nemesis studying microarchitectural timing leaks in
play

Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU - PowerPoint PPT Presentation

Jan 17, 2023 •225 likes •709 views

Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck Frank Piessens Raoul Strackx imec-DistriNet, KU Leuven ACM CCS, October 2018 Microarchitectural side-channels and where to find them CPU cache

  1. Nemesis: Studying Microarchitectural Timing Leaks in Rudimentary CPU Interrupt Logic Jo Van Bulck Frank Piessens Raoul Strackx imec-DistriNet, KU Leuven ACM CCS, October 2018

  3. Microarchitectural side-channels and where to find them CPU cache Branch prediction Address translation 1 / 14

  4. Microarchitectural side-channels and where to find them CPU cache Branch prediction Address translation 1 / 14

  5. Microarchitectural side-channels and where to find them Intel response [Int18] This is not a bug or a flaw . . . [side-channels] can’t be eliminated 1 / 14

  6. Microarchitectural side-channels and where to find them Intel response [Int18] This is not a bug or a flaw . . . [side-channels] can’t be eliminated ⇒ Systematically study microarchitectural leakage 1 / 14

  7. Nemesis: Studying rudimentary CPU interrupt logic Overview ⇒ Interrupts leak instruction execution times ⇒ Determine control flow in enclave programs 2 / 14

  8. Nemesis: Studying rudimentary CPU interrupt logic Overview ⇒ Interrupts leak instruction execution times ⇒ Determine control flow in enclave programs Research contributions ⇒ (First) remote µ -arch attack on embedded CPUs ⇒ Understanding CPU pipeline leakage (˜Meltdown) 2 / 14

  9. Back to basics: Fetch decode execute Fetch instruction Decode Execute 3 / 14

  10. Back to basics: Fetch decode execute Fetch instruction Decode Execute Interrupt 3 / 14

  11. Back to basics: Fetch decode execute Interrupts delayed till instruction retirement Fetch instruction Decode Execute Interrupt 3 / 14

  12. Wait a cycle: Interrupt latency as a side-channel CLK CMD NOP IRQ logic ISR IRQ CMD ADD IRQ logic ISR IRQ 4 / 14

  13. Wait a cycle: Interrupt latency as a side-channel CLK CMD NOP IRQ logic ISR IRQ CMD ADD IRQ logic ISR IRQ 4 / 14

  14. Enclaved execution adversary model App App Enclave app OS kernel Hypervisor TPM CPU Mem HDD Trusted Untrusted Intel SGX promise: hardware-level isolation and attestation 5 / 14

  15. Enclaved execution adversary model App App Enclave app OS kernel Hypervisor TPM CPU Mem HDD Trusted Untrusted Untrusted OS → new class of powerful side-channels 5 / 14

  16. Sancus: Open source trusted computing for the IoT Embedded enclaved execution: ISA extensions for isolation & attestation Save + clear CPU state on enclave interrupt Noorman et al. “Sancus 2.0: A Low-Cost Security Architecture for IoT devices”, TOPS 2017 [NVBM + 17] https://github.com/sancus-pma and https://distrinet.cs.kuleuven.be/software/sancus/ 6 / 14

  17. Sancus: Open source trusted computing for the IoT Embedded enclaved execution: ISA extensions for isolation & attestation Save + clear CPU state on enclave interrupt Extremely low-end processor (openMSP430): Area: ≤ 2 kLUTs Deterministic execution: no pipeline/cache/MMU/. . . No known microarchitectural side-channels (!) Noorman et al. “Sancus 2.0: A Low-Cost Security Architecture for IoT devices”, TOPS 2017 [NVBM + 17] https://github.com/sancus-pma and https://distrinet.cs.kuleuven.be/software/sancus/ 6 / 14

  18. Secure input-output with Sancus enclaves Driver enclave: Exclusive access to memory-mapped I/O device Van Bulck et al. “VulCAN: Vehicular component authentication and software isolation”, ACSAC 2017 [VBMP17] 7 / 14

  19. Secure input-output with Sancus enclaves Driver enclave: 16-bit vector indicates which keys are down PIN code enclave 0100000000000000 traverse bits 7 / 14

  20. Secure input-output with Sancus enclaves Attacker: Interrupt conditional control flow to infer secret PIN PIN code enclave 0100000000000000 traverse bits IRQ Key 'B' was pressed! 7 / 14

