lvi
play

LVI Hijacking Transient Execution with Load Value Injection Daniel - PowerPoint PPT Presentation

May 31, 2023 •255 likes •1.47k views

LVI Hijacking Transient Execution with Load Value Injection Daniel Gruss, Daniel Moghimi, Jo Van Bulck Hardwear.io Virtual Con, April 30, 2020 1 Daniel Gruss, Daniel Moghimi, Jo Van Bulck National Geographic Processor security: Hardware

  1. Spectre-PHT (v1) LUT index = 2; char* data = ”textKEY”; if (index < 4) then else Prediction Index ’x’ 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  2. Spectre-PHT (v1) LUT index = 3; char* data = ”textKEY”; if (index < 4) then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  3. Spectre-PHT (v1) LUT index = 3; char* data = ”textKEY”; if (index < 4) then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  4. Spectre-PHT (v1) LUT index = 3; char* data = ”textKEY”; if (index < 4) Speculate then else Index ’t’ Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  5. Spectre-PHT (v1) LUT index = 3; char* data = ”textKEY”; if (index < 4) then else Index ’t’ Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  6. Spectre-PHT (v1) LUT index = 4; char* data = ”textKEY”; if (index < 4) then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  7. Spectre-PHT (v1) LUT index = 4; char* data = ”textKEY”; if (index < 4) then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  8. Spectre-PHT (v1) LUT index = 4; Index ’K’ char* data = ”textKEY”; if (index < 4) Speculate then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  9. Spectre-PHT (v1) LUT index = 4; Index ’K’ char* data = ”textKEY”; if (index < 4) Execute then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  10. Spectre-PHT (v1) LUT index = 5; char* data = ”textKEY”; if (index < 4) then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  11. Spectre-PHT (v1) LUT index = 5; char* data = ”textKEY”; if (index < 4) then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  12. Spectre-PHT (v1) LUT index = 5; Index ’E’ char* data = ”textKEY”; if (index < 4) Speculate then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  13. Spectre-PHT (v1) LUT index = 5; Index ’E’ char* data = ”textKEY”; if (index < 4) Execute then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  14. Spectre-PHT (v1) LUT index = 6; char* data = ”textKEY”; if (index < 4) then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  15. Spectre-PHT (v1) LUT index = 6; char* data = ”textKEY”; if (index < 4) then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  16. Spectre-PHT (v1) LUT index = 6; char* data = ”textKEY”; Index ’Y’ if (index < 4) Speculate then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  17. Spectre-PHT (v1) LUT index = 6; char* data = ”textKEY”; Index ’Y’ if (index < 4) Execute then else Prediction 0 LUT[data[index] * 4096] 15 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  18. ? ?

  19. Meltdown: Transiently encoding unauthorized memory Unauthorized access 16 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  20. Meltdown: Transiently encoding unauthorized memory Unauthorized access Transient out-of-order window oracle array secret idx 16 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  21. Meltdown: Transiently encoding unauthorized memory Unauthorized access Transient out-of-order window Exception (discard architectural state) 16 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  22. Meltdown: Transiently encoding unauthorized memory Unauthorized access Transient out-of-order window Exception handler oracle array cache hit 16 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  23. Meltdown variants: Microarchitectural buffers CDB Reorder buffer L1 Instruction Cache ITLB µ OP µ OP µ OP µ OP µ OP µ OP µ OP µ OP Scheduler Execution Engine Branch Instruction Fetch & PreDecode Predictor µ OP µ OP µ OP µ OP µ OP µ OP µ OP µ OP Frontend Instruction Queue Store data Load data Load data ALU, AES, ... ALU, FMA, ... ALU, Vect, ... ALU, Branch 4-Way Decode AGU µ OP Cache µ OPs µ OP µ OP µ OP µ OP MUX Execution Units Allocation Queue µ OP µ OP µ OP µ OP Memory Subsystem Load Buffer Store Buffer DTLB STLB L1 Data Cache LFB L2 Cache L3 Cache DRAM 17 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  24. The transient-execution zoo https://transient.fail PHT-CA-IP Cross-address-space PHT-CA-OP Spectre-PHT PHT-SA-IP Same-address-space PHT-SA-OP BTB-CA-IP Cross-address-space BTB-CA-OP Spectre-BTB Spectre-type BTB-SA-IP Same-address-space BTB-SA-OP RSB-CA-IP Cross-address-space RSB-CA-OP Spectre-RSB Spectre-STL RSB-SA-IP Same-address-space RSB-SA-OP Meltdown-US-L1 Transient cause Meltdown-US Meltdown-US-LFB Meltdown-US-SB Meltdown-NM-REG Meltdown-P-L1 Meltdown-PF Meltdown-P-LFB Meltdown-P Meltdown-P-SB Meltdown-RW Meltdown-P-LP Meltdown-PK-L1 Meltdown-SM-SB Meltdown-type Meltdown-MPX Meltdown-BR Meltdown-BND Meltdown-CPL-REG Meltdown-GP Meltdown-NC-SB Meltdown-AD-LFB Meltdown-AD Meltdown-MCA Meltdown-AD-SB Meltdown-AVX-LP 18 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  25. ?

  28. LVI: The basic idea 20 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  29. LVI: The basic idea 20 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  30. LVI: The basic idea 20 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  31. LVI: The basic idea 20 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  32. LVI: The basic idea 20 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  33. LVI: The basic idea 20 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  35. Enclaves to the rescue! App App Enclave app OS kernel Hypervisor TPM CPU Mem HDD Intel SGX promise: hardware-level isolation and attestation 21 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  36. Intel Sofware Guard Extensions (SGX) Application Untrusted part Trusted part Create Enclave Call Gate Trusted Fnc. Call Trusted Fnc. Return . . . Operating System 22 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  37. Intel SGX: A look under the hood paging unit SGX checks logical address physical address • SGX machinery protects against direct address remapping attacks 23 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  38. Intel SGX: A look under the hood paging unit SGX checks logical address physical address page fault (#PF) • SGX machinery protects against direct address remapping attacks • ...but untrusted address translation may fault during enclaved execution (!) 23 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  39. Intel SGX: A look under the hood paging unit SGX checks logical address physical address page fault (#PF) We can arbitrarily provoke page faults for trusted enclave loads! 23 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

  40. A toy example 1 void c a l l v i c t i m ( s i z e t untrusted arg ) 2 { * arg copy = untrusted arg ; 3 array [ **trusted ptr * 4096]; 4 5 } 24 Daniel Gruss, Daniel Moghimi, Jo Van Bulck

Recommend

More recommend