spectres
play

SPECTRES, VIRTUAL GHOSTS, AND HARDWARE SUPPORT Xiaowan Dong - PowerPoint PPT Presentation

SPECTRES, VIRTUAL GHOSTS, AND HARDWARE SUPPORT Xiaowan Dong University of Rochester Zhuojia Shen University of Rochester John Criswell University of Rochester


  1. SPECTRES, VIRTUAL GHOSTS, AND HARDWARE SUPPORT Xiaowan Dong University of Rochester Zhuojia Shen University of Rochester John Criswell University of Rochester Alan Cox Rice University Sandhya Dwarkadas University of Rochester

  2. Goal Analyze the impact of speculation side channel mitigation on mechanisms that protect user data from compromised OS kernels. 2

  3. SPECTRES: SPECULATION SIDE CHANNELS 3

  4. Speculation Side Channels: Spectre and Meltdown • Speculative execution exacerbates • Example of Spectre side channels if (x < array1_size) • Confidential data is speculatively y = array2[array1[x] * 256]; read and exposed via cache side channels 4

  5. VIRTUAL GHOST: PROTECTING APPLICATION DATA FROM COMPROMISED OS KERNELS 5

  6. Virtual Ghost • A compiler-based approach to protect application data from OS kernels by • Instrumenting every kernel load and store: Software Fault Isolation (SFI) • Requiring the OS kernel to invoke SVA-OS to • Manipulate program state (context switch) OS Kernel • Configure hardware state (MMU) SVA-OS Processor 6

  7. Virtual Address Space of Virtual Ghost User • Protected memory regions include Space Secure User • Secure user space Space • Protected from the OS kernel Virtual Ghost • Virtual Ghost space Space • Saves virtual ghost VM internal data structures Kernel Space Virtual address space 7

  8. Virtual Ghost Instrumentation (SFI) • SFI on Virtual Ghost could be • Example of SFI vulnerable to bounds check bypass If ((addr < SECURE_MEM_START) OR (addr > SECURE_MEM_END)) • A compromised kernel speculatively reads data before the check completes access_memory(addr); Goal: Defend against bounds check bypass (Spectre variant 1) directly launched by the kernel on secure user and virtual ghost space 8

  9. THREE MITIGATIONS 9

  10. Three mitigations • Bit-Masking SFI • MPX SFI with lfence • Separate address spaces 10

  11. mov POINTER_ADDR_HIGH_ORDER_BITS, %R1 Bit-Masking SFI cmp PROT_MEM_HIGH_ORDER_BITS, %R1 sete %R2 • Check whether a pointer points to protected memory regions sign-extend and left shift %R2 • Move it into the kernel region if so or POINTER_ADDR, %R2 • Cmp and sete instructions mov (%R2), %R1 User Space • Results in a data dependence Addr between the SFI code and the Secure User Space memory load Virtual Ghost VM • Intel does not support value Memory speculation Check must complete before memory Kernel Space load is performed 11

  12. Three mitigations • Bit-Masking SFI • MPX SFI with lfence • Separate address spaces 12

  13. MPX SFI • Intel MPX is a hardware mechanism designed for efficient bounds checking • Limitation: MPX only supports checks against one memory region at a time • Solution: Make the kernel- and user-space appear contiguous [1] • Subtract the start address of secure user space from the pointer address Secure Secure User Virtual Ghost Kernel Virtual Ghost Kernel User User User Space Space Space Space Space Space Space Space (2 64 -1) - gstart 2 64 -1 2 64 -1 0 0 [1] Xiaowan Dong, Zhuojia Shen, John Criswell, Alan Cox, and Sandhya Dwarkadas. Shielding Software From Privileged Side- Channel Attacks. To appear in the 27th USENIX Security Symposium, 2018. 13

  14. Handling Speculation: MPX SFI with lfence • Problem : Intel speculatively executes the mov %R1, %R2 instructions following bounds check sub GHOST_MEM_START_ADDR, %R2 • Assumes the bounds check will pass bndcl %R2, %bnd0 • Solution : Insert an lfence instruction lfence between the bounds check and the mov (%R1), %R1 memory load • Introduce pipeline stalls All subsequent instructions are stalled until the bounds check commits 14

  15. Comparing The Two Approaches Bit-Masking SFI MPX SFI with lfence • Only introduces data dependence • Stalls the pipeline completely • Other instructions can proceed • More expensive than Bit-Masking SFI Bounds_check(addr) Bounds_check(addr) lfence Data Dependence Access(addr) Access(addr) Instr1 Instr1 Instr2 Instr2 15

  16. Three mitigations • Bit-Masking SFI • MPX SFI with lfence • Separate address spaces 16

  17. Separate Address Spaces User User User Space Space Space Secure User Secure User Space Space Virtual Ghost Virtual Ghost Space Space Virtual Ghost Virtual Ghost Virtual Ghost VM Trampolines VM Trampolines VM Trampolines Kernel Kernel Kernel Space Space Space Kernel root-level Virtual Ghost and application root-level Virtual address space page table page page table pages 17

  18. Separate Address Spaces • Challenges: Address space switch can be frequent and expensive • Each kernel invocation of SVA-OS incurs two address space switches • Kernel-AddrSpace VirtualGhost-AddrSpace • Address space switch incurs execution of serializing instructions • Updating the CR3 register with the page table base address 18

  19. Comparing The Three Approaches Separate Address Spaces Bit-Masking SFI MPX SFI with lfence • Address space switch is • Instruments every • Instruments every very expensive load and store load and store • Kernel Virtual Ghost can be frequent • Introduces data • lfence incurs pipeline dependence stall 19

  20. EVALUATION 20

  21. Methodology • Experiment environment • 3.4GHz Intel i7-6700 hyperthreading quad-core processor • 16 GB RAM • 256 GB SSD • FreeBSD 9.0 ported to Virtual Ghost 21

  22. Benchmarks • Basic OS operation Benchmarks • LMBench • Null syscall, open/close, mmap, page fault, fork, fork + exec • Applications • FreeBSD 9.0 C library compilation • SSHD • On an isolated Gigabit Ethernet network • Use scp to transfer files from the OpenSSH server to the client 22

  23. LMBench Results lfence is very expensive The best performance The best performance 23

  24. Libc Compilation Results 24

  25. SSHD FileTransfer Rates SSH Server File Transfer Bandwidth 25

  26. SSHD File Transfer Rates SSH Server File Transfer Bandwidth 26

  27. SSHD File Transfer Rates SSH Server File Transfer Bandwidth 27

  28. SSHD File Transfer Rates SSH Server File Transfer Bandwidth 28

  29. • MPX-SFI without lfence is faster than bit-masking SFI • Can we eliminate the use of lfence on MPX-SFI? 29

  30. Enhanced