MORITZMORITZ LIPPLIPP Exploiting Microarchitectural Optimizations from Software Illustration Natascha Eibl Exploiting Microarchitectural Optimizations from Software by Moritz Lipp Ph.D. Thesis Assessors Daniel Gruss (Graz University of Technology) Thomas Eisenbarth (University of Lübeck) August 2021 Institute for Applied Information Processing and Communications Faculty of Computer Science Graz University of Technology iii AFFIDAVIT I declare that I have authored this thesis independently, that I have not used other than the declared sources/resources, and that I have explicitly indicated all material which has been quoted either literally or by content from the sources used. The text document uploaded to TUGRAZonline is identical to the present doctoral thesis. Date, Signature Abstract With abstraction layers, the implementation details of software and hard- ware components are hidden away to deal with the complexity of modern computer systems. While the Instruction Set Architecture (ISA) serves as an interface between the CPU and the software running on it, the com- puter microarchitecture is the actual hardware implementation of the ISA. The clearly defined interfaces do not only cover up the complexity but also allow different variants of the microarchitecture to be built. While they all fulfill the contract defined by the ISA, they can differ inother aspects, such as performance, security, energy efficiency, or other physical properties. Microarchitectural attacks exploit these variations occurring on the microarchitectural level of modern CPUs. With side-channel at- tacks and fault attacks, there are different ways that allow learning from and tampering with the actual implementation. These attacks allow ad- versaries to extract sensitive information processed on the system, e.g., cryptographic keys or user behavior. In this thesis, we expand the landscape of software-based microarchi- tectural attacks and defenses. By exploring the security implications of different optimizations, we identify previously unknown attack vectors, allowing us to circumvent the most fundamental security guarantees of modern processors. We combine traditional physical side-channel analy- ses with software-based microarchitectural attack techniques to leak sen- sitive information processed on the CPU. We enlarge our understanding of which settings and circumstances facilitate different existing attacks and give new insights into developing effective and efficient mitigations. In the first part of this thesis, we discuss the contributions of this thesis and provide background on CPU architecture and memory organization, as well as side-channel attacks and fault attacks. Furthermore, we dis- cuss the state of the art of software-based microarchitectural attacks and defenses. In the second part, a selection of my peer-reviewed publications is provided without modification from their original versions. v Acknowledgements First and foremost, I want to thank my advisor, long-time office colleague and friend, Daniel Gruss, who initially sparked my keen interest in mi- croarchitectural attacks. While I have always considered side-channel attacks as black magic and, therefore, have been very reluctant to learn about them, working with Daniel on my master thesis ignited my fasci- nation for this research field. I want to thank you for your continuous support, the freedom you granted me in my research, the endless effort you invest in everything, and your openness for different opinions. I would especially like to thank Michael Schwarz for his friendship, tireless support, and ambition to work on all those different projects with me. I really enjoyed our time working together, discussing all kinds of ideas while keeping the caffeine level at a healthy high, and discovering parts of the world after conferences. I will miss the late-night debugging sessions, ambitious paper sprints, and presenting our work together. Looking back over the last years, I want to thank you both, Daniel and Michael, for this incredible journey. I really enjoyed sharing the office with you, all the discussions, and the endless effort we put in as a team. The ups and downs we faced together make this roller coaster ride unfor- gettable for me. I want to thank Thomas Eisenbarth for valuable feedback, interesting discussions and taking the time and effort to assess my thesis. Furthermore, I would really like to thank Stefan Mangard for giving me the opportunity to pursue a Ph.D. in the first place. Thank you for your support and advice over the years. Over the last couple of years, I had the honor to meet, work and make friends with incredibly kind and talented people worldwide. While the list would be endless, I want to especially thank Jo van Bulck and Daniel