microarchitectural attacks in the cloud
play

Microarchitectural Attacks in the Cloud Thomas Eisenbarth - PowerPoint PPT Presentation

Jan 06, 2024 •1.8k likes •2.23k views

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography for the Internet of Things and Cloud Ruhr-Universitt Bochum Outline Cloud and Cryptography Co-Location in the Cloud Cache Attacks in the

  1. Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography for the Internet of Things and Cloud Ruhr-Universität Bochum

  2. Outline • Cloud and Cryptography • Co-Location in the Cloud • Cache Attacks in the Cloud • Extracting Information across VM Boundaries • Stopping Microarchitectural Attacks Microachitectural Attacks in the Cloud - 2 Thomas Eisenbarth

  3. Cloud Computing • Computation outsourced to cloud servers • CSPs: many users on shared, homogeneous platforms • Users rent VMs, share same computer • What can go wrong? Microachitectural Attacks in the Cloud - 3 Thomas Eisenbarth

  4. Crypto in the Cloud • Crypto Libraries designed for Server-World – Attacks only via intended interfaces – Side Channels are minor concern – Fine-grain timing over network is difficult – If attacker monitors your CPU, bad crypto implementation is not your main problem • CSP: your VM shares hardware with 10 others – No worries, your data is secure Microachitectural Attacks in the Cloud - 4 Thomas Eisenbarth

  5. Microarchitectural Attacks? Modern CPUs microarchitecture: “Make the common case fast” • Branch Prediction • Speculative & Out of Order Execution • Multicore + Multi- processor System & Support • Several layers of Caches Microachitectural Attacks in the Cloud - 5 Thomas Eisenbarth

  6. Threats in IaaS clouds • IaaS clouds imply hardware sharing across co- located VMs  cost savings • Hypervisor/VMM ensures logic isolation between VMs. • Software designed for single-user server world ➢ Hardware leakages are still poorly protected, malicious VMs can still cause lots of damage. Guest OS #2 Spy Guest OS #1 Victim VM VM VMM Hardware Microachitectural Attacks in the Cloud - 6 Thomas Eisenbarth

  7. Microarchitectural Attacks: Threat in IaaS clouds? • Cache contention can reveal information about the victims process (Cross core & cross CPU) • DRAM accesses can be blocked & timed • Row hammer adjacent lines in DRAM can cause bit flips that can break isolation across VMs • Attackers have shown to recover cryptographic keys, passwords.. Guest OS #2 Spy Victim Guest OS #2 Guest OS #1 Spy Guest OS #1 Victim VM VM VM VM 1 0 1 0 1 1 1 1 0 0 1 0 0 1 1 1 1 1 0 1 0 1 0 1 1 1 1 0 0 1 0 1 1 1 1 1 1 0 DRAM Shared L3 CACHE Microachitectural Attacks in the Cloud - 7 Thomas Eisenbarth

  8. Co-location in the Cloud

  9. First Step: Co-Location First success in 2009 on AWS [RTS09]: 1. Launch many instances on cloud * In Sept 2008 2. Check if any are co-located • How to detect Co-location? – Logical Side Channels: Ping time, IP address of instance or hypervisor? – Arch. Side Channels: Disk Load? [RTSS09] Ristenpart, T., Tromer, E., Shacham, H., and Savage, S. Hey, You, Get off of My Cloud: Exploring Information Leakage in Third- 9 party Compute Clouds. ACM CCS '09

  10. Co-Location Now? AWS EC2: – Ping is constant time – HDDs replaced with SSDs – Dom0 IPs hidden – Logical side channels are closed ➢ New Co-location detection needed – Cache Covert Channel Architectural Side Channels – Software Profiling in LLC  difficult to prevent – Memory Bus Locking [XWW15] XU, Z., WANG, H., AND WU, Z. A measurement study on co-residence threat inside the cloud . USENIX Security 15 [VZRS15] VARADARAJAN, ZHANG, RISTENPART, AND SWIFT: A placement vulnerability study in multi-tenant public clouds . USENIX Security 15 10 [IGES16] Inci, Gulmezoglu, Eisenbarth, Sunar: Co-location Detection on the Cloud COSADE 16

