microscope enabling microarchitectural replay attacks
play

MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios - PowerPoint PPT Presentation

Jun 15, 2023 •529 likes •965 views

MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, and Christopher W. Fletcher Presented by Mengjia Yan MIT 6.888 Fall 2020 Why this paper? We have read

  1. MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, and Christopher W. Fletcher Presented by Mengjia Yan MIT 6.888 Fall 2020

  2. Why this paper? We have read a couple of attack papers, e.g., Spectre/Meltdown, Prime+Probe. Why read this paper? What is new here at a high level?

  3. Threat Model: Trusted Computing with SGX • OS/Hypervisor are untrusted • OS/Hypervisor cannot introspect/tamper enclave • Unfortunately, OS/Hypervisor still manages demand paging Attack Surface With Enclaves Attacker (OS) can: App App App • Manage page tables Operating System • Evict TLB entries Hypervisor • Evict page walk cache entries Hardware • Monitor side channels Attack Surface

  4. Recap: Address Translation Virtual Address Space (Programmer's View) Physical Address Space (limited by DRAM size) Page Table per process VA PA 4KB 4KB 4KB 4KB System software handles “page fault” 4

  5. Background: Page Fault • Page fault: access to a page that is • Unmapped • Invalid • Wrong access rights • Exception is generated → Run page fault handler • Page fault handler = Operating system (untrusted)

  6. Controlled Side Channels • OS can monitor enclaves access pattern at the granularity of page • After enclave start, remove access from all process pages (mark page not present) • Access will cause a page fault • Upon receiving a fault, the handler: if (secret = 1) • Logs the requested page access page A • Enables access to the page else access page B • Removes access to the previous page Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems; Xu et al. S&P’15

  7. Microscope Overview

  8. Motivation: Leakage over side channels Attacker: Victim: for .. if ( secret ) t1 = time() use resource use resource else t2 = time() don’t use resource • Need repeated measurements to be confident à Denoise • However, many applications run only once à Attacker gets 1 measurement • Can attackers really extract secrets?

  9. Overview: Microarchitectural Replay Attacks • Attacker leverages speculative execution } • To repeatedly replay a snippet of victim code Primitive to denoise arbitrary • That runs only once side channels Victim : Memory operation that will cause ld addr // “replay handle” a squash and re-execute … ld secret // secret the attacker tries to leak

  10. Contribution: Microarchitectural Replay Attacks Time Issue Replay Long Latency ld addr: Handle Event

  11. Contribution: Microarchitectural Replay Attacks Time Issue Replay Long Latency Event ld addr: Handle Speculative ld secret: Execution of Secret

  12. Contribution: Microarchitectural Replay Attacks Time Issue Replay Squash Clear Long Latency Event ld addr: Handle Event State ld secret: Speculative Execution of Secret Squash

  13. Contribution: Microarchitectural Replay Attacks Issue Replay Squash Clear Long Latency Event ld addr: Handle Event State ld secret: Speculative Execution of Secret Squash Replay!! Cause Shared Resource Contention & Monitor

  14. Strengths • Opens large new attack surface (for noisy side channels) • Exploits vulnerabilities of correct speculation • Dynamic instructions can be replayed through controlled squashes • Different from Spectre/Meltdown that exploits incorrect speculation • Demonstrate attacks on notoriously noisy side channels • Make impractical attacks possible

  15. Weaknesses • Is it really practical? • Attacker side: • Malicious OS • Control TLB/page mapping • Victim side: • The replay handler and the transmitter need to be in the ROB simultaneously • The replay handler and the transmitter needs to access different pages

  16. Page Tables Background Virtual Address 47 … 39 38 … 30 29 … 21 20 … 12 11 … 0 Virtual address 9-bits 9-bits 9-bits 9-bits Page Offset + pgd _t CR3 + pud_t + pmd_t + pte_t TLB Entry PGD PUD PMD PTE • Page tables stored in memory • On a TLB Miss à “ page walk ” = memory accesses • Each step of page walk = cache hit/miss. • Page walk cache (PWC): hardware cache of translations • If Present bit in pte_t is cleared à Page Fault, invoke OS

  17. Attack Examples Victim Code Loop Victim Code: 1. for i in ... 1. //public address 2. handle(pub_addrA); 2. handle(pub_addr); 3. ... 3. ... 4. transmit(secret[i]); 4. transmit(secret); 5. ... 5. ... 6. memOp(pub_addrB); 7. ...

