process isolation vms and side channel
play

Process isolation, VMs and side channel Deian Stefan Slides - PowerPoint PPT Presentation

Jan 04, 2023 •165 likes •681 views

CSE 127: Computer Security Process isolation, VMs and side channel Deian Stefan Slides adopted from Stefan Savage Process Isolation Process boundary is a trust boundary Any inter-process interface is part of the attack surface How

  1. CSE 127: Computer Security Process isolation, VMs and side channel Deian Stefan Slides adopted from Stefan Savage

  2. Process Isolation • Process boundary is a trust boundary ➤ Any inter-process interface is part of the attack surface • How are individual processes isolated from each other? ➤ Each process gets its own virtual address space, managed by the operating system

  3. Process Isolation • Process boundary is a trust boundary ➤ Any inter-process interface is part of the attack surface • How are individual processes isolated from each other? ➤ Each process gets its own virtual address space, managed by the operating system

  4. Virtual Memory • Memory addresses used by processes are virtual addresses • Who maps VAs to PAs? ➤ The operating system + MMU https://en.wikipedia.org/wiki/Virtual_memory#/media/File:Virtual_memory.svg

  5. How do we get isolation? Virtualized view of memory with limited visibility/ access to the underlying memory space

  6. How do we translate VAs? • Using 64-bit ARM architecture as an example… • How to practically map arbitrary 64bit addresses? ➤ 64 bits * 2 64 (128 exabytes) to store any possible mapping

  7. Address Translation 00…00 FF…FF … … … … … • Page: basic unit of translation ➤ Usually 4KB • How many page mappings? ➤ 52 bits * 2 52 (208 petabytes)

  8. Address Translation 00…00 FF…FF … … … … … • Page: basic unit of translation ➤ Usually 4KB • How many page mappings? ➤ 52 bits * 2 52 (208 petabytes)

  9. So what do we actually do? 00…00 FF…FF … … … … … 00 01 FF 00 01 FF 00 01 FF Multi-level Page Tables 00 01 FF 00 01 FF ➤ Sparse tree of page mappings 00 01 FF 00 01 FF ➤ Use VA as path through tree 00 01 FF ➤ Leaf nodes store PAs ➤ Where is the root kept?

  10. What are the nodes of the trees? • Page tables! ➤ Data structures used to store address mapping • Each table (node) is: ➤ Array of translation descriptors ➤ What’s the size of a page table?

  11. How do we use these tables? • Organized into a tree of descriptors ➤ Iteratively resolve n bits of address at a time ➤ Each descriptor is either ➤ Page descriptor (leaf node)

  12. How do we use these tables? • Organized into a tree of descriptors ➤ Iteratively resolve n bits of address at a time ➤ Each descriptor is either ➤ Page descriptor (leaf node) ➤ Table descriptor (internal node)

  13. Page table walk 4KB … 64 bits 512 (2 9 ) entries … … Invalid Descriptor … … Table Descriptor address of next-level table Page Descriptor address of page … … … Translation Table Base Register 63..48 11..0 47 11

  14. Page table walk 4KB … 64 bits 512 (2 9 ) entries … … Invalid Descriptor … … Table Descriptor address of next-level table Page Descriptor address of page … … … Level 0 Translation Table Base Register 9 63..48 47..39 11..0 47 11

  15. Page table walk 4KB … 64 bits 512 (2 9 ) entries … … Invalid Descriptor … … Table Descriptor address of next-level table Page Descriptor address of page … … Level 1 … Level 0 Translation Table Base Register 9 9 63..48 47..39 38..30 11..0 47 11

  16. Page table walk 4KB … 64 bits 512 (2 9 ) entries … … Invalid Descriptor … … Level 2 Table Descriptor address of next-level table Page Descriptor address of page … … Level 1 … Level 0 Translation Table Base Register 9 9 9 63..48 47..39 38..30 29..21 11..0 47 11

  17. Page table walk 4KB … 64 bits 512 (2 9 ) entries Level 3 … … Invalid Descriptor … … Level 2 Table Descriptor address of next-level table Page Descriptor address of page … … Level 1 … Level 0 Translation Table Base Register 9 9 9 9 63..48 47..39 38..30 29..21 20..12 11..0 47 11

  18. When do we do translation? • Every memory access a process performs goes through address translation ➤ Load, store, instruction fetch ➤ Why is this necessary?

