rcx F D
sub %rdx, %rsi F
jne target:
add %rax, %rax
target:
11 Daniel Gruss, Daniel Moghimi, Jo Van Bulck
2
2 4/30/2020
Pipeline Bubble
Fetch Decode Execute Commit
movb $20, %al F D X C
add %rax, %rcx F D X
sub %rdx, %rsi F D
jne target: F
add %rax, %rax
target:
11 Daniel Gruss, Daniel Moghimi, Jo Van Bulck
3
3 4/30/2020
Pipeline Bubble
Fetch Decode Execute Commit
movb $20, %al F D X C
add %rax, %rcx F D X C
sub %rdx, %rsi F D X
jne target: F D
add %rax, %rax
target:
11 Daniel Gruss, Daniel Moghimi, Jo Van Bulck
4
4 4/30/2020
Pipeline Bubble
Fetch Decode Execute Commit
movb $20, %al F D X C
add %rax, %rcx F D X C
sub %rdx, %rsi F D X C
jne target: F D X
add %rax, %rax
target:
11 Daniel Gruss, Daniel Moghimi, Jo Van Bulck
5
5 4/30/2020
Pipeline Bubble
Fetch Decode Execute Commit
movb $20, %al F D X C
add %rax, %rcx F D X C
sub %rdx, %rsi F D X C
jne target: F D X
add %rax, %rax F
target:
11 Daniel Gruss, Daniel Moghimi, Jo Van Bulck
6
6 Branch Prediction and Side Channel
cmp %rax, %rbx 0x100123: jne
12 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Branch Prediction and Side Channel
cmp %rax, %rbx 0x100123: jne
12 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Branch Prediction and Side Channel
cmp %rax, %rbx 0x100123: jne
12 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Branch Prediction and Side Channel
cmp %rax, %rbx 0x100123: jne
0xff00123: jne
12 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Branch Prediction and Side Channel
cmp %rax, %rbx 0x100123: jne
0xff00123: jne
12 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Branch Prediction and Side Channel
cmp %rax, %rbx 0x100123: jne
0xff00123: jne
12 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Branch Prediction and Side Channel
cmp %rax, %rbx 0x100123: jne
0xff00123: jne
12 Daniel Gruss, Daniel Moghimi, Jo Van Bulck RSA
M=C d modn
13 Daniel Gruss, Daniel Moghimi, Jo Van Bulck RSA
M=C d modn
1 1 0 0 1 1 0 ...
Result = C
13 Daniel Gruss, Daniel Moghimi, Jo Van Bulck RSA
M=C d modn
1 1 0 0 1 1 0 ...
Result = Result × Result × C
square multiply
13 Daniel Gruss, Daniel Moghimi, Jo Van Bulck RSA
M=C d modn
1 1 0 0 1 1 0 ...
Result = Result × Result
square
13 Daniel Gruss, Daniel Moghimi, Jo Van Bulck RSA
M=C d modn
1 1 0 0 1 1 0 ...
Result = Result × Result
square
13 Daniel Gruss, Daniel Moghimi, Jo Van Bulck RSA
M=C d modn
1 1 0 0 1 1 0 ...
Result = Result × Result × C
square multiply
13 Daniel Gruss, Daniel Moghimi, Jo Van Bulck RSA
M=C d modn
1 1 0 0 1 1 0 ...
Result = Result × Result × C
square multiply
13 Daniel Gruss, Daniel Moghimi, Jo Van Bulck RSA
M=C d modn
1 1 0 0 1 1 0 ...