  18. Terminology Victim Code Replay handle: • Load to a public address (known to OS) 1. //public address 2. handle(pub_addr); 3. ... 4. transmit(secret); 5. ... Transmitter: • Any instruction(s) whose execution reveals secret through some side channel • Occurs < ROB length from Replay Handle

  19. Timeline of a MicroScope Attack - Setup Attack Setup Time Attacker Victim

  20. Timeline of a MicroScope Attack - Setup Clear PTE Present Bit of Replay Handle Attack Setup Time Attacker Victim

  21. Timeline of a MicroScope Attack - Setup Clear PTE Flush Replay Handle Present Bit of Replay Handle Page Table Entries Attack Setup Time Attacker Victim

  22. Timeline of a MicroScope Attack - Setup Clear PTE Flush Replay Handle Flush Replay Handle Present Bit of Replay Handle Page Table Entries TLB Entry Attack Setup Time Attacker Victim

  23. Timeline of a MicroScope Attack Attack Setup Time Issue Replay handle(pub_addr): Handle Attacker Victim

  24. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB handle(pub_addr): Handle Miss Attacker Victim

  25. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB L2 TLB handle(pub_addr): Handle Miss Miss Speculative Execution transmit(secret): of Transmitter Attacker Victim

  26. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB L2 TLB PWC handle(pub_addr): Handle Miss Miss Miss Speculative Execution of transmit(secret): Transmitter Attacker Victim

  27. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Speculative Execution of Transmitter transmit(secret): Attacker Victim

  28. Timeline of a MicroScope Attack Tune speculative execution duration with: Attack Cache Hit or Miss Setup Time Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Speculative Execution of Transmitter transmit(secret): Attacker Victim

  29. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Speculative Execution of Transmitter transmit(secret): Attacker Victim

  30. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Speculative Execution of Transmitter Squash transmit(secret): Attacker Victim

  31. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Attacker Victim

  32. Timeline of a MicroScope Attack Page Fault Attack Handler Setup Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Attacker Victim

  33. Timeline of a MicroScope Attack Page Fault Flush Replay Handle Attack Handler Page Table Entries Setup Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Attacker Victim

  34. Timeline of a MicroScope Attack Attack Setup Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Replay!! Attacker Victim

  35. Timeline of a MicroScope Attack Attack Setup Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Attacker Victim

  36. Timeline of a MicroScope Attack Attack Setup Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Attacker Victim

  37. Timeline of a MicroScope Attack Attack Setup Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Replay!! Cause Shared Resource Contention & Monitor Attacker Victim Attacker Monitor/Contention thread

Recommend

Microarchitectural Attacks and Heterogenous Cloud Computing By Daniel Moghimi PhD Candidate

Microarchitectural Attacks and Heterogenous Cloud Computing By Daniel Moghimi PhD Candidate

Microarchitectural Attacks and Heterogenous Cloud Computing By Daniel Moghimi PhD Candidate Worcester Polytechnic Institute (WPI) @danielmgmi Outline Data Dependency SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks

663 views • 28 slides
NFC Payments: The Art of Relay &amp; Replay Attacks Who are we? Troopers 2018? NFC

NFC Payments: The Art of Relay &amp; Replay Attacks Who are we? Troopers 2018? NFC

NFC Payments: The Art of Relay &amp; Replay Attacks Who are we? Troopers 2018? NFC Replay/Relay @Netxing @L_AGalloway Content Terminology Replay Attack Intro to NFC Relay Attack EMV Flow Process Extracting

1.09k views • 65 slides
A Flight Data Recorder for Enabling Full-system Multiprocessor Deterministic Replay M. Xu

A Flight Data Recorder for Enabling Full-system Multiprocessor Deterministic Replay M. Xu

A Flight Data Recorder for Enabling Full-system Multiprocessor Deterministic Replay M. Xu et al., ISCA 03 Slides by Bin Xin for CS590F Spring 2007 Overview Faithful replay of execution essential for debugging Non-determinism

343 views • 23 slides
Microarchitectural Attacks: Protecting Cloud Accelerators By Ahmad Daniel Moghimi PhD

Microarchitectural Attacks: Protecting Cloud Accelerators By Ahmad Daniel Moghimi PhD

Microarchitectural Attacks: Protecting Cloud Accelerators By Ahmad Daniel Moghimi PhD Candidate Worcester Polytechnic Institute (WPI) @danielmgmi OUTLINE Summary of Recent Contributions: Microarchiture MemJam Intel SGX

950 views • 52 slides
Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography for the Internet of Things and Cloud Ruhr-Universitt Bochum Outline Cloud and Cryptography Co-Location in the Cloud Cache Attacks in the

2.23k views • 37 slides
NFC Payments: The Art of Relay &amp; Replay Attacks Who am I? Security Researcher

NFC Payments: The Art of Relay &amp; Replay Attacks Who am I? Security Researcher

NFC Payments: The Art of Relay &amp; Replay Attacks Who am I? Security Researcher Samsung Pay Exploiting Mag-stripe info with Bluetooth audio Co-founder of Women in Tech Fund @Netxing (WomenInTechFund.org) Content

1.07k views • 73 slides
A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara

A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara

ASIAN07 A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara Bodei 2 , Pierpaolo Degano 2 , Hanne Riis Nielson 1 Informatics and Mathematics Modelling, Technical University of Denmark 1 Dipartimento di

435 views • 20 slides
ReVirt Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap

ReVirt Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap

ReVirt Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap Samuel Talmadge King Sukru Cinar Murtaza Basrai Peter M. Chen University of Michigan Introduction: Security

531 views • 34 slides
Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University

Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University

SpectreGuard: An Efficient Data-centric Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University of Kansas 1 Speculative Execution Attacks Attacks exploiting microarchitectural side-effects of

499 views • 21 slides
Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS REMINDER 2: Security Services in X.800 Authentication 1. Pear entity authentication Data origin authentication Access Control 2.

