Ghosts in a Nutshell Moritz Lipp (@mlqxyz) Claudio Canella (@cc0x1f) Who am I? Moritz Lipp PhD student @ Graz University of Technology 7 @mlqxyz R [email protected] 1 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Who am I? Claudio Canella PhD student @ Graz University of Technology 7 @cc0x1f R [email protected] 2 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Media Media Meltdown & Spectre • Side-Channel Vulnerability Variant 1, 2, 3 • and Variant 3a • Meltdown and Spectre have been disclosed 4 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Motivation • Variant 1 - Bounds Check Bypass (BCB) • Variant 2 - Branch Target Injection (BTI) • Variant 3 - Rogue Data Cache Load (RDCL) • Variant 3a - Rogue System Register Read (RSRR) • Variant 4 - Speculative Store Bypass (SSB) • Variant 1.1 - Bounds Check Bypass Store (BCBS) • Variant 1.2 - Read-only protection bypass (RPB) • Lazy FP State Restore 5 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Motivation • SpectreRSB - Return Mispredict • Foreshadow • L1 Terminal Fault (L1TF) • Portsmash • Netspectre • SMoTherSpectre • SPOILER 6 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Motivation • KAISER patch / KPTI / KVA Shadow • Microcode Updates • IBRS / STIPB / IBPB • Retpoline • Taint Tracking • Serialization • InvisiSpec / SafeSpec / DAWG • RSB Stuffing • Site Isolation • SSBD / SSBB • ... 7 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Now you already lost me . • Give a comprehensible overview of all attacks and defenses • Show that systematic analysis allows to find new attacks and circumventions of countermeasures What this talk is • We want to shed some light and make it less confusing 8 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) • Show that systematic analysis allows to find new attacks and circumventions of countermeasures What this talk is • We want to shed some light and make it less confusing • Give a comprehensible overview of all attacks and defenses 8 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) What this talk is • We want to shed some light and make it less confusing • Give a comprehensible overview of all attacks and defenses • Show that systematic analysis allows to find new attacks and circumventions of countermeasures 8 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Background • Information leaks due to underlying hardware • Exploit leakage through side-effects Power Execution Microarchitectural consumption time elements Side-channel Attacks • Bug-free software does not mean safe execution 9 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) • Exploit leakage through side-effects Power Execution Microarchitectural consumption time elements Side-channel Attacks • Bug-free software does not mean safe execution • Information leaks due to underlying hardware 9 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Power Execution Microarchitectural consumption time elements Side-channel Attacks • Bug-free software does not mean safe execution • Information leaks due to underlying hardware • Exploit leakage through side-effects 9 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Side-channel Attacks • Bug-free software does not mean safe execution • Information leaks due to underlying hardware • Exploit leakage through side-effects Power Execution Microarchitectural consumption time elements 9 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) • Interface between hardware and software • Microarchitecture is an ISA implementation Architecture vs Microarchitecture • Instruction Set Architecture (ISA) is an abstract model of a computer (x86, ARMv8, SPARC, . ) 10 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) • Microarchitecture is an ISA implementation Architecture vs Microarchitecture • Instruction Set Architecture (ISA) is an abstract model of a computer (x86, ARMv8, SPARC, . ) • Interface between hardware and software 10 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Architecture vs Microarchitecture • Instruction Set Architecture (ISA) is an abstract model of a computer (x86, ARMv8, SPARC, . ) • Interface between hardware and software • Microarchitecture is an ISA implementation 10 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Architecture vs Microarchitecture • Instruction Set Architecture (ISA) is an abstract model of a computer (x86, ARMv8, SPARC, . ) • Interface between hardware and software • Microarchitecture is an ISA implementation 10 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Caches and buffer Predictor • Transparent for the programmer • Timing optimizations ! side-channel leakage Microarchitectural Elements • Modern CPUs contain multiple microarchitectural elements 11 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) • Transparent for the programmer • Timing optimizations ! side-channel leakage Microarchitectural Elements • Modern CPUs contain multiple microarchitectural elements Caches and buffer Predictor 11 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) • Timing optimizations ! side-channel leakage Microarchitectural Elements • Modern CPUs contain multiple microarchitectural elements Caches and buffer Predictor • Transparent for the programmer 11 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Microarchitectural Elements • Modern CPUs contain multiple microarchitectural elements Caches and buffer Predictor • Transparent for the programmer • Timing optimizations ! side-channel leakage 11 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Caches & Cache Attacks Cache printf("%d", i); printf("%d", i); 12 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Cache Cache miss printf("%d", i); printf("%d", i); 12 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Cache Cache miss Request printf("%d", i); printf("%d", i); 12 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Cache Cache miss Request printf("%d", i); printf("%d", i); Response 12 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Cache Cache miss Request printf("%d", i); i printf("%d", i); Response 12 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Cache Cache miss Request printf("%d", i); i printf("%d", i); Response Cache hit 12 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Cache DRAM access, slow Cache miss Request printf("%d", i); i printf("%d", i); Response Cache hit 12 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Cache DRAM access, slow Cache miss Request printf("%d", i); i printf("%d", i); Response Cache hit No DRAM access, much faster 12 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Caching speeds up Memory Accesses ·104 Cache hit 3 Cache miss 2 1 Number of accesses 0 100 200 300 400 500 600 700 800 900 1,000 1,100 1,200 Measured access time (CPU cycles) 13 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Flush+Reload 14 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Flush+Reload 14 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Flush+Reload 14 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Flush+Reload 14 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Flush+Reload 14 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Flush+Reload 14 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Flush+Reload 14 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Flush+Reload 14 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Only meta data. Not interesting and not in any threat model. Cache Attacks • Leak cryptographic keys • Leak information on co-located virtual machines • Monitor function calls of other applications • Build covert communication channels • ... 15 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Cache Attacks • Leak cryptographic keys • Leak information on co-located virtual machines • Monitor function calls of other applications • Build covert communication channels • ... Only meta data. Not interesting and not in any threat model. 15 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Out-of-order execution Out-of-order Execution int width = 10, height = 5; float diagonal= sqrt(width* width + height* height); int area= width* height; printf("Area%dx%d=%d\n", width, height, area); 16 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) Out-of-order Execution Parallelize int width = 10, height = 5; float diagonal= sqrt(width* width + height* height); int area= width* height; Dependency printf("Area%dx%d=%d\n", width, height, area); 16 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) • dispatched to the backend • processed by individual execution units Out-of-Order Execution ITLB L1 Instruction Cache Branch Instruction Fetch & PreDecode Predictor Instruction Queue µOP Cache 4-Way Decode Frontend µOPs µOP µOP µOP µOP MUX Allocation Queue µOP µOP µOP µOP Instructions are CDB Reorder buffer µOP µOP µOP µOP µOP µOP µOP µOP • fetched and decoded in the front-end Scheduler µOP µOP µOP µOP µOP µOP µOP µOP AGU Load data Load data Store data ALU, Branch ALU, Vect, . ALU, AES, . ALU, FMA, . Execution Engine Execution Units Load Buffer Store Buffer DTLB STLB L1 Data Cache Memory Subsystem L2 Cache 17 Moritz Lipp (@mlqxyz), Claudio Canella (@cc0x1f) • processed by individual execution units Out-of-Order Execution ITLB L1 Instruction Cache Branch Instruction Fetch & PreDecode Predictor Instruction Queue µOP Cache 4-Way Decode Frontend µOPs µOP µOP µOP µOP MUX Allocation Queue µOP µOP µOP µOP Instructions are CDB Reorder buffer µOP µOP µOP µOP µOP µOP µOP µOP • fetched and decoded in the front-end Scheduler µOP µOP µOP µOP µOP µOP µOP µOP • dispatched to the backend AGU Load data Load data Store data ALU, Branch ALU, Vect, . ALU, AES, . ALU, FMA, . Execution Engine Execution Units Load Buffer Store Buffer DTLB STLB L1 Data Cache Memory Subsystem L2 Cache 17 Moritz