  21. Sancus IRQ timing attack: Inferring key strokes 4 IRQ latency 1 Instruction (interrupt number) Enclave x-ray: Start-to-end trace enclaved execution 8 / 14

  22. Sancus IRQ timing attack: Inferring key strokes 4 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 IRQ latency 1 Instruction (interrupt number) Enclave x-ray: Keymap bit traversal (ground truth) 8 / 14

  23. Sancus IRQ timing attack: Inferring key strokes 4 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 IRQ latency 1 4 0 (no press) 1 (key pressed) 0 (no press) IRQ latency (cycles) 3 2 1 Instruction (interrupt number) 8 / 14

  24. Interrupting and resuming Intel SGX enclaves Challenge: x86 execution time prediction (timer) � 9 / 14

  25. Interrupting and resuming Intel SGX enclaves SGX-Step: user space APIC timer + IRQ handling � SGX-Step user space Van Bulck et al. “SGX-Step: A practical attack framework for precise enclave execution control”, SysTEX 2017 [VBPS17] https://github.com/jovanbulck/sgx-step 9 / 14

  26. Microbenchmarks: Measuring x86 instruction latencies Latency distribution: 10,000 samples from benchmark enclave add lfence fscale rdrand Frequency nop IRQ latency (cycles) 10 / 14

  27. Microbenchmarks: Measuring x86 instruction latencies Timing leak: reconstruct instruction latency class add lfence fscale rdrand Frequency nop IRQ latency (cycles) 10 / 14

  28. Microbenchmarks: Measuring x86 cache misses Timing leak: reconstruct micro-architectural cache state load cache hit Frequency load cache miss IRQ latency (cycles) 11 / 14

  29. Microbenchmarks: Measuring x86 cache misses Timing leak: many more → see paper! load cache hit Frequency load cache miss IRQ latency (cycles) 11 / 14

  30. Single-stepping SGX enclaves in practice Enclave x-ray: Start-to-end trace enclaved execution IRQ latency (cycles) Instruction (interrupt number) 12 / 14

  31. Single-stepping SGX enclaves in practice Enclave x-ray: Spotting high-latency instructions rdrand (generate stack canary on enclave entry) IRQ latency (cycles) Instruction (interrupt number) 12 / 14

  32. Single-stepping SGX enclaves in practice Enclave x-ray: Zooming in on bsearch function IRQ latency (cycles) Instruction (interrupt number) 12 / 14

  33. De-anonymizing enclave lookups Binary search: Find 40 in { 20, 30, 40, 50, 80, 90, 100 } 13 / 14

  34. De-anonymizing enclave lookups Adversary: Infer secret lookup in known array left right hit 13 / 14

  35. De-anonymizing enclave lookups Goal: Infer lookup → reconstruct bsearch control flow 7950 IRQ latency (cycles) 7800 Interrupt (instruction number) 13 / 14

  36. De-anonymizing enclave lookups Goal: Infer lookup → reconstruct bsearch control flow Hit Left Right 7950 IRQ latency (cycles) 7800 Interrupt (instruction number) 13 / 14

  37. De-anonymizing enclave lookups ⇒ Sample instruction latencies in secret-dependent path HLLL LLHL HHHH 7950 IRQ latency (cycles) 7800 Interrupt (instruction number) 13 / 14

  38. Conclusions Nemesis contributions ⇒ Understanding CPU interrupt leakage ⇒ (First) embedded + high-end µ -arch channel 14 / 14

  39. Conclusions Nemesis contributions ⇒ Understanding CPU interrupt leakage ⇒ (First) embedded + high-end µ -arch channel https://github.com/jovanbulck/nemesis 14 / 14