  11. Memory Bus Locking • Atomic Instructions: ensure memory Line n data coherency and synchronization – CMPXCHG, FADDL, XADDL etc. data Line n+1 • Atomic instruction on a cache line – The cache line is locked • For data spanning multiple cache lines, locking single cache line not sufficient • Latest Intel CPUs flush the memory operations – From pipelines of all cores and CPUs – Works in multi-socket systems • Results in a significant performance penalty to other applications Microachitectural Attacks in the Cloud - 11 Thomas Eisenbarth

  12. Investigating Logical Channels in Azure Azure IaaS: 2nd largest IaaS, fastest growing Cloud? • Strategy: Use bus locking (µArch channel) as ground truth to identify logical channels  cheaper, faster, stealthy • Experiment setup: – 4 different accounts: East US2 region – 20 single/dual VMs per account – 0.75GB RAM; Ubuntu 14.04 – Azure command line interface ➢ 120 co-located pairs ➢ Private IPs: 60 machines per subnet ➢ All co-located machines in same /16 subnet Microachitectural Attacks in the Cloud - 12 Thomas Eisenbarth

  13. NetCold: deriving the identity of co-resident VMs [IIES16] Co-resident VMs reside in same subnets + share MAC vID • NetCold : retrieve identities of co-resident servers 1. Checking the internal IP address and the MAC ID  Co-residency 2. Connect Internal IP to Identity – If internal port open: retrieve service (e.g. HTTP) directly – If internal port closed: scan external IP specifying the MAC address If the VM is co-resident and MAC address matches  response; else no response [IIES16] Inci, Irazoqui, Eisenbarth, Sunar: Efficient, Adversarial Neighbor Discovery using Logical 13 Channels on Microsoft Azure ACSAC 2016

  14. Co-location is Feasible • Co-residence inherent to resource sharing • CSPs cannot prevent it, but can hinder detection • Logical Side Channels: – cheap, fast, stealthy, but preventable by ISP • Arch. Side Channels: – difficult to prevent  remain open – harder to exploit Microachitectural Attacks in the Cloud - 14 Thomas Eisenbarth

  15. Cache Attacks

  16. Cache as Cross-VM Side Channel • Adversary and victim share full access to cache • Cross Core: Last Level Cache (L3 Cache) accesses • Cache Access cannot be virtualized (70x slowdown) Microachitectural Attacks in the Cloud - 16 Thomas Eisenbarth

  17. How to track victim’s data? Deduplication • Keeps only one copy of duplicate data in RAM – K ernel S ame page M erging in Linux and KVM – T ransparent P age S haring in VMware VMM – Solutions for Xen available as well  Is now an opt-in feature for VMMs! (Default for OSs) Source: • When Target VM accesses page – page copied to cache: copy in shared LLC – Subsequent Spy VM access also faster!  Spy can detect Target VMs accesses to known pages Microachitectural Attacks in the Cloud - 17 Thomas Eisenbarth

  18. Flush+Reload Attack: Concept Steps: 1. Flush desired memory lines 2. Wait for some time 3. Reload memory lines and measure reload time. Victim Spy Private L1/L2 CACHE Slow reload time Fast reload time Shared L3 CACHE Clean detection if monitored memory line was accessed Memory 18

  19. How to get crypto keys? Detect key-dependent cache accesses: • RSA/ElGamal: 250 Decryption First Secret Second Secret Exponent (dp) Start Exponent (dq) 200 – Sliding window exponentiation 150 Reload time 100 – Occurrence of multiplicands in 50 0 cache reveals key bits 0 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000 11000 timeslot • AES: – T-table implementation: Xors and table lookups – Detect t-table access in last round (table entry corresponding to 𝑑 𝑗 is always in LLC) [YF14] Y Yarom, KE Falkner Flush+ Reload: a High Resolution, Low Noise, L3 Cache Side-Channel Attack, USENIX Security 2014 Microachitectural Attacks in the Cloud - 19 Thomas Eisenbarth [IIES14] Irazoqui, G., Inci, M. S., Eisenbarth, T., & Sunar, B. Wait a minute! A fast, Cross-VM attack on AES . RAID 2014