618 views • 13 slides
Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with

Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with

Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with Execution Sketching on Multiprocessors Soyeon Park , Yuanyuan Zhou University of California, San Diego Weiwei Xiong, Zuoning Yin, Rini Kaushik, Kyu H.

749 views • 29 slides
Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi @danielmgmi https://moghimi.org Security Researcher PhD Candidate @ WPI Microarchitectural Attacks Side Channels Breaking Crypto

1.2k views • 71 slides
www.m-shot.com Biological microscope Introcuction Biological microscope ML31 is a high quality

www.m-shot.com Biological microscope Introcuction Biological microscope ML31 is a high quality

www.m-shot.com Biological microscope Introcuction Biological microscope ML31 is a high quality compound biological microscope equipment with infinity optical system and LED light. It is idea for laboratory microscopy purpose of biological tissue

459 views • 9 slides
June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

716 views • 33 slides
November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

436 views • 28 slides
February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

854 views • 34 slides
Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck

Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck

Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck Frank Piessens Raoul Strackx imec-DistriNet, KU Leuven ACM CCS, October 2018 Microarchitectural side-channels and where to find them CPU cache

709 views • 47 slides
Protean General Purpose Guard (PGPG): Detecting and Mitigating Cache-based Microarchitectural

Protean General Purpose Guard (PGPG): Detecting and Mitigating Cache-based Microarchitectural

Protean General Purpose Guard (PGPG): Detecting and Mitigating Cache-based Microarchitectural Attacks Using Protean Code Jeremy Erickson Akshitha Sriraman Sai Gouravajhala jericks@umich.edu akshitha@umich.edu sairohit@umich.edu EECS 583:

331 views • 12 slides
Replay, Relay and Inverse-Sybil Attacks on Proximity Tracing Apps Krzysztof Pietrzak 2020

Replay, Relay and Inverse-Sybil Attacks on Proximity Tracing Apps Krzysztof Pietrzak 2020

Replay, Relay and Inverse-Sybil Attacks on Proximity Tracing Apps Krzysztof Pietrzak 2020 Eurocrypt Rump Session, May 13th, Living Room Proximity Tracing . . . 8GD45AF3 8GD45AF3 . . . 8GD45AF3 Proximity Tracing . . . 8GD45AF3 8GD45AF3

223 views • 19 slides
2019 NFHS FOOTBALL RULES CHANGES POSTSEASON INSTANT REPLAY RULES 1-3-7 NOTE (NEW), TABLE 1-7

2019 NFHS FOOTBALL RULES CHANGES POSTSEASON INSTANT REPLAY RULES 1-3-7 NOTE (NEW), TABLE 1-7

2019 NFHS FOOTBALL RULES CHANGES POSTSEASON INSTANT REPLAY RULES 1-3-7 NOTE (NEW), TABLE 1-7 1-3-7 NOTE (NEW) By adoption, state associations may create instant replay procedures that permit game or replay officials to use a replay

716 views • 40 slides
How do you choose the optimal microscope/camera combinations? What do you need? How do you

How do you choose the optimal microscope/camera combinations? What do you need? How do you

C-CINA.org How do you choose the optimal microscope/camera combinations? What do you need? How do you validate your instrument performance? How many people does each microscope serve? How do you schedule time to optimize the

594 views • 14 slides
Capture-Replay Tests in J2ME Testy capture-replay w rodowisku J2ME Marcin Zduniak Bartosz

Capture-Replay Tests in J2ME Testy capture-replay w rodowisku J2ME Marcin Zduniak Bartosz

Capture-Replay Tests in J2ME Testy capture-replay w rodowisku J2ME Marcin Zduniak Bartosz Walter Dawid Weiss Institute of Computing Science Poznan University of Technology 2007 Participants Motivation RobotME Summary Who is who

806 views • 53 slides
Microscope)Imaging) Colin)Sheppard) Nano5Physics)Department)

Microscope)Imaging) Colin)Sheppard) Nano5Physics)Department)

Microscope)Imaging) Colin)Sheppard) Nano5Physics)Department) Italian)Ins:tute)of)Technology)(IIT)) Genoa,)Italy) colinjrsheppard@gmail.com) Op:cal)microscope) Objec:ve)lens) Numerical)aperture)( n )sin) ) &quot;

922 views • 26 slides
How to best use your microscope Matuhijn Vos 7th of November 2014 13/11/14 SPA revolutjon S

How to best use your microscope Matuhijn Vos 7th of November 2014 13/11/14 SPA revolutjon S

How to best use your microscope Matuhijn Vos 7th of November 2014 13/11/14 SPA revolutjon S c i CELL e n c e Nature Confjdentjal 2 13/11/14 What NOT to do: -You do NOT need to realign your microscope daily just out of routjne!

613 views • 36 slides

More recommend