o n s ubnormal f loating p oint and a bnormal t iming
play

O N S UBNORMAL F LOATING P OINT AND A BNORMAL T IMING Marc Andrysco, - PowerPoint PPT Presentation

Nov 22, 2023 •180 likes •651 views

O N S UBNORMAL F LOATING P OINT AND A BNORMAL T IMING Marc Andrysco, David Kohlbrenner, Keaton Mowery, Ranjit Jhala, Sorin Lerner, and Hovav Shacham UC San Diego 2 3 L ETS RUN SOME CODE Subnormal Floating Normal Floating Point Point 4 L ETS

  1. O N S UBNORMAL F LOATING P OINT AND A BNORMAL T IMING Marc Andrysco, David Kohlbrenner, Keaton Mowery, Ranjit Jhala, Sorin Lerner, and Hovav Shacham UC San Diego

  2. 2

  3. 3

  4. L ETS RUN SOME CODE Subnormal Floating Normal Floating Point Point 4

  5. L ETS RUN SOME CODE Subnormal Floating Normal Floating Point Point 0.204s 4.332s 5

  6. 20 TIMES SLOWER ?  Who knew?  Numerical analysts  CPU designers  Game engine authors 6

  7. 20 TIMES SLOWER ?  Who knew?  Numerical analysts  CPU designers  Game engine authors  Who should know?  “What Every Computer Scientist Should Know About Floating-Point Arithmetic” – Goldberg ’91 7

  8. 20 TIMES SLOWER ?  Who knew?  Numerical analysts  CPU designers  Game engine authors  Who should know?  “What Every Computer Scientist Should Know About Floating-Point Arithmetic” – Goldberg ’91  Academic researchers claim to “effectively close[s] all known remotely exploitable channels” 8  Specifically referring to timing side channels!

  9. F LOATING P OINT AND T IMING 9

  10. W HAT HAPPENED ?  IEEE 754 specifies subnormal floating point values 10

  11. F LOATING P OINT N ORMAL AND S UBNORMAL   Value = (−1) 𝑡𝑗𝑕𝑜 ∗ 𝑡𝑗𝑕𝑜𝑗𝑔𝑗𝑑𝑏𝑜𝑒 ∗ 2 (𝑓𝑦𝑞𝑝𝑜𝑓𝑜𝑢−𝑐𝑗𝑏𝑡)  The exponent is non-zero  Normal values have an implicit leading 1 -bit on the significand  A subnormal value is a special encoding  The exponent is all zeroes 11  The significand has an implicit leading 0 -bit

  12. S UBNORMAL D ETAILS  Subnormal ranges (double)  Minimum: ~4.9 × 10 −324  Maximum: ~2.23 × 10 −308  Planck length: 1.6 × 10 −35 m  Why?  Extend the range of floating point  Graceful underflow if(a != b) 12 x = c / (a-b);

  13. W HAT HAPPENED ?  IEEE 754 specifies subnormal floating point values  FPUs are optimized for pure speed  Subnormals are not the common case  So let's pretend they don't matter!  Subnormals are a hardware slowpath  The Alpha trapped to kernel for subnormals!  Most GPUs don’t support them 13

  14. F LOATING P OINT IS A S ECURITY I SSUE  Ilya Mironov on Laplacian noise generation  Lack of dependable results 14  gcc – O1 vs gcc – O3

  15. L EVERAGING SUBNORMAL FLOATING POINT INTO ATTACKS 15

  16. F LOATING P OINT AS A S IDE -C HANNEL  Code that operates on secret and attacker values can result in timing side channels  From instruction traces  Or memory access patterns  Or IO usage  Etc.  We present the first instruction data based timing side channel attack on a commodity desktop processor  Proposed by Kocher 20 years ago! 16

  17. F LOATING P OINT H ARDWARE D ATA Core i7-3667U SSE and x87 Atom D2550 SSE and x87 17

  18. A MPLIFYING T IMING D IFFERENCES  Even a 100 cycle difference is hard to spot  Especially with a loaded system 18

  19. A MPLIFYING T IMING D IFFERENCES  Even a 100 cycle difference is hard to spot  Especially with a loaded system  We need an amplifier  Remember our sample code?  We need tight math loops 19

  20. D ETOUR T IME ! Firefox SVG Filters and Previous Attacks 20

  21. F IREFOX SVG F ILTERS  Turn this 21

  22. F IREFOX SVG F ILTERS  Into this! <svg><filter> <feGaussianBlur stdDeviation="3"/> </filter></svg> 22

  23. F IREFOX SVG F ILTERS  CSS defined filters  <div>  <iframe>  Really any element  Run various functions  convolve  blur  skew  gradient  clipping 23  Stackable!