  20. Are Cross-VM Cache Attacks Realistic? Cross-VM Flush+Reload Attacks work if • Server has a shared level of cache • Attacker and the victim are physically co- located • VMM implements memory deduplication • Memory Deduplication can enable Cross-VM cache attacks – http://kb.vmware.com/kb/2080735 Microachitectural Attacks in the Cloud - 20 Thomas Eisenbarth

  21. Cross-VM Cache Attacks

  22. Cache Attacks? • Cache Attacks are old [Hu92] • Popular Method: Prime+Probe [OST06]: 1. Flush Prime memory lines fill monitored cache set with dummy data: eviction set 2. Wait for some time 3. Reload Probe memory lines read eviction set data and time read • Problems: – Usually only applied on L1-cache (64kb)  not cross-core – L3-Cache is too large(25MB!) and not controllable? Solution : Huge Pages give control of L3$ to spy Microachitectural Attacks in the Cloud - [Hu92] Hu, W.-M. (Digital Equipment Corp., Littleton, MA, USA) Lattice scheduling and covert channels. IEEE Oakland 92 22 Thomas Eisenbarth [OST06] DA Osvik, A Shamir, E Tromer Cache attacks and countermeasures: the case of AES . CT-RSA 2006

  23. Are Cross-VM Cache Attacks Realistic? Cross-VM Cache Attacks on crypto such as El Gamal [LY+15] or AES [IES15] work if • Server has a shared level of cache • Attacker and the victim are physically co- located • VMM implements memory deduplication [LY+15] Liu, F., Yarom, Y., Ge, Q., Heiser, G., & Lee, R. B. (2015). Last-Level Cache Side-Channel Attacks are Practical . (S&P 2015). Microachitectural Attacks in the Cloud - [IES15] Irazoqui, G., Eisenbarth, T., & Sunar, B. S$A: A shared cache attack that works across cores and defies VM sandboxing — and 23 Thomas Eisenbarth Its application to AES . 36th IEEE Symposium on Security and Privacy (S&P 2015)

Recommend

Microarchitectural Attacks and Heterogenous Cloud Computing By Daniel Moghimi PhD Candidate

Microarchitectural Attacks and Heterogenous Cloud Computing By Daniel Moghimi PhD Candidate

Microarchitectural Attacks and Heterogenous Cloud Computing By Daniel Moghimi PhD Candidate Worcester Polytechnic Institute (WPI) @danielmgmi Outline Data Dependency SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks

663 views • 28 slides
Microarchitectural Attacks: Protecting Cloud Accelerators By Ahmad Daniel Moghimi PhD

Microarchitectural Attacks: Protecting Cloud Accelerators By Ahmad Daniel Moghimi PhD

Microarchitectural Attacks: Protecting Cloud Accelerators By Ahmad Daniel Moghimi PhD Candidate Worcester Polytechnic Institute (WPI) @danielmgmi OUTLINE Summary of Recent Contributions: Microarchiture MemJam Intel SGX

950 views • 52 slides
MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava

MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava

MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, and Christopher W. Fletcher Presented by Mengjia Yan MIT 6.888 Fall 2020 Why this paper? We have read

965 views • 42 slides
Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University

Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University

SpectreGuard: An Efficient Data-centric Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University of Kansas 1 Speculative Execution Attacks Attacks exploiting microarchitectural side-effects of

499 views • 21 slides
Microarchitectural Analysis and Optimization Techniques Gunther Huebler Collaborators: Vincent

Microarchitectural Analysis and Optimization Techniques Gunther Huebler Collaborators: Vincent

Microarchitectural Analysis and Optimization Techniques Gunther Huebler Collaborators: Vincent Larson, John Dennis All the Work Presented Has Been Implemented in CLUBB (Cloud Layers Unified By Binormals) CLUBB is a model that solves a set of

