DEGREE PROJECT IN COMPUTER SCIENCE AND ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2021 Analysis of Transient-Execution Attacks on the out-of-order CHERI- RISC-V Microprocessor Toooba FRANZ ANTON FUCHS KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE Analysis of Transient-Execution Attacks on the out-of-order CHERI-RISC-V Microprocessor Toooba FRANZ ANTON FUCHS Master in Computer Science Date: January 27, 2021 Supervisor: Roberto Guanciale Examiner: Mads Dam School of Electrical Engineering and Computer Science Host Organisation: University of Cambridge Department of Computer Science and Technology Swedish title: Analys av transient-execution attacker på out-of-order CHERI-RISC-V mikroprocessorn Toooba ii Analysis of Transient-Execution Attacks on the out-of-order CHERI-RISC-V Microprocessor Toooba Copyright © 2021 by Franz Anton Fuchs All rights reserved. No part of this work may be reproduced or used in any manner without written permission of the copyright owner except for the use of quotations. iii Abstract Transient-execution attacks have been deemed a large threat for microarchitec- tures through research in recent years. In this work, I reproduce and develop transient-execution attacks against RISC-V and CHERI-RISC-V microarchi- tectures. CHERI is an instruction set architecture (ISA) security extension that provides fine-grained memory protection and compartmentalisation. I con- duct transient-execution experiments for this work on Toooba – a superscalar out-of-order processor implementing CHERI-RISC-V. I present a new sub- class of transient-execution attacks dubbed Meltdown-CF(Capability Forgery). Furthermore, I reproduced all four major Spectre-style attacks and important Meltdown-style attacks. This work analyses all attacks and explains the out- come of the respective experiments based on architectural and microarchitec- tural decisions made by their developers. While all four Spectre-style attacks could be successfully reproduced, the cores do not appear to be vulnerable to prior Meltdown-style attacks. I find that Spectre-BTB and Spectre-RSB pose a large threat to CHERI systems as well as the newly developed transient- execution attack subclass Meltdown-CF. However, all four major Spectre-style attacks and all attacks of the Meltdown-CF subclass violate CHERI’s security model and therefore require security mechanisms to be put in place. iv Sammanfattning Transient-execution-attacker har utgjort ett stort hot för mikroarkitekturer i senaste årens forskning. I den här avhandlingen återskapar jag och utvecklar transient-execution-attacker mot RISC-V och CHERI-RISC-V mikroarkitek- turer. CHERI är en instruction set architecture (ISA) security extension som ger finkornig memory protection och compartmentalisation. I avhandlingen genomför jag transient-execution-experiment på Toooba – en superscalar out- of-order processor som implementerar CHERI-RISC-V. Jag presenterar en ny sorts transient-execution-attack som kallas Meltdown-CF(Capability Forge- ry). Därutöver har jag återskapat de fyra stora Spectre-style-attackerna och viktiga Meltdown-style-attacker. I avhandlingen analyserar jag dessa attac- ker och förklarar resultaten från experimenten utifrån de arkitektoniska och mikroarkitektoniska besluten tagna av respektive utvecklare. Medan de fyra Spectre-style-attackerna kunde återskapas med framgång verkar inte proces- sorkärnorna vara sårbara för tidigare Meltdown-style-attacker. Jag kom fram till att Spectre-BTB och Spectre-RSB såväl som den nya sortens transient- execution-attack Meltdown-CF utgör ett stort hot för CHERI-system. Däremot bryter de fyra stora Spectre-style-attackerna och alla attacker av Meltdown- CF-typen mot CHERI:s threat-model och kräver därmed säkerhetsmekanismer för att verkställas. v Acknowledgements I would like to thank: • Simon W. Moore, my supervisor at Cambridge, who – even though the circumstances were not in our favour – believed in me and gave me the opportunity to conduct my work remotely. Furthermore, he provided lots of feedback throughout close and regular supervision sessions. • Jonathan Woodruff, my advisor, who spent many hours explaining vari- ous concepts to me, was always happy to discuss my ideas, and provided feedback and inspirations that heavily impacted my work. • Peter Rugg, Alexandre Joannou, Jessica Clarke, Marno van der Maas, and others who assisted me in solving a wide range of problems and made me rethink my approaches and ideas. • Robert N. M. Watson and the entire CHERI team who warmly welcomed me into the team and created a helpful and encouraging atmosphere. • Roberto Guanciale, my supervisor at KTH, who made it possible to con- duct this thesis work within the CHERI group and supported me through the entire process by providing important high-level feedback. Contents 1 Introduction 1 1.1 Research Question and Scope . 2 1.2 Contributions . 2 1.3 Figures and Permissions . 2 1.4 Outline . 