Moghimi for insightful discussions and the great teamwork. Likewise, I want to thank Anders Fogh, David Oswald, Berk Sunar, Julian Steck- lina, and Thomas Prescher for great discussions and fruitful collabora- tions. I am further grateful to all my (former) colleagues at the insti- tute for insightful discussions and for creating such an enjoyable work- ing environment, in particular, Martin Schwarzl, Claudio Canella, Lukas Giner, Catherine Easdon, Andreas Kogler, Clémentine Maurice, Robert vii viii Schilling, Mario Werner, Peter Pessl, Stefan More and Sebastian Ra- macher. I want to thank my parents, Peter and Michaela, and my siblings, Ilona, Lukas, and Nikolaus, for all their love and support throughout my en- tire life. I would like to thank my loving family, Gertraud, Eva, Helga, Gerhard, Heidrun, and Renate, for their support. A special thanks goes to all my friends; without their support, I could not have completed this thesis. Thank you for meaningful discussions, even late at night, and providing the necessary distractions to the working life. Furthermore, I want to thank Yuki, Rasputin, and my bees for always helping me to find tranquilness even in the most stressful times. Finally, I want to be grateful to my better half, Natascha, for her never- ending supporting love and patience. Thank you for tolerating all follow- ing deadlines and supporting me throughout all those years. This work could not have been done without you. Contents Affidavit iii Abstract v Acknowledgements vii Contents ix I. Exploiting Microarchitectural Optimizations from Soft- ware 1 1. Introduction and Contribution 3 1.1. Main Contributions . 7 1.2. Other Contributions . 12 1.3. Outline . 17 2. Background 19 2.1. Architecture and Microarchitecture . 19 2.2. Memory Organization . 34 2.3. Side-Channel Attacks and Fault Attacks . 44 3. State of the Art 49 3.1. Software-based Microarchitectural Side-Channel Attacks . 49 3.2. Transient-Execution Attacks . 60 3.3. Software-based Microarchitectural Fault Attacks . 71 3.4. Software-based Power Side-Channel Attacks . 74 4. Conclusion 77 References 79 II. Publications 105 5. Take A Way 107 6. Meltdown 149 ix x Contents 7. Nethammer 195 8. Keystroke Timing Attacks 225 9. PLATYPUS 251 10.KASLR is Dead: Long Live KASLR 301 Part I. Exploiting Microarchitectural Optimizations from Software 1 1 Introduction and Contribution In software engineering and computer science, interfaces are defined boundaries that are shared between two or more components enabling them to interact with each other. These components exist in software and hardware, can be a combination of both, or in fact, even peripheral devices or human beings interacting with a device [108]. By specify- ing how components are supposed to interact with each other, what the expected behavior of the other component is, interfaces grant great flex- ibility in the implementation of the component as long as the expected behavior is maintained. By abstracting away components of a system, simple interfaces do not only cover up the complexity of the system but allow different variants of a component to be implemented. For example, in a software project, a new, more performant algorithm is implemented for a defined interface. Conforming to the interface’s specification, this allows it to easily replace the old implementation without the need to modify the rest of the system. However, these interfaces do not only exist within software projects but also between applications and the operating system or between developers and the actual hardware. While the implementations all fulfill the same purpose, they can differ in other aspects like the performance. Architecture vs. Microarchitecture In computing, an architecture typically refers to the instruction set ar- chitecture (ISA), also called computer architecture. While the ISA serves as an interface between the CPU and the software running on it, the computer microarchitecture is the actual hardware implementation of the architecture [103]. Thus, the complexity of the implementation is abstracted away by the (less complex) architecture specification. With different microarchitectures implementing the same architectural specifi- cation, the same application can perform differently on them, i.e., while 3 4 Chapter 1. Introduction and Contribution the computed results are the same, the runtime performance, energy ef- ficiency, or other physical properties may vary. However, this viewis not limited to the central processing unit alone but can be applied to every abstraction layer. This includes other hardware interfaces, e.g., the DRAM, as well [154, 267]. As long as the memory module conforms to the specification, the manufacturer can carry out its implementation in different ways. Furthermore, this view