435 views • 21 slides
Stratus: Clouds with Microarchitectural Resource Management Kaveh Razavi and Animesh Trivedi

Stratus: Clouds with Microarchitectural Resource Management Kaveh Razavi and Animesh Trivedi

Stratus: Clouds with Microarchitectural Resource Management Kaveh Razavi and Animesh Trivedi Once Upon a Time in the Cloud Large: 4 cores, 16 GB Medium: 2 cores, 8 GB Small: 1 core, 4 GB 2 Once Upon a Time in the Cloud Large: 4 cores, 16

852 views • 29 slides
Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi @danielmgmi https://moghimi.org Security Researcher PhD Candidate @ WPI Microarchitectural Attacks Side Channels Breaking Crypto

1.2k views • 71 slides
Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck

Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck

Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck Frank Piessens Raoul Strackx imec-DistriNet, KU Leuven ACM CCS, October 2018 Microarchitectural side-channels and where to find them CPU cache

709 views • 47 slides
Protean General Purpose Guard (PGPG): Detecting and Mitigating Cache-based Microarchitectural

Protean General Purpose Guard (PGPG): Detecting and Mitigating Cache-based Microarchitectural

Protean General Purpose Guard (PGPG): Detecting and Mitigating Cache-based Microarchitectural Attacks Using Protean Code Jeremy Erickson Akshitha Sriraman Sai Gouravajhala jericks@umich.edu akshitha@umich.edu sairohit@umich.edu EECS 583:

331 views • 12 slides
Intro to Microarchitectural Atacks Thomas Eisenbarth 12.06.2018 Summer School on Real-World

Intro to Microarchitectural Atacks Thomas Eisenbarth 12.06.2018 Summer School on Real-World

Intro to Microarchitectural Atacks Thomas Eisenbarth 12.06.2018 Summer School on Real-World Crypto & Privacy ibenik, Croata Outline Timing Attcks Ctche Attcks Cloud Ctche Attcks Speculttve Executon Attcks Preventng

434 views • 39 slides
Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security

Chapter 9 Cloud Security Contents Security in an interconnected world, cloud security risks. Attacks in a cloud environment, top threats. Security, a major concern for cloud users. Privacy. Trust. Operating systems

661 views • 38 slides
Keys to the Cloud: Formal Analysis and Concrete Application-level Attacks on Encrypted Web

Keys to the Cloud: Formal Analysis and Concrete Application-level Attacks on Encrypted Web

Keys to the Cloud Bansal, Bhargavan, Delignat-Lavaud, Maffeis Keys to the Cloud: Formal Analysis and Concrete Application-level Attacks on Encrypted Web Storage Crypto on the Web Motivations Formal analysis of cryptographic web

1.19k views • 106 slides
Evaluating the impact of eDoS attacks to cloud facilities Gian-Luca Dei Rossi 1 Mauro Iacono 2

Evaluating the impact of eDoS attacks to cloud facilities Gian-Luca Dei Rossi 1 Mauro Iacono 2

Evaluating the impact of eDoS attacks to cloud facilities Gian-Luca Dei Rossi 1 Mauro Iacono 2 Andrea Marin 1 1 Universit` a Ca Foscari Venezia 2 Seconda Universit` a di Napoli November 18, 2015 The setting Nowadays the use of cloud computing

454 views • 30 slides
Cache Attacks on the Cloud Thomas Eisenbarth Joint work with Gorka Irazoqui, Mehmet Sinan Inci,

Cache Attacks on the Cloud Thomas Eisenbarth Joint work with Gorka Irazoqui, Mehmet Sinan Inci,

Cache Attacks on the Cloud Thomas Eisenbarth Joint work with Gorka Irazoqui, Mehmet Sinan Inci, Berk Gulmezoglu and Berk Sunar Real World Cryptography 1/8/2016 Outline Cloud Computing and Isolation Extracting Information from Co-located

