Linköping University | Department of Computer and Information Science Master thesis, 30 ECTS | Datateknik 2019 | LIU-IDA/LITH-EX-A--19/045--SE Examining the Impact of Micro- architectural Attacks on Micro- kernels – a study of Meltdown and Spectre Gunnar Grimsdal Patrik Lundgren Supervisor : Felipe Boeira Examiner : Mikael Asplund External supervisor : Christian Vestlund Linköpings universitet SE–581 83 Linköping +46 13 28 10 00 , www.liu.se Upphovsrätt Detta dokument hålls tillgängligt på Internet - eller dess framtida ersättare - under 25 år från publiceringsdatum under förutsättning att inga extraordinära omständigheter uppstår. Tillgång till dokumentet innebär tillstånd för var och en att läsa, ladda ner, skriva ut enstaka kopior för enskilt bruk och att använda det oförändrat för ickekommersiell forskning och för undervisning. Överföring av upphovsrätten vid en senare tidpunkt kan inte upphäva detta tillstånd. All annan användning av dokumentet kräver upphovsmannens medgivande. För att garantera äktheten, säkerheten och tillgängligheten finns lösningar av teknisk och administrativ art. Upphovsmannens ideella rätt innefattar rätt att bli nämnd som upphovsman i den omfattning som god sed kräver vid användning av dokumentet på ovan beskrivna sätt samt skydd mot att dokumentet ändras eller presenteras i sådan form eller i sådant sammanhang som är kränkande för upphovsmannens litterära eller konstnärliga anseende eller egenart. För ytterligare information om Linköping University Electronic Press se förlagets hemsida http://www.ep.liu.se/. Copyright The publishers will keep this document online on the Internet - or its possible replacement - for a period of 25 years starting from the date of publication barring exceptional circumstances. The online availability of the document implies permanent permission for anyone to read, to download, or to print out single copies for his/hers own use and to use it unchanged for non- commercial research and educational purpose. Subsequent transfers of copyright cannot revoke this permission. All other uses of the document are conditional upon the consent of the copyright owner. The publisher has taken technical and administrative measures to assure authenticity, security and accessibility. According to intellectual property law the author has the right to be mentioned when his/her work is accessed as described above and to be protected against infringement. For additional information about the Linköping University Electronic Press and its procedures for publication and for assurance of document integrity, please refer to its www home page: http://www.ep.liu.se/. Gunnar Grimsdal © Patrik Lundgren Abstract Most of today’s widely used operating systems are based on a monolithic design and have a very large code size which complicates verification of security-critical applications. One approach to solving this problem is to use a microkernel, i.e., a small kernel which only implements the bare necessities. A system using a microkernel can be constructed using the operating-system framework Genode, which provides security features and a strict process hierarchy. However, these systems may still be vulnerable to microarchitectural attacks, which can bypass an operating system’s security features, exploiting vulnerable hardware. This thesis aims to investigate whether microkernels are vulnerable to the microarchitectural attacks Meltdown and Spectre version 1 in the context of Genode. Furthermore, the thesis analyzes the execution cost of mitigating Spectre version 1 in a Genode’s remote procedure call. The result shows how Genode does not mitigate the Meltdown attack, which will be confirmed by demonstrating a working Meltdown attack on Genode+Linux. We also determine