3 2 Background 4 2.1 Microarchitectural Background . 4 2.1.1 RISC-V . 4 2.1.2 Caches and Memory . 6 2.1.3 Out-of-order Execution . 6 2.1.4 Speculative Execution . 7 2.1.5 Memory Disambiguation . 9 2.2 Transient-Execution Attacks . 9 2.2.1 Spectre Attacks . 10 2.2.2 Meltdown Attacks . 13 2.2.3 Timing Side Channels . 15 2.3 Security Mechanisms . 15 2.3.1 Tagging Microarchitectural State . 16 2.3.2 Special Instructions . 16 2.4 CHERI . 17 2.4.1 CHERI Abstract Model . 17 2.4.2 CHERI-RISC-V . 21 2.4.3 CHERI-RISC-V Hardware . 22 2.4.4 CHERI Software Stack . 22 2.4.5 CHERI Security Model . 23 2.5 Related Work . 24 vii viii CONTENTS 3 Methods 26 3.1 Toooba . 26 3.2 Research Methodology . 28 3.3 Common Mechanisms . 29 3.3.1 Flushing Caches . 29 3.3.2 Timing Measurements . 30 4 RISC-V Results 32 4.1 Spectre Attacks . 32 4.1.1 Spectre-PHT . 33 4.1.2 Spectre-PHT-Write . 34 4.1.3 Spectre-BTB . 34 4.1.4 Spectre-RSB . 34 4.1.5 Spectre-STL . 35 4.2 Meltdown Attacks . 36 4.2.1 Meltdown-US . 36 4.2.2 Meltdown-GP . 37 5 CHERI-RISC-V Results 38 5.1 Spectre Attacks . 38 5.1.1 Spectre-PHT . 38 5.1.2 Spectre-PHT-CHERI-Write . 41 5.1.3 Spectre-BTB on CHERI-Sandboxes . 41 5.1.4 Priv-Mode Attacks . 45 5.1.5 Spectre-RSB . 46 5.1.6 Spectre-STL . 48 5.2 Meltdown Attacks . 49 5.2.1 Meltdown-US-CHERI . 49 5.2.2 Meltdown-GP-CHERI . 50 5.2.3 Meltdown-CF . 51 6 Discussion 58 6.1 SinglePCC . 58 6.1.1 Mechanism . 58 6.1.2 Testing SinglePCC . 59 6.1.3 Hardening SinglePCC . 60 6.1.4 Spectre-BTB in Kernel Code . 62 6.2 Preventing Meltdown-CF . 63 6.3 Ethics and Sustainability . 64 6.4 Future Work . 64 CONTENTS ix 7 Conclusions 66 Bibliography 67 A Full C Attack 73 B Full CHERI-RISC-V Attack 78 x CONTENTS Acronyms ABI Application Binary Interface ALU Arithmetic Logic Unit ASID Address Space Identifier ASR Access System Registers BHT Branch History Table BOOM Berkeley Out-of-Order Machine BTB Branch Target Buffer CHERI Capability Hardware Enhanced RISC Instructions CID CHERI Compartment Identifier CISC Complex Instruction Set Computing CSR Control and Status Register DDC Default Data Capability FPGA Field Programmable Gate Array FPU Floating Point Unit HDL Hardware Description Language ILP Instruction-Level Parallelism IR Intermediate Representation ISA Instruction-Set Architecture LFB Line Fill Buffer LLC Last Level Cache LSB Least Significant Bit LSQ Load-Store Queue MMU Memory Management Unit CONTENTS xi MSB Most Significant Bit PCC Program Counter Capability PHT Pattern History Table PTE Page Table Entry RAS Return Address Stack RIDL Rogue In-Flight Data Load RISC Reduced Instruction Set Computing ROB Reorder Buffer ROP Return-Oriented Programming RSB Return Stack Buffer SCR Special Capability Register STL Store-To-Load SUM Supervisor User Memory TLB Translation Lookaside Buffer Chapter 1 Introduction Memory safety in general has been one of the most difficult security problems in the secure computing world. The heartbleed bug gives a good example of the severity of memory safety problems and explains the need for strong memory safety [1]. One approach to mitigate these kinds of attacks is Cyclone – a dialect of C that aims to achieve memory safety [2]. Similar approaches are CCured [3] that aims to enhance type-safety of C programs and Checked C [4] that helps to guarantee spatial memory safety for C programs. Another approach to implement memory safety is in-memory capability systems, which enforce memory accesses through capabilities in place of in- teger addresses. The idea of capability systems is not new, but has existed for more than forty years, e.g., the CAP Computer [7] or Ackerman’s architecture [8]. However, capability systems have never been commercially successful. The CHERI project starting in 2010 revived the idea of capability systems and had a large impact on the field. The main idea of CHERI is to effectively ensure spatial and temporal memory safety. CHERI systems can mitigate at- tacks targeting spatial or temporal memory safety vulnerabilities. However, in January 2018, a new class of attacks was published called transient-execution attacks. These kinds of attacks had a major impact on the processor industry and pose a large threat to CHERI systems as they can circumvent the security mechanisms in place. Transient-execution attacks have partly been evaluated on RISC-V and not evaluated at all on CHERI-RISC-V systems. Therefore, the question remains whether these attacks are also possible on RISC-V and CHERI-RISC-V systems, which this thesis aims to answer. 1 2 CHAPTER 1. INTRODUCTION 1.1 Research Question and Scope The main research question evaluated throughout the course of this thesis is: Is the out-of-order CHERI-RISC-V processor Toooba vulnerable to transient- execution attacks? In order to answer that question, I will attempt to repro- duce all major transient-execution attacks in both RISC-V and CHERI-RISC- V.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages99 Page
-
File Size-