  40. References I Intel Corporation. Resources and response to side channel variants 1, 2, 3. intel.com/content/www/us/en/architecture-and-technology/side-channel-variants-1-2-3.html , 2018. S. Lee, M.-W. Shih, P. Gera, T. Kim, H. Kim, and M. Peinado. Inferring fine-grained control flow inside SGX enclaves with branch shadowing. In Proceedings of the 26th USENIX Security Symposium . USENIX Association, 2017. J. Noorman, J. T. M¨ uhlberg, and F. Piessens. Authentic execution of distributed event-driven applications with a small TCB. In 13th International Workshop on Security and Trust Management (STM’17) , vol. 10547 of LNCS , pp. 55–71, Heidelberg, 2017. Springer. J. Noorman, J. Van Bulck, J. T. M¨ uhlberg, F. Piessens, P. Maene, B. Preneel, I. Verbauwhede, J. G¨ otzfried, T. M¨ uller, and F. Freiling. Sancus 2.0: A low-cost security architecture for IoT devices. ACM Transactions on Privacy and Security (TOPS) , 2017. J. Van Bulck, J. T. M¨ uhlberg, and F. Piessens. VulCAN: Efficient component authentication and software isolation for automotive control networks. In Proceedings of the 33th Annual Computer Security Applications Conference (ACSAC’17) . ACM, 2017. J. Van Bulck, J. Noorman, J. T. M¨ uhlberg, and F. Piessens. Towards availability and real-time guarantees for protected module architectures. In Companion Proceedings of the 15th International Conference on Modularity (MASS’16) , pp. 146–151. ACM, 2016. J. Van Bulck, F. Piessens, and R. Strackx. SGX-Step: A practical attack framework for precise enclave execution control. In Proceedings of the 2nd Workshop on System Software for Trusted Execution , SysTEX’17, pp. 4:1–4:6. ACM, 2017. 15 / 14

  41. Appendix: Interrupting and resuming SGX enclaves 16 / 14

  42. Appendix: Sancus keypad application scenario MSP430 core while (poll_keypad()) INTERRUPT Timer_A SM_secure function poll_keypad : key_state = read_key_state() for i=0 to 15 do if key_state & (0x1<<i) then SM_driver MMIO secret_pin.add(keymap[i]) (asm) end if end for 17 / 14

  43. Appendix: Measuring x86 data dependencies Division: execution time ≈ dividend significant bits 18 / 14

  44. Appendix: Measuring x86 page table walks TLB miss: flush unprotected page table entries 19 / 14

  45. Appendix: Measuring x86 cache misses 20 / 14

Recommend

Plugging Side-Channel Leaks with Timing Information Flow Control Bryan Ford Yale University

Plugging Side-Channel Leaks with Timing Information Flow Control Bryan Ford Yale University

Plugging Side-Channel Leaks with Timing Information Flow Control Bryan Ford Yale University http://dedis.cs.yale.edu/ USENIX HotCloud, June 13, 2012 The Long History of Timing Attacks Cooperative attacks apply to: Mandatory Access

359 views • 21 slides
IC OFF THE RECORD: Direct access to leaked information related to the surveillance activities of

IC OFF THE RECORD: Direct access to leaked information related to the surveillance activities of

NSA PRISM Slides - IC OFF THE RECORD 11.06.18 14:18 2013 LEAKS 2014 LEAKS 2015 LEAKS 2016 LEAKS 2017 LEAKS 2018 LEAKS IC OFF THE RECORD: Direct access to leaked information related to the

480 views • 18 slides
Intro to Microarchitectural Atacks Thomas Eisenbarth 12.06.2018 Summer School on Real-World

Intro to Microarchitectural Atacks Thomas Eisenbarth 12.06.2018 Summer School on Real-World

Intro to Microarchitectural Atacks Thomas Eisenbarth 12.06.2018 Summer School on Real-World Crypto &amp; Privacy ibenik, Croata Outline Timing Attcks Ctche Attcks Cloud Ctche Attcks Speculttve Executon Attcks Preventng

434 views • 39 slides
Project Feasibility Status Future

Project Feasibility Status Future

The Nemesis The Nemesis Project Feasibility Status Future http://assets.bwbx.io/images/users/iqjWHBFdfxIU/ih42EzFSRhXo/v2/-1x-1.jpg

273 views • 16 slides
Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi @danielmgmi https://moghimi.org Security Researcher PhD Candidate @ WPI Microarchitectural Attacks Side Channels Breaking Crypto

1.2k views • 71 slides
Tagging Boosted Objects with Timing Detectors Matthew Klimek Cornell University Korea

Tagging Boosted Objects with Timing Detectors Matthew Klimek Cornell University Korea

Tagging Boosted Objects with Timing Detectors Matthew Klimek Cornell University Korea University HL/HE-LHC Workshop, 05 April 2018, FNAL Physics Opportunities Timing Detectors @ HL-LHC Both LHC Experiments are studying new timing detectors for