  24. F IREFOX SVG F ILTER T IMING A TTACK  See Paul Stone’s “Pixel Perfect Timing Attacks with HTML 5” 24

  25. F IREFOX SVG F ILTER T IMING A TTACK  See Paul Stone’s “Pixel Perfect Timing Attacks with HTML 5” 25

  26. F IREFOX SVG F ILTER T IMING A TTACK  See Paul Stone’s “Pixel Perfect Timing Attacks with HTML 5” 26

  27. F IREFOX SVG F ILTER T IMING A TTACK  See Paul Stone’s “Pixel Perfect Timing Attacks with HTML 5” 27

  28. P AUL S TONE ’ S SVG T IMING S IDE C HANNEL  Relied on a fast path optimization in the femorphology SVG filter  In cases of a solid color image, filter ran much faster  Fix was to write constant time code!  Took ~2 years to land, and 150+ comment bug thread  “the problem boils down to: how to implement constant -time 28 min(a, b) and max(a, b) in C ++?” – Bugzilla thread

  29. B ACK TO T HE P RESENT 29

  30. N EW F IREFOX SVG F ILTER A TTACK  Firefox SVG Filters are still ‘vulnerable’ pending a timing difference  We have a new timing side-channel source 30

  31. N EW F IREFOX SVG F ILTER A TTACK  Firefox SVG Filters are still ‘vulnerable’ pending a timing difference  We have a new timing side-channel source  SVG Filters run floating point math! 31

  32. N EW F IREFOX SVG F ILTER A TTACK  Firefox SVG Filters are still ‘vulnerable’ pending a timing difference  We have a new timing side-channel source  SVG Filters run floating point math!  We need an amplifier 32

  33. N EW F IREFOX SVG F ILTER A TTACK  We need an amplifier 33

  34. F IREFOX SVG F ILTERS AND S UBNORMALS 34

  35. F IREFOX SVG F ILTERS AND S UBNORMALS 1 × 𝑡 0 × 𝑡 35

  36. F IREFOX SVG F ILTERS AND S UBNORMALS 𝑡 + 𝑡 0+0 36

  37. F IREFOX SVG F ILTER T IMING A TTACK 37

  38. F IREFOX SVG F ILTERS A TTACK I MPACT  Firefox does not consider running SVG filters over foreign pixels a violation of SOP  We disagree  Cross Origin Resource Sharing (CORS) is the obvious solution 38

  39. R EADING P IXELS  From other origins  Reconstruct characters (OCR)  Extract usernames, login status, user information, etc  Blocked with frame options or CSP  From our origin  History sniffing 39

  40. A VOIDING F LOATING P OINT P ROBLEMS 40

  41. R ECOMMENDATIONS  Don’t use floating point in security critical code  Unpredictable results  Large timing variations  Highly processor and build dependent  Use Fixed Point if you need non-integer math 41

  42. L IB FTFP – F IXED T IME F IXED P OINT  C library implementing most math operations  Add, divide, etc  Transcendentals  Exponents, logs, etc  Variable Width  Constant time! (Probably!) 42

  43. B UILDING L IB FTFP  Techniques  No data dependent jumps ( && , if , etc.)  No known variable time instructions ( div , idiv , etc.)  No look-up tables (due to caching)  We cannot be 100% sure of the constant-ness of our code  Intel doesn’t release any information about instruction data dependency  We cannot exhaustively test processors and instruction arguments  Writing constant time code is a battle against all future processors and compilers 43  LibFTFP uses approximations

  44. L IB FTFP S TATISTICS  Comparing to hardware slightly unfair  Comparing to infinite precision software (MPFR) also slightly unfair 44 github.com/kmowery/libfixedtimefixedpoint

  45. T AKEAWAYS  Security critical code should omit floating point or be extremely careful  Writing provably constant time code is impossible  Intel? Some help here?  Browsers should require CORS/CSP for computing over all foreign data  Like pixels 45