Result = Result × Result
square
13 Daniel Gruss, Daniel Moghimi, Jo Van Bulck ? ??
Spectre-PHT (v1)
LUT index =0;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =0;
char* data =”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =0;
char* data =”textKEY”;
if (index < 4) Speculate else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =0;
char* data =”textKEY”;
if (index < 4) Execute else then Index ’t’ Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =1;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =1;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =1;
char* data = ”textKEY”;
if (index < 4) Speculate Index ’e’ else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =1;
char* data = ”textKEY”;
if (index < 4)
Index ’e’ else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =2;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =2;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =2;
char* data = ”textKEY”;
if (index < 4) Speculate else then Prediction Index ’x’ LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =2;
char* data = ”textKEY”;
if (index < 4)
else then Prediction Index ’x’ LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =3;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =3;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =3;
char* data = ”textKEY”;
if (index < 4) Speculate else then Index ’t’ Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =3;
char* data = ”textKEY”;
if (index < 4)
else then Index ’t’ Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =4;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =4;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =4;
Index ’K’ char* data = ”textKEY”;
if (index < 4) Speculate else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =4;
Index ’K’ char* data = ”textKEY”;
if (index < 4) Execute else
then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =5;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =5;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =5;
Index ’E’ char* data = ”textKEY”;
if (index < 4) Speculate else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =5;
Index ’E’ char* data = ”textKEY”;
if (index < 4) Execute else
then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =6;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =6;
char* data = ”textKEY”;
if (index < 4)
else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =6;
char* data = ”textKEY”; Index ’Y’
if (index < 4) Speculate else then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Spectre-PHT (v1)
LUT index =6;
char* data = ”textKEY”; Index ’Y’
if (index < 4) Execute else
then Prediction
LUT[data[index] * 4096] 0
15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck ?? Meltdown: Transiently encoding unauthorized memory
Unauthorized access
16 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Meltdown: Transiently encoding unauthorized memory
Unauthorized access Transient out-of-order window
oracle array secret idx
16 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Meltdown: Transiently encoding unauthorized memory
Unauthorized access Transient out-of-order window Exception (discard architectural state)
16 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Meltdown: Transiently encoding unauthorized memory
Unauthorized access Transient out-of-order window Exception handler
oracle array
cache hit
16 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Meltdown variants: Microarchitectural buers
CDB L1 Instruction Cache Reorder buer ITLB µOP µOP µOP µOP µOP µOP µOP µOP
Scheduler Branch Instruction Fetch & PreDecode Predictor µOP µOP µOP µOP µOP µOP µOP µOP Instruction Queue
µOP Cache 4-Way Decode AGU Frontend µ µ µ µ µ
OPs OP OP OP OP Load data Load data Store data ALU, Branch Execution Engine ALU, AES, . . .
MUX ALU, FMA, . . . ALU, Vect, . . .
Allocation Queue Execution Units
µ µOP µOP µOP OP
Load Buer Store Buer
DTLB STLB L1 Data Cache LFB L2 Cache L3 Cache DRAM Memory Subsystem
17 Daniel Gruss, Daniel Moghimi, Jo Van Bulck The transient-execution zoo https://transient.fail
PHT-CA-IP Cross-address-space PHT-CA-OP Spectre-PHT PHT-SA-IP Same-address-space PHT-SA-OP
BTB-CA-IP Cross-address-space BTB-CA-OP Spectre-BTB Spectre-type BTB-SA-IP Same-address-space BTB-SA-OP
RSB-CA-IP Cross-address-space RSB-CA-OP Spectre-RSB Spectre-STL RSB-SA-IP Same-address-space RSB-SA-OP
Meltdown-US-L1 Transient cause Meltdown-US Meltdown-US-LFB Meltdown-US-SB
Meltdown-NM-REG Meltdown-P-L1 Meltdown-PF Meltdown-P-LFB Meltdown-P Meltdown-P-SB Meltdown-RW Meltdown-P-LP Meltdown-PK-L1 Meltdown-SM-SB
Meltdown-type Meltdown-MPX Meltdown-BR Meltdown-BND
Meltdown-CPL-REG Meltdown-GP Meltdown-NC-SB
Meltdown-AD-LFB Meltdown-AD Meltdown-MCA Meltdown-AD-SB Meltdown-AVX-LP
18 Daniel Gruss, Daniel Moghimi, Jo Van Bulck ?
LVI: The basic idea
20 Daniel Gruss, Daniel Moghimi, Jo Van Bulck LVI: The basic idea
20 Daniel Gruss, Daniel Moghimi, Jo Van Bulck LVI: The basic idea
20 Daniel Gruss, Daniel Moghimi, Jo Van Bulck LVI: The basic idea
20 Daniel Gruss, Daniel Moghimi, Jo Van Bulck LVI: The basic idea
20 Daniel Gruss, Daniel Moghimi, Jo Van Bulck LVI: The basic idea
20 Daniel Gruss, Daniel Moghimi, Jo Van Bulck
Enclaves to the rescue!
App App Enclave app
OS kernel
Hypervisor
TPM CPU Mem HDD
Intel SGX promise: hardware-level isolation and attestation
21 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Intel Soware Guard Extensions (SGX)
Application
Untrusted part Trusted part Create Enclave Trusted Fnc.
Call Trusted Fnc. Call Gate
Return
...
Operating System
22 Daniel Gruss, Daniel Moghimi, Jo Van Bulck • . . . but untrusted address translation may fault during enclaved execution (!)
Intel SGX: A look under the hood
logical address paging unit SGX checks physical address
• SGX machinery protects against direct address remapping attacks
23 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Intel SGX: A look under the hood
logical address paging unit SGX checks physical address
page fault (#PF)
• SGX machinery protects against direct address remapping attacks • . . . but untrusted address translation may fault during enclaved execution (!)
23 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Intel SGX: A look under the hood
logical address paging unit SGX checks physical address
page fault (#PF)
We can arbitrarily provoke page faults for trusted enclave loads!
23 Daniel Gruss, Daniel Moghimi, Jo Van Bulck A toy example
1 void c a l l victim(size t untrusted arg ) 2 { 3 * arg copy = untrusted arg ; 4 array [ **trusted ptr * 4096]; 5 }
24 Daniel Gruss, Daniel Moghimi, Jo Van Bulck A Toy Example: Recovering arbitrary secrets
600 400 200 [cycles]
Access time 0 0 20 40 60 80 100 120 140 160 180 200 220 240 Page
25 Daniel Gruss, Daniel Moghimi, Jo Van Bulck We can setup a fake transient stack in the store buer!
Real-world LVI ROP gadget in SGX-SDK
1 ;%rbx: user −controlled argument ptr(outside enclave) 2 sgx my sum bridge : 3 ... 4 c a l l my sum ; compute0x10(%rbx)+0x8(%rbx) 5 mov %rax,(%rbx) ; P1: store sum to user address 6 xor %eax,%eax 7 pop %rbx 8 ret ; P2: load from trusted stack 9
26 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Real-world LVI ROP gadget in SGX-SDK
1 ;%rbx: user −controlled argument ptr(outside enclave) 2 sgx my sum bridge : 3 ... 4 c a l l my sum ; compute0x10(%rbx)+0x8(%rbx) 5 mov %rax,(%rbx) ; P1: store sum to user address 6 xor %eax,%eax 7 pop %rbx 8 ret ; P2: load from trusted stack 9
We can setup a fake transient stack in the store buer!
26 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Real-world LVI-ROP gadget in Quoting Enclave
1 intel avx rep memcpy : ; libirc 2 . 4/efi2/libirc.a 2 ... ; P1: store to user address 3 vmovups %xmm0,−0x10(%rdi,%rcx ,1) 4 ... 5 pop %r12 ; P2: load from trusted stack 6 ret
7
27 Daniel Gruss, Daniel Moghimi, Jo Van Bulck JO: explain briey Worse: “Inverse Foreshadow” can remap the L1D cache!
P1_gadget: 2 RAX mov (%rdi), %r12 P3 address mov -8(%rdi), %r13 Enclave code
L1D cache 3 P2_gadget: pop %rax LVI retq P3_gadget: 4 movb (%rax), %al 1 Page table entry stack mov (%rdi,%al), %rcx User page
RAX %rdi P3 gadget address virtual page offset
29 Daniel Gruss, Daniel Moghimi, Jo Van Bulck
• . . . but NULL is a valid virtual memory address, under attacker control • . . . hijack function pointer-to-pointer
LVI-NULL: Why 0x00 is not a safe value
• Recent Intel CPUs forward 0x00 dummy values for faulting loads
30 Daniel Gruss, Daniel Moghimi, Jo Van Bulck • . . . hijack function pointer-to-pointer
LVI-NULL: Why 0x00 is not a safe value
NULL attacker-controlled page 2
1 trusted enclave load
• Recent Intel CPUs forward 0x00 dummy values for faulting loads • . . . but NULL is a valid virtual memory address, under attacker control
30 Daniel Gruss, Daniel Moghimi, Jo Van Bulck LVI-NULL: Why 0x00 is not a safe value
NULL &P3_gadget %rbx=NULL 2 %rax P2_gadget: 1 mov (%rax), %rbx &trusted_func_pt call (%rbx) &trusted_func
• Recent Intel CPUs forward 0x00 dummy values for faulting loads • . . . but NULL is a valid virtual memory address, under attacker control • . . . hijack function pointer-to-pointer
30 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Real-World LVI-NULL gadget
1 asm oret : ;(linux −sgx/sdk/trts/linux/trts p i c . S#L454) 2 ... 3 mov 0x58(%rsp),%rbp ;%rbp <− NULL 4 ... 5 mov %rbp ,% rsp ;%rsp <− NULL 6 pop %rbp ;%rbp <− * (NULL) 7 ret ;%rip <− * (NULL+8) 8
31 Daniel Gruss, Daniel Moghimi, Jo Van Bulck LVI-NULL fault injection to reduce AES rounds
Architectural 1 Change Page Execution movdqu (%rdx), %xmm0 2 Input Permission movdqu (%rcx), %xmm4 add $0x10, %rdx Load RK0 pxor %xmm4, %xmm0 Single Step movdqu 0x10(%r2cx), %xmm4 Load RK1 aesdec %xmm4, %xmm0 movdqu 0x20(%rcx), %xmm4
Load RK2 times aesdec %xmm4, %xmm0
... Repeated 9 Transient 3 movdqu 0xa0(%rcx), %xmm4 Load RK10 Execution aesdeclast %xmm4, %xmm0 movdqu %xmm0, -0x10(%r8,%rdx,1) Output Recover Faulty 4 access oracle[output[byte_index] * 4096];4 Output
32 Daniel Gruss, Daniel Moghimi, Jo Van Bulck
Mitigation Sequences
Instruction Possible Emulation Clobber ret pop %reg; lfence; jmp *%reg ret not (%rsp); not (%rsp); lfence; ret jmp (mem) mov (mem),%reg; lfence; jmp *%reg call (mem) mov (mem),%reg; lfence; call *%reg
34 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Performance Overheads (Our Mitigation)
own-full own-ret 13 1,500 . 29 . 36 53 . . 978 87 81 . 88 . 15 . 782 , .
1 000 703 650 1 568 543 . 492 430 2 . 39 42 247 . .
500 91 59 02 74 62 . . . . . 85 15 12 5 5 2 1 0 Overhead [%] 0
ecdh aes-128 cbc rsa 4096 rsa 4096 ecdsa ecdsa ghash sha256 sha512 (sign) (verify) nistp256 nistp256 nistp256 (sign) (verify)
35 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Performance Overheads (Intel’s Mitigation) 15
. gcc-lfence clang-full clang-ret 2,500 48 27 . 05 1868 . . 73 2,000 . 1372 1365 94 1287 . 61 1214 04 , 21 22 . 75 22 . 1 500 . . . . 01 25 . 51 820 5 89 . 758 757 . . . 715 712 , 699 1 000 638 94 56 439 . 379 . 48 352 45 326 298 . . 76 6 25 44 8 91 ...... Overhead [%]
500 98 82 16 15 8 5 3 2 0 0 0
ecdh aes-128 cbc rsa 4096 rsa 4096 ecdsa ecdsa ghash sha256 sha512 (sign) (verify) nistp256 nistp256 nistp256 (sign) (verify)
36 Daniel Gruss, Daniel Moghimi, Jo Van Bulck Performance Overheads (Intel’s Mitigation)
gcc-lfence clang-full clang-ret 26 1,500 . 13 . 1081 83 3 . . 830 , 24
1 000 . 58 4 673 . 661 15 . . 592 6 31 05 39 . . 55 502 . 82 78 . 71 . . . . 404 380 367 16 23 11 66 9 281 06 09 . . 264 261 81 . 500 . . 99 230 . . 215 . 207 189 188 . 52 86 . 84 82 80 76 Overhead [%] 75 67 30 23 2 0
657.xz 600.perlbench 602.gcc 605.mcf 620.omnetpp 623.xalancbmk 625.x264 631.deepsjeng 641.leela
37 Daniel Gruss, Daniel Moghimi, Jo Van Bulck
Take Aways https://lviattack.eu/
⇒ New emerging and powerful class of transient-execution attacks
⇒ Importance of fundamental side-channel research
⇒ Security cross-cuts the system stack: hardware, hypervisor, kernel, compiler, application
38 Daniel Gruss, Daniel Moghimi, Jo Van Bulck LVI Hijacking Transient Execution with Load Value Injection
Daniel Gruss, Daniel Moghimi, Jo Van Bulck Hardwear.io Virtual Con, April 30, 2020
39 Daniel Gruss, Daniel Moghimi, Jo Van Bulck