  19. When do we do translation? • Every memory access a process performs goes through address translation ➤ Load, store, instruction fetch ➤ Why is this necessary? • Who does the translation?

  20. When do we do translation? • Every memory access a process performs goes through address translation ➤ Load, store, instruction fetch ➤ Why is this necessary? • Who does the translation? ➤ MMU

  21. When do we do translation? • Every memory access a process performs goes through address translation ➤ Load, store, instruction fetch ➤ Why is this necessary? • Who does the translation? ➤ MMU

  22. Translation Lookaside Buffer (TLB) • Small cache of recently translated addresses ➤ Before translating a referenced address, the processor checks the TLB • What does the TLB give us? ➤ Physical page corresponding to virtual page 
 (or that page isn’t present) ➤ If page mapping allows the mode of access 
 (access control)

  23. Translation Lookaside Buffer (TLB) • Small cache of recently translated addresses ➤ Before translating a referenced address, the processor checks the TLB • What does the TLB give us? ➤ Physical page corresponding to virtual page 
 (or that page isn’t present) ➤ If page mapping allows the mode of access 
 (access control)

  24. Access Control • Not everything within a processes’ virtual address space is equally accessible • Page descriptors contain additional access control information ➤ Read, Write, eXecute permissions ➤ Who sets these bits?

  25. How do we get process isolation? • Each process gets its own tree ➤ When you context switch: need to change root ➤ What do you do about TLB? ➤ Most often you flush ➤ Don’t need to flush if HW has process-context identifiers (PCIDs)

  26. How do we get process isolation? • Each process gets its own tree ➤ When you context switch: need to change root ➤ What do you do about TLB? ➤ Most often you flush ➤ Don’t need to flush if HW has process-context identifiers (PCIDs)

  27. Beyond process isolation • Kernel’s virtual memory space is mapped into every process, but made inaccessible in usermode high address ➤ Why? kernel • What happens on sys call? process low address ➤ Translation Table Base Register updated • Do all processes share kernel?

  28. Kernel security • Threat model: ➤ Confidentiality and integrity of kernel memory and control flow must be protected from compromise by usermode processes ➤ All usermode processes are untrusted and potentially malicious • Operating model: ➤ Usermode processes make frequent calls into the kernel, with data passing back and forth

  29. Meltdown broke this, so we have: https://en.wikipedia.org/wiki/Kernel_page-table_isolation#/media/File:Kernel_page-table_isolation.svg

  30. Beyond process isolation: VMs • VM: the hardware running the OS is virtualized ➤ Each OS is oblivious to this happening (mostly) ➤ Hypervisor implements VM environment and provides isolation between VMs ➤ Are processes within guest OS still isolated?

  31. 
 
 
 
 
 
 How does address translation work? • Multiple stages of address translation to support virtualization ➤ Hardware support for this (extended/nestate page tables) 
 Virtual Virtual Address Address 1 1 Intermediate Physical Physical Address Address 2 Physical Address

  32. VM security • Details vary a lot between processor architectures and operating system kernels ➤ Even within an architectural family, details may vary a lot between specific processors ➤ Even within an operating system, details may vary a lot between specific kernel versions

  33. How can we break isolation?

  34. Cache side channels

  35. Cache • Main memory is huge… but slow • Processors try to “cache” recently used memory in faster, but smaller capacity, memory cells closer to the actual processing core

  36. Cache hierarchy • Caches are such a great idea, let’s have caches for caches! • The close to the core, the: ➤ Faster ➤ Smaller https://en.wikipedia.org/wiki/Cache_hierarchy