  46. F UTURE W ORK  Firefox attack works on FF 23-27  Attack stopped working when filters changed to GPU  GPU floating point implementations  “On NVIDIA GPUs starting with the Fermi architecture […] multi-instruction sequences such as square root and […] reciprocal square root, must do extra work and take a slower path for denormal values “  Other math operation data side channels  imul, div/idiv cycle counts are data dependent  What can we break with that? 46

  47. Q UESTIONS ? dkohlbre@cs.ucsd.edu LibFTFP: github.com/kmowery/libfixedtimefixedpoint 47

Recommend

Consensus Attention-based Neural Networks for Reading Comprehension Y IMING C UI , T ING L IU , Z

Consensus Attention-based Neural Networks for Reading Comprehension Y IMING C UI , T ING L IU , Z

Consensus Attention-based Neural Networks for Reading Comprehension Y IMING C UI , T ING L IU , Z HIPENG C HEN , S HIJIN W ANG AND G UOPING H U J OINT L ABORATORY OF HIT AND I FLYTEK R ESEARCH (HFL), C HINA 2016-12-15 O SAKA , J APAN O UTLINE

589 views • 45 slides
Chapter 4: Retiming Keshab K. Parhi Ret iming : Moving around exist ing delays Does not

Chapter 4: Retiming Keshab K. Parhi Ret iming : Moving around exist ing delays Does not

Chapter 4: Retiming Keshab K. Parhi Ret iming : Moving around exist ing delays Does not alt er t he lat ency of t he syst em Reduces t he crit ical pat h of t he syst em Node Ret iming D 3D 5D 3D 2D Cut set Ret

138 views • 12 slides
Convolutional Spatial Attention Model for Reading Comprehension with Multiple- Choice Questions Z

Convolutional Spatial Attention Model for Reading Comprehension with Multiple- Choice Questions Z

Convolutional Spatial Attention Model for Reading Comprehension with Multiple- Choice Questions Z HIPENG C HEN , Y IMING C UI * , W ENTAO M A , S HIJIN W ANG , G UOPING H U J OINT L ABORATORY OF HIT AND I FLYTEK R ESEARCH ( HFL ), B EIJING , C

935 views • 28 slides
Understanding the community dynamics, , tim iming, g, and in intensity of f the 2017 and 2018

Understanding the community dynamics, , tim iming, g, and in intensity of f the 2017 and 2018

Understanding the community dynamics, , tim iming, g, and in intensity of f the 2017 and 2018 cyanobacteria blo looms in in two shall llow eutrophic bays in in Lake Champlain August 1, 2019 || VT EPSCoR 2019 Undergraduate Research

138 views • 10 slides
F E AT URE L OCAL PRE SE NT AT ION: Sig na l T iming In Burling ton County Offic e o

F E AT URE L OCAL PRE SE NT AT ION: Sig na l T iming In Burling ton County Offic e o

F E AT URE L OCAL PRE SE NT AT ION: Sig na l T iming In Burling ton County Offic e o f the Ma rtin is jo ine d b y: Burling to n Co unty E ng ine e r Pa ul Ca ra fide s , DVRPC Ma rtin indse y Kle in , I mpe ria l T ra ffic L

389 views • 34 slides
SAMBa CDT: aim iming for in inclusivity in in recruitment and training Susie Douglas (Centre

SAMBa CDT: aim iming for in inclusivity in in recruitment and training Susie Douglas (Centre

SAMBa CDT: aim iming for in inclusivity in in recruitment and training Susie Douglas (Centre Manager) With Andreas Kyprianou and Paul Milewski (co-Directors) Structure of f SAMBa Remit of Statistical Applied Mathematics : research along

245 views • 22 slides
Tim iming analysis of f AVB Ethernet network usin ing the Forward end-to to-end Dela lay

Tim iming analysis of f AVB Ethernet network usin ing the Forward end-to to-end Dela lay

Tim iming analysis of f AVB Ethernet network usin ing the Forward end-to to-end Dela lay Analysis Nassima BENAMMAR Frdric Ridouard Henri Bauer Pascal Richard Oc October 12, 12, 2018 2018 1 Context A UTOMOTIVE S YSTEM : ECU S ECU