679 views • 10 slides
In the news Data Leaks Mar 19 Apr 19 Mar 18 shutdown after data leaks exposed user

In the news Data Leaks Mar 19 Apr 19 Mar 18 shutdown after data leaks exposed user

In the news Data Leaks Mar 19 Apr 19 Mar 18 shutdown after data leaks exposed user data passwords stored in readable format 1B 600M 0.5M Data Breaches Cost of a Data Breach Study www.ibm.com/security/data-breach

677 views • 35 slides
High Performance Design and Implementation of Nemesis Communication Layer for Two-sided and

High Performance Design and Implementation of Nemesis Communication Layer for Two-sided and

High Performance Design and Implementation of Nemesis Communication Layer for Two-sided and One-Sided MPI Semantics in MVAPICH2 Miao Luo, Sreeram Potluri, Ping Lai, Emilio P. Mancini, Hari Subramoni, Krishna Kandalla, Sayantan Sur, D. K. Panda

596 views • 34 slides
Nemesis: Preventing Web Authentication &amp; Access Control Vulnerabilities Michael Dalton ,

Nemesis: Preventing Web Authentication &amp; Access Control Vulnerabilities Michael Dalton ,

Nemesis: Preventing Web Authentication &amp; Access Control Vulnerabilities Michael Dalton , Christos Kozyrakis Stanford University Nickolai Zeldovich Massachusetts Institute of Technology Web Application Overview User: webdb User: httpd

446 views • 22 slides
Detecting Pipeline Leaks Whats the Right Approach? October 20, 2016 | Pipeline Safety

Detecting Pipeline Leaks Whats the Right Approach? October 20, 2016 | Pipeline Safety

Detecting Pipeline Leaks Whats the Right Approach? October 20, 2016 | Pipeline Safety Trust Conference New Orleans, LA Leak Detection Best Defense is Preventing Leaks from Occurring in First Place Proactive pipeline integrity

258 views • 7 slides
Microarchitectural Attacks: Protecting Cloud Accelerators By Ahmad Daniel Moghimi PhD

Microarchitectural Attacks: Protecting Cloud Accelerators By Ahmad Daniel Moghimi PhD

Microarchitectural Attacks: Protecting Cloud Accelerators By Ahmad Daniel Moghimi PhD Candidate Worcester Polytechnic Institute (WPI) @danielmgmi OUTLINE Summary of Recent Contributions: Microarchiture MemJam Intel SGX

950 views • 52 slides
Microarchitectural Attacks and Heterogenous Cloud Computing By Daniel Moghimi PhD Candidate

Microarchitectural Attacks and Heterogenous Cloud Computing By Daniel Moghimi PhD Candidate

Microarchitectural Attacks and Heterogenous Cloud Computing By Daniel Moghimi PhD Candidate Worcester Polytechnic Institute (WPI) @danielmgmi Outline Data Dependency SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks

663 views • 28 slides
Microarchitectural Analysis and Optimization Techniques Gunther Huebler Collaborators: Vincent

Microarchitectural Analysis and Optimization Techniques Gunther Huebler Collaborators: Vincent

Microarchitectural Analysis and Optimization Techniques Gunther Huebler Collaborators: Vincent Larson, John Dennis All the Work Presented Has Been Implemented in CLUBB (Cloud Layers Unified By Binormals) CLUBB is a model that solves a set of

435 views • 21 slides
AQUAPHONIE TOXIQUE TROTTOIR ABOUT THE SHOW AQUAPHONIE SUITE FOR LEAKS IN GLEE MAJOR! This

AQUAPHONIE TOXIQUE TROTTOIR ABOUT THE SHOW AQUAPHONIE SUITE FOR LEAKS IN GLEE MAJOR! This

SUITE FOR LEAKS IN GLEE MAJOR! AQUAPHONIE TOXIQUE TROTTOIR ABOUT THE SHOW AQUAPHONIE SUITE FOR LEAKS IN GLEE MAJOR! This aquatic celebration for all ages wont leave Acrobatic diving, fishing, swimming, sailboat anyone high and dry! Dive

407 views • 7 slides
The Hidden Nemesis: Backdooring Embedded Controllers Ralf-Philipp Weinmann University of

The Hidden Nemesis: Backdooring Embedded Controllers Ralf-Philipp Weinmann University of