640 views • 24 slides
System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus

System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud Taesoo Kim, Marcus Peinado, Gloria Mainar-Ruiz MIT CSAIL Microsoft Research Security is a big concern in cloud adoption Why are cache-based side channel

588 views • 38 slides
Cloud-based Testbed for Simulation of Cyber Attacks D. Kouil, T. Rebok, T. Jirsk, J. egan,

Cloud-based Testbed for Simulation of Cyber Attacks D. Kouil, T. Rebok, T. Jirsk, J. egan,

Cloud-based Testbed for Simulation of Cyber Attacks D. Kouil, T. Rebok, T. Jirsk, J. egan, M. Draar, M. Vizvry, J. Vykopal { lastname }@ics.muni.cz IEEE/IFIP Network Operations and Management Symposium, NOMS 2014 5-9 May 2014, Krakow,

351 views • 19 slides
Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent

Catch me if you can A cloud based DdoS defense Mikal Fourrier DDoS attacks Goal: prevent the access to a computer system to it's legitimate users. DDoS: DoS attack on the network using a lot of different source IP Why:

327 views • 16 slides
Microarchitectural Mechanisms to Exploit Value Structure in SIMT Architectures Ji Kim,

Microarchitectural Mechanisms to Exploit Value Structure in SIMT Architectures Ji Kim,

Microarchitectural Mechanisms to Exploit Value Structure in SIMT Architectures Ji Kim, Christopher Torng, Shreesha Srinath, Derek Lockhart, and Christopher Batten Cornell University Cornell University IEEE/ACM International Symposium on

636 views • 31 slides
PipeProof: Automated Memory Consistency Proofs for Microarchitectural Specifications Yatin A.

PipeProof: Automated Memory Consistency Proofs for Microarchitectural Specifications Yatin A.

PipeProof: Automated Memory Consistency Proofs for Microarchitectural Specifications Yatin A. Manerkar , Daniel Lustig*, Margaret Martonosi, and Aarti Gupta Princeton University *NVIDIA MICRO-51 http:/ ://check.cs.p .princeton.edu/ Memory

1.36k views • 80 slides
Microarchitectural Cryptanalysis Daniel Moghimi Worcester Polytechnic Institute Committee

Microarchitectural Cryptanalysis Daniel Moghimi Worcester Polytechnic Institute Committee

Revisiting Isolated and Trusted Execution via Microarchitectural Cryptanalysis Daniel Moghimi Worcester Polytechnic Institute Committee Members: Prof. Donald R. Brown (Department Head) Prof. Thomas Eisenbarth (Co-advisor) Prof.

1.68k views • 138 slides
TUNING SLIDE Fast and Accurate Microarchitectural Simulation with ZSim Daniel Sanchez, Nathan

TUNING SLIDE Fast and Accurate Microarchitectural Simulation with ZSim Daniel Sanchez, Nathan

TUNING SLIDE Fast and Accurate Microarchitectural Simulation with ZSim Daniel Sanchez, Nathan Beckmann, Anurag Mukkara, Po-An Tsai MIT CSAIL MICRO-48 Tutorial December 5, 2015 Welcome! Agenda 4 8:30 9:10 Intro and Overview 9:10

1.53k views • 124 slides
Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core Fourth

Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core Fourth

Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core Fourth Workshop on Computer Architecture Research with RISC-V (CARRV 2020) May 29 th , 2020 Nils Wistoff Moritz Schneider Frank K. Grkaynak Luca Benini

750 views • 58 slides
Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come

Embracing Cloud Ian Apperley Agenda A little about me What is Cloud and where did it come from? Why Cloud? Cloud for small, medium, enterprise, and government Barriers to adoption Embracing Cloud Social Mobile Cloud

972 views • 45 slides
SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud

SAS and (the) Cloud Dave Annis SAS Solutions onDemand SAS and (the) Cloud Everyones Cloud Tour of the buzzwords, myths and realities Whats in store for me, the boss, the company, the industry? Your cloud, our cloud their

224 views • 19 slides

More recommend