564 views • 42 slides
LOFT LARGE OBSERVATORY FOR X - RAY TIMING THE L ARGE O BSERVATORY F OR X - RAY T IMING LOFT

LOFT LARGE OBSERVATORY FOR X - RAY TIMING THE L ARGE O BSERVATORY F OR X - RAY T IMING LOFT

M ARCO F EROCI INAF , R OME ON BEHALF OF THE LOFT C ONSORTIUM LOFT LARGE OBSERVATORY FOR X - RAY TIMING THE L ARGE O BSERVATORY F OR X - RAY T IMING LOFT Consortium: national representatives: Marco Feroci INAF/IAPS-Rome, Italy Jan-Willem den

549 views • 33 slides
TIM IMING IS IS EVERYTHING: OPTIMAL ELECTRIC VEHICLE CHARGING TO MAXIMIZE WELFARE Miguel

TIM IMING IS IS EVERYTHING: OPTIMAL ELECTRIC VEHICLE CHARGING TO MAXIMIZE WELFARE Miguel

TIM IMING IS IS EVERYTHING: OPTIMAL ELECTRIC VEHICLE CHARGING TO MAXIMIZE WELFARE Miguel Castro Inter-American Development Bank Hourly private and external costs/Current charging profiles 34 45 Current EV charging 40 33 patterns

437 views • 10 slides
Cu Curr rrent t and Em Emerging Rol ole of of Immune Ch Checkpoi oint t Inhibitor ors s

Cu Curr rrent t and Em Emerging Rol ole of of Immune Ch Checkpoi oint t Inhibitor ors s

Cu Curr rrent t and Em Emerging Rol ole of of Immune Ch Checkpoi oint t Inhibitor ors s in th the Ma Management t of of mCR CRC Michael J Overman, MD Professor Department of Gastrointestinal Medical Oncology Division of Cancer

519 views • 21 slides
I NFECTIOUS D ISEASES S OCIETY OF N EW Y ORK N EW Y ORK C ITY H EALTH D EPARTMENT J OINT M

I NFECTIOUS D ISEASES S OCIETY OF N EW Y ORK N EW Y ORK C ITY H EALTH D EPARTMENT J OINT M

I NFECTIOUS D ISEASES S OCIETY OF N EW Y ORK N EW Y ORK C ITY H EALTH D EPARTMENT J OINT M EETING J ULY 13, 2020 7:00-7:05 PM Welcome and introductions Adam Ratner, New York University 7:05-7:30 PM COVID-19 in New York City

1.04k views • 86 slides
Implementation of of Joi oint Wavi viness/R /Rou oughness into o DEM EM Si Simulation ons

Implementation of of Joi oint Wavi viness/R /Rou oughness into o DEM EM Si Simulation ons

Implementation of of Joi oint Wavi viness/R /Rou oughness into o DEM EM Si Simulation ons Fifth International al ITASCA S Symposium, F Februar ary 1 y 17-21, 21, 2020, 2020, V Vienna, Au Austria By: Ali Mortazavi, Professor

698 views • 25 slides
Globa bal l Value ue Joi oint t Investmen stment t For orum um Liam Nunn, Investor

Globa bal l Value ue Joi oint t Investmen stment t For orum um Liam Nunn, Investor

Globa bal l Value ue Joi oint t Investmen stment t For orum um Liam Nunn, Investor January 2020 Marketing material for professional investors or advisers only. Lea earnin rning g outcome tcomes Describe the four step process by

437 views • 22 slides
Ba Basic sics of s of Pow Power erPoint oint to cr o creat eate a e a Pre Presenta

Ba Basic sics of s of Pow Power erPoint oint to cr o creat eate a e a Pre Presenta

Ba Basic sics of s of Pow Power erPoint oint to cr o creat eate a e a Pre Presenta sentatio tion REMEMBER All Office Programs have a quick access toolbar you can add icons to. To begin a new presentation open PowerPoint and start

395 views • 5 slides
With Unmatched Amenities Developed by Joe Watson A XIS P OINT D EVELOPERS, LLC Investment Builders

With Unmatched Amenities Developed by Joe Watson A XIS P OINT D EVELOPERS, LLC Investment Builders

A Planned Gated Residential and Commercial Development In Manvel, Texas With Unmatched Amenities Developed by Joe Watson A XIS P OINT D EVELOPERS, LLC Investment Builders and Developers 281 932 4143 JWatson@APDllc.net www.ADDllc.net Note:

282 views • 10 slides
Liber Lib erty ty Poi oint nt ES ES Annual Title I Meeting August 27, 2019 5:30 P.M . Mr.