that microkernels are vulnerable to Spectre by demonstrating a working attack against two microkernels. However, we show that the cost of mitigating this Spectre attack is small, with a cost of 3% slowdown for remote procedure calls in Genode. Acknowledgments We would like to thank all the people at Sectra Communications AB for their welcoming and assistance with our thesis. We would like to give special thanks to our supervisor Christian Vestlund for his engagement and supporting knowledge on side-channel attacks. Additionally, we would like to thank Jonathan Jogenfors for his useful insights on writing a thesis. From Linköping University, we would like to thank our examiner Mikael Asplund for his enthusiasm and academic input and Felipe Boeira for his feedback and support in writing our thesis. iv Contents Abstract iii Acknowledgments iv Contents v List of Figures viii List of Tables x 1 Introduction 2 1.1 Microkernel . 2 1.2 Genode . 3 1.3 Meltdown and Spectre . 3 1.4 Motivation . 4 1.5 Aim............................................ 4 1.6 Research Questions . 4 1.7 Delimitations . 5 1.8 Thesis Outline . 5 2 Background 6 2.1 CPU Optimizations . 6 2.1.1 Cache . 6 2.1.2 Data Prefetching . 7 2.1.3 Out-of-Order Execution . 7 2.1.4 Speculative Execution . 7 2.1.5 Intel TSX . 7 2.2 Timing Channels . 7 2.2.1 Cache-Based Timing Channels . 8 2.2.2 Accurately Measuring Time . 8 2.3 Flush+Reload . 9 2.3.1 Shared Memory . 9 2.3.2 Preventing Data Prefetching . 10 2.4 Meltdown . 10 2.4.1 Virtual Address Space . 10 2.4.2 Meltdown Attack Description . 11 2.4.3 Proof-Of-Concept Implementation . 11 2.4.4 Mitigations . 12 2.4.5 Meltdown on Genode . 12 2.5 Spectre . 12 2.5.1 Spectre V1 Attack Description . 13 2.5.2 Spectre V1 Mitigations . 13 2.5.2.1 Preventing Speculative Execution . 13 v 2.5.2.2 Index Bitmasking . 14 2.6 Performance . 15 2.6.1 Microkernel Performance . 15 2.6.2 IPC Performance . 15 2.7 Related Work . 15 2.7.1 Genode . 16 2.7.2 Side Channels . 16 2.7.3 Microarchitectural Attacks . 16 2.7.4 Linux Control Groups . 17 2.7.5 Security by Virtualization . 17 3 Method 18 3.1 Setting up System Under Test . 18 3.1.1 Using x86 Intrinsics . 18 3.1.2 Obtaining Output . 19 3.1.3 Building and Running on Nova . 20 3.1.4 Building and Running on Okl4 . 20 3.1.5 Building and Running on Linux . 21 3.1.6 Measuring Throughput . 21 3.2 Implementing the Flush+Reload Channel . 22 3.2.1 Measuring Cache Hits . 22 3.2.2 Preventing Data Prefetching . 23 3.2.3 Adapting the Channel to Targeted Kernels . 24 3.2.4 Measuring Throughput of the Covert Channel . 25 3.2.5 Reducing Noise . 25 3.3 Implementing Meltdown . 26 3.3.1 Recovering from Segmentation Fault . 26 3.3.2 Disabling Mitigations . 26 3.3.3 Choosing a Target Address . 26 3.4 Implementing Spectre . 27 3.4.1 Ensuring Speculative Execution . 28 3.4.2 Configure Variables for Spectre . 28 3.4.3 Measuring Throughput . 29 3.4.4 Measuring Impact of Mitigations . 29 4 Results 30 4.1 Flush+Reload . 30 4.1.1 Choosing Cache-Hit Thresholds . 30 4.1.2 Preventing Data Prefetching . 31 4.1.3 Measuring Throughput . 33 4.1.4 Reducing Noise . 33 4.2 Meltdown . 37 4.2.1 Reading a Victim’s Secret . 37 4.2.2 Reading the Linux Version Banner . 37 4.3 Spectre . 37 4.3.1 Training the Branch Predictor . 37 4.3.2 Ensuring Speculative Execution . 39 4.3.3 Attack Throughput . 39 4.3.4 Mitigations . 39 4.3.5 Error Sources . 41 5 Discussion 43 5.1 Flush+Reload . 43 vi 5.1.1 Cache-Hit Measurements . 43 5.1.2 Choosing Cache-Hit Thresholds . 44 5.1.3 Preventing Data Prefetching . 44 5.1.4 Inaccuracies in Throughput Measurements . 44 5.1.5 Reducing Noise . 45 5.2 Meltdown . 45 5.2.1 Alternative Segmentation Fault Recovery . 45 5.2.2 Turning off Mitigations . 45 5.2.3 The Difficulties of Reading Secrets . ..