The Hidden Nemesis: Backdooring Embedded Controllers Ralf-Philipp Weinmann University of Luxembourg ralf-philipp.weinmann@uni.lu Targets. Targets. You can be one, too. Assume I briefly have physical access your laptop. #FAIL for you, I

327 views • 30 slides
Debugging Memory Leaks in .NET CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM

Debugging Memory Leaks in .NET CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM

Debugging Memory Leaks in .NET CONTACT@ADAMFURMANEK.PL HTTP://BLOG.ADAMFURMANEK.PL FURMANEKADAM 1 18.07.2020 DEBUGGING MEMORY LEAKS IN .NET - ADAM FURMANEK About me Experienced with backend, frontend, mobile, desktop, ML, databases.

779 views • 40 slides
Microarchitectural Mechanisms to Exploit Value Structure in SIMT Architectures Ji Kim,

Microarchitectural Mechanisms to Exploit Value Structure in SIMT Architectures Ji Kim,

Microarchitectural Mechanisms to Exploit Value Structure in SIMT Architectures Ji Kim, Christopher Torng, Shreesha Srinath, Derek Lockhart, and Christopher Batten Cornell University Cornell University IEEE/ACM International Symposium on

636 views • 31 slides
NP-Completeness : Concepts Why Studying NP-Completeness ? Pursuing your

NP-Completeness : Concepts Why Studying NP-Completeness ? Pursuing your

NP-Completeness : Concepts Why Studying NP-Completeness ? Pursuing your Ph.D. Keeping your job Before studying NP-completeness : I cant find an efficient algorithm, I guess Im just too dumb. 1 After studying

770 views • 34 slides
PipeProof: Automated Memory Consistency Proofs for Microarchitectural Specifications Yatin A.

PipeProof: Automated Memory Consistency Proofs for Microarchitectural Specifications Yatin A.

PipeProof: Automated Memory Consistency Proofs for Microarchitectural Specifications Yatin A. Manerkar , Daniel Lustig*, Margaret Martonosi, and Aarti Gupta Princeton University *NVIDIA MICRO-51 http:/ ://check.cs.p .princeton.edu/ Memory

1.36k views • 80 slides
Microarchitectural Cryptanalysis Daniel Moghimi Worcester Polytechnic Institute Committee

Microarchitectural Cryptanalysis Daniel Moghimi Worcester Polytechnic Institute Committee

Revisiting Isolated and Trusted Execution via Microarchitectural Cryptanalysis Daniel Moghimi Worcester Polytechnic Institute Committee Members: Prof. Donald R. Brown (Department Head) Prof. Thomas Eisenbarth (Co-advisor) Prof.

1.68k views • 138 slides
Corrosion Mitigation What is the Problem? Leaks leading to: Wastage Lost

Corrosion Mitigation What is the Problem? Leaks leading to: Wastage Lost

Storage Tank Corrosion Mitigation What is the Problem? Leaks leading to: Wastage Lost resources Environmental damage What is the Problem? Corrosion is the main cause of these leaks. Other causes could be environmental

787 views • 55 slides
TUNING SLIDE Fast and Accurate Microarchitectural Simulation with ZSim Daniel Sanchez, Nathan

TUNING SLIDE Fast and Accurate Microarchitectural Simulation with ZSim Daniel Sanchez, Nathan

TUNING SLIDE Fast and Accurate Microarchitectural Simulation with ZSim Daniel Sanchez, Nathan Beckmann, Anurag Mukkara, Po-An Tsai MIT CSAIL MICRO-48 Tutorial December 5, 2015 Welcome! Agenda 4 8:30 9:10 Intro and Overview 9:10

1.53k views • 124 slides
Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core Fourth

Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core Fourth

Prevention of Microarchitectural Covert Channels on an Open-Source 64-bit RISC-V Core Fourth Workshop on Computer Architecture Research with RISC-V (CARRV 2020) May 29 th , 2020 Nils Wistoff Moritz Schneider Frank K. Grkaynak Luca Benini

750 views • 58 slides
Timing Analysis Timing Path Groups and Types Timing paths are grouped into path groups

Timing Analysis Timing Path Groups and Types Timing paths are grouped into path groups

Introduction to Digital VLSI Logic Synthesis Timing Analysis Timing Path Groups and Types Timing paths are grouped into path groups according to the clock associated with the endpoint of the path. There is a default path group that

541 views • 18 slides

More recommend