Liber Lib erty ty Poi oint nt ES ES Annual Title I Meeting August 27, 2019 5:30 P.M . Mr.

Liber Lib erty ty Poi oint nt ES ES Annual Title I Meeting August 27, 2019 5:30 P.M . Mr. James Payne One Team, m, One Goal, l, No Limi mits! ts! Principal It is easier to build strong children, than to repair BROKEN

1.09k views • 20 slides
Lib Liber erty ty Poi oint nt ES ES Annual Title I Meeting August 21, 2018 5:30 P.M . Mr.

Lib Liber erty ty Poi oint nt ES ES Annual Title I Meeting August 21, 2018 5:30 P.M . Mr.

Lib Liber erty ty Poi oint nt ES ES Annual Title I Meeting August 21, 2018 5:30 P.M . Mr. James Payne One Team, One Goal, l, No Limits! its! Principal It is easier to build strong children, than to repair BROKEN MEN!

395 views • 20 slides
if H has a b reak p oint k m H ( N ) Hoeffding Inequality Union Bound VC Bound

if H has a b reak p oint k m H ( N ) Hoeffding Inequality Union Bound VC Bound

Review of Leture 6 The V C Inequalit y is p olynomial if H has a b reak p oint k m H ( N ) Hoeffding Inequality Union Bound VC Bound space of k data sets 1 2 3 4 5 6 . . . 1 1 2 2 2 2 2 . . D 2

530 views • 25 slides
Pu Published Data with and Appropriate Integr gration on of I of Immune Ch Checkp kpoi oint

Pu Published Data with and Appropriate Integr gration on of I of Immune Ch Checkp kpoi oint

Pu Published Data with and Appropriate Integr gration on of I of Immune Ch Checkp kpoi oint I Inhibitor ors in into the the Car are of Patie tients ts with ith Progressiv ive Me Metastatic HC HCC Anthony El-Khoueiry, MD

650 views • 18 slides
Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul Sharma Alex Aiken

Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul Sharma Alex Aiken

Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul Sharma Alex Aiken Stanford University PLDI 2016 This Talk Example: mathematical specification Goal: Bound the difference between spec and implementation

1.22k views • 111 slides
Call to Order J OINT M EETING WITH THE UA/AZPM T ASK F ORCE May 15, 2015 Welcome and

Call to Order J OINT M EETING WITH THE UA/AZPM T ASK F ORCE May 15, 2015 Welcome and

Call to Order J OINT M EETING WITH THE UA/AZPM T ASK F ORCE May 15, 2015 Welcome and Introductions Guests: Task Force Members Call to Order Barbara Bryson Lynn Nadel Welcome and Introductions George Davis Hank Peck Stephen Golden Welcome

509 views • 13 slides
Joint E oint Eur uropean opean Stak Stakeholder Gr eholder Group oup Tuesday 13 th December

Joint E oint Eur uropean opean Stak Stakeholder Gr eholder Group oup Tuesday 13 th December

Joint E oint Eur uropean opean Stak Stakeholder Gr eholder Group oup Tuesday 13 th December 2016: Meeting 17 Elexon, London 1. Welcome &amp; Introductions Barbara Vest JESG Independent Chair 2. GB Implementation approach John Young and

630 views • 28 slides
Joint Eur oint Europea opean n Stak Stakeholder Gr eholder Group oup Monday 25 th May 2017:

Joint Eur oint Europea opean n Stak Stakeholder Gr eholder Group oup Monday 25 th May 2017:

Joint Eur oint Europea opean n Stak Stakeholder Gr eholder Group oup Monday 25 th May 2017: Meeting 21 Elexon, London 1. Welcome &amp; Introductions Barbra Vest Independent Chair 2. Inter Interconnector pr connector projects ojects

550 views • 38 slides
J OINT C ENTER FOR E NERGY S TORAGE R ESEARCH Becoming Energy Efficient George Crabtree

J OINT C ENTER FOR E NERGY S TORAGE R ESEARCH Becoming Energy Efficient George Crabtree

J OINT C ENTER FOR E NERGY S TORAGE R ESEARCH Becoming Energy Efficient George Crabtree Director, Joint Center for Energy Storage Research (JCESR) Argonne National Laboratory University of Illinois at Chicago Outline Energy Sources and Uses

267 views • 24 slides

More recommend