  37. How is the cache organized? • Cache line: unit of granularity ➤ E.g., 64 bytes • Cache lines grouped into sets ➤ Each memory address is mapped 
 to a set of cache lines • What happens when we have collisions? ➤ Evict! https://en.wikipedia.org/wiki/CPU_cache

  38. How is the cache organized? • Cache line: unit of granularity ➤ E.g., 64 bytes • Cache lines grouped into sets ➤ Each memory address is mapped 
 to a set of cache lines • What happens when we have collisions? ➤ Evict! https://en.wikipedia.org/wiki/CPU_cache

  39. Cache side channel attacks • Cache is a shared system resource ➤ Not isolated by process, VM, or privilege level ➤ “Just a performance optimization” • Can we abuse this shared resource to learn information about another process, VM, etc.?

  40. Thread model • Attacker and victim are isolated (e.g., processes) but on the same physical system • Attacker is able to invoke (directly or indirectly) functionality exposed by the victim ➤ What’s an example of this? • Attacker should not be able to infer anything about the contents of victim memory

Recommend

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, Mahmut Kandemir Pennsylvania State University Cache Side Channels Process Data CPU Cache Program Side

390 views • 20 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Reducing Social Isolation and Loneliness by enabling and empowering people with dementia ntia

Reducing Social Isolation and Loneliness by enabling and empowering people with dementia ntia

Exploring opportunities Building communities Changing lives Side by Side Reducing Social Isolation and Loneliness by enabling and empowering people with dementia ntia Side by Side 2 Reducing Social Isolation and Loneliness by enabling and

494 views • 10 slides
Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel

Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel

Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel X. Ngo, Z. Najm, S. Guilley, S. Bhasin, J.-L.Danger PROOFS14, Busan, South Korea Introduction to HTH and its detection Proposed HTH Detection

429 views • 27 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni Big Picture side-channel measurements device classifier

822 views • 33 slides
Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Side-Channel Cryptanalysis Models and Dependencies New Generic Test Experiments Conclusions Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X. Standaert UCL Crypto Group, Universit e catholique

355 views • 24 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
456 457 458 The purpose of shallow trench isolation (STI) is to provide isolation between

456 457 458 The purpose of shallow trench isolation (STI) is to provide isolation between

In this module we would review a typical gate first, poly-Si gate CMOS process flow. 456 457 458 The purpose of shallow trench isolation (STI) is to provide isolation between individual devices in a CMSO chip. Typical process details and the

381 views • 8 slides
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored Key Plaintext Encryption Cipher

1.14k views • 112 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel Research Dr. M. Elisabeth Oswald Reader, EPSRC Leadership Fellow University of Bristol Roadmap

280 views • 25 slides
Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

622 views • 21 slides
Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy US DoD 1985 Basically a

1.04k views • 67 slides
AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 |

Nicolas Belleville Damien Courouss Karine Heydemann Henri-Pierre Charles AUTOMATED SOFTWARE PROTECTION FOR THE MASSES AGAINST SIDE-CHANNEL ATTACKS PHISIC 2018 | Belleville Nicolas INTRODUCTION Focus on power/EM based side channel

535 views • 31 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas

Behind the Scene of Side Channel Attacks ASIACRYPT 2013 Victor LOMNE, Emmanuel PROUFF and Thomas ROCHE ANSSI (French Network and Information Security Agency) Thursday, December 3rd, 2013 Side Channel Attacks (SCA)| Linear Regression Attack

340 views • 32 slides
Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel Snooping Scenario: Ann the Attacker works in a building across the street from Victor the Victim. Late one night Ann can see Victor hard at work in

727 views • 44 slides
Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015

Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015

Glitching and Side-Channel Analysis for All Colin OFlynn NewAE Technology Inc. RECON 2015 Montreal, QC. Overview W.t.f is side-channel power analysis (again) Example: IEEE 802.15.4 Node Example: AES-256 Bootloader W.t.f.

633 views • 47 slides
Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com

Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com MCrypt Seminar Aug. 11th 2014 Outline 1 Introduction 2 Modeling side-channel leakage 3 Achieving provable security against SCA

1.62k views • 92 slides

More recommend