Potential Thermal Security Risks

Puyan Dadvar and Kevin Skadron Department of Computer Science University of Virginia Charlottesville, VA 22904 {puyan,skadron}@cs.virginia.edu

engineering. The cooling solution can instead be designed for Abstract the worst typical program, thus reclaiming excess design Hardware and software techniques for controlling a margin. Then, to guard against exceptional cases in which microprocessor’s power and cooling have the undesirable side high power dissipation is sustained long enough to exceed the effect of creating a security risk. They allow a malicious capacity of the lower-cost cooling solution, high temperature- program to control the chip’s operating temperature and sensor readings trigger the chip itself to autonomously alter its potentially cause denial of service or even permanent damage. behavior and reduce its heat dissipation, for example by This paper provides an overview of the various operating at a lower voltage and frequency. This dynamic vulnerabilities, their costs, and offers preliminary suggestions thermal management (DTM) trades off fixed packaging costs on how to reduce these risks. for workload-dependent performance cost. A number of high- Keywords performance CPUs already use some form of DTM, for Thermal, temperature, power, cooling, security, virus, example the Intel Pentium 4 and Pentium M, the Transmeta failsafe, overheating, throttling, overclocking, DVS Crusoe and Efficeon, the IBM Power5, and the AMD Athlon. A great deal of recent research has explored how to design 1. Introduction DTM solutions to minimize this performance cost, e.g.. A chip’s power dissipation and hence heat dissipation are [1][2][3][4] program-dependent. This means that malicious programs can Unfortunately, the exact attribute that makes DTM potentially be written to manipulate the way a computer chip appealing for normal workloads creates a security dissipates power, intentionally affecting battery life and vulnerability. A malicious program can force DTM to engage operating temperature. The risks associated with such “power and slow the system down. And if the DTM mechanism can exploits” are poorly understood. This paper focuses on be controlled by software, even more serious consequences thermal behavior and describes possible types of thermal are possible, potentially even destruction of the CPU. attack, the types of damage that are possible, which attacks Software control of other features that affect operating require supervisor privileges, and offers preliminary temperature, like fan speed and chip voltage, only exacerbate suggestions on how designs can be changed to prevent or this problem. mitigate these attacks. To the best of our knowledge, this is In this early work, our goal is to bring this threat to the the first work to consider thermal attacks and show that attention of the research community. We first provide a brief serious damage is possible. We are not aware of any actual background on the thermal-management technologies that attacks of this form, but show that such attacks are possible, create these security risks. We then show qualitatively how may have severe consequences, and require study by the these capabilities can be used to cause undesirable behavior research and design communities. and some potential consequences. We cannot yet provide An unfortunate corollary of the exponential increase in detailed, quantitative results, but intend our early work to performance associated with Moore's Law for high- illustrate the potential security risk. Finally, we offer some performance chips is an exponential increase in power density preliminary suggestions on how designers can prevent or at and hence cooling requirements. Even for low-power least mitigate such security risks, and list some areas for applications like mobile and embedded systems, where form- future work. We argue that both hardware and software factor constraints mean that expensive cooling may not even solutions are needed. be feasible, demand for higher performance is pushing the limits of these systems’ cooling capabilities. Even in many 2. Background high-performance systems, cooling costs are severely 2.1. Thermal Monitoring and Control constrained. For example, even in a typical desktop computer, the cooling solution may only be allocated a few To illustrate the detection and management of thermal dollars! For a given price point, chips that need more stress, this section gives an overview of thermal management in the Intel Pentium 4, a thermal-management implementation expensive cooling solutions reduce the profit margin. that we regard as generally robust, although it is still One solution that allows high performance while vulnerable to some undesirable behavior caused by ill- mitigating cooling costs is to design the cooling system for behaved or malicious software. less than the worst case. Most reasonable workloads do not The Pentium 4 employs two on-chip sensors. Details can induce worst-case power dissipation, let alone over a sustained period of time. This means that designing the be found in Intel documentation for various versions of the cooling for worst-case behavior is actually costly over- Pentium 4, e.g. [5][6][7][8]. The chip’s internal thermal

control circuit uses an internal thermal diode and compares it The threshold temperatures for the thermal control circuit to a reference current. Readings from this sensor are not and the preset duty cycle are configured on a part by part basis externally visible. This sensor is placed near the portion of in conjunction with nominal voltage and frequency ratings in the CPU that is expected to be the hottest under normal order to account for manufacturing variations and to obtain operation. It is not clear if this location is guaranteed to optimal performance and energy efficiency. The threshold always represent the hottest spot, or whether it is possible temperatures for a specific chip cannot be determined to our under unusual workloads for other locations on the chip to knowledge, because the temperature difference between the become hotter software-visible diode and the internal sensor that controls When the temperature exceeds a factory-preset throttling is unknown. The throttling duty cycle can be temperature that indicates thermal stress, the thermal control determined empirically, e.g. with a multimeter. circuit begins throttling CPU activity by stopping the clock The Pentium 4’s second on-chip sensor is a thermal diode (and hence stopping all activity on the processor) for a short that is software visible. The thermal diode is not located near period of time, e.g. two microseconds. After the clock is re- the thermal control circuit’s temperature sensor, and hence not enabled, if temperature remains high, the clock will be located near expected hot spots. Intel documentation stopped again, and this process continues with a software explicitly warns that this second diode’s temperature readings controlled duty cycle. The exact duty cycle is a factory-preset are not well correlated with temperatures in the hot spots. value, but is typically close to 50% (i.e., the clock is enabled Nevertheless, this is the sensor that is externally visible. The for 2 µs, then disabled for 2 µs). This “automatic” mode duty diode produces a voltage across two external pins that can be cycle cannot be changed, but throttling can be disabled converted using external A/D hardware on the motherboard. altogether through internal configuration registers on the ACPI uses this reading to implement its thermal management CPU. policy. In our test system, this external diode gives a reading Note that the operating system can implement its own of approximately 67°C when automatic thermal throttling thermal management policy, e.g. in conjunction with ACPI. begins to engage. This probably corresponds to Tjmax values An operating system that supports ACPI can implement a of approximately 80-100°C. We find that throttling engages thermal policy that will manage CPU temperature in three gradually, which matches the Intel documentation’s different ways. The first policy is active cooling such as observation that the thermal control circuit uses hysteresis to turning on a fan. The second policy is passive cooling which avoid unnecessary oscillation. reduces power consumption of the CPU to reduce We have not been able to find any documentation giving temperature. An example of passive cooling is throttling the exact temperatures, and the lack of any other software visible processor clock. Lastly, there is a critical trip point at which sensors makes it difficult to determine actual values for the the OS conducts a graceful shutdown. Each policy has on-chip temperature gradients. Unfortunately, we do not have temperature thresholds that can be set by the OS to inform access to infrared or thermometry equipment that might allow ACPI of when to engage or disengage that policy. [9] These these kinds of measurements. thresholds can be lower than the CPU’s internal temperature thresholds. 2.2. Fan Control The thermal control circuit can be engaged “on demand” Many motherboards dynamically control fan speed in by the operating system to throttle the CPU using a duty cycle order to conserve energy and minimize noise. (Many fans can chosen from a range of 12.5%-87.5%. This might be used by be uncomfortably loud at full speed.) A database listing the operating system as part of ACPI thermal management or motherboards that allow fan speed control is available at [10]. for other purposes. This means that software, through the fan controller’s When the processor engages throttling, it also asserts an configuration registers, can vary the voltage to the fan or even external pin (PROCHOT) to inform the operating system, in disable it. case this may influence its scheduling or power/thermal 2.3. Frequency and Voltage Scaling management. For systems which have been designed with Dynamic voltage and frequency scaling (DVS) allow the more robust and expensive cooling solutions, where DTM CPU to operate in a lower-performance but also lower-power should never engage, PROCHOT may also indicate cooling state when the load is light, and scale up to higher- failure or a radically misbehaving workload. performance states only when running CPU intensive A second, failsafe thermal control circuit engages at a programs. This technique takes advantage of the fact that second, factory-preset temperature, approximately 135°C, power is roughly proportional to V2f, so that power savings is when immediate damage in imminent, and automatically roughly cubic with respect to the loss in performance (i.e., resets the chip. This shuts down the processor, asserts an frequency). Indeed, many chip manufacturers brand their external pin (THERMTRIP), and forces the system to be DVS technique for marketing purposes. Examples include rebooted. Unlike thermal throttling, this mechanism cannot, various forms of Intel’s SpeedStep and AMD’s PowerNow. to our knowledge, be disabled. The failsafe is needed in case To manage the DVS setting in response to changing the DTM response that is designed for minimal performance workload conditions, the OS typically has the ability to overhead cannot control the temperature, or in cases where the control voltage and frequency. An interesting side effect of cooling solution fails (for example, a fan failure or a detached this capability has been its use for “overclocking,” setting the heat sink.) frequency and possibly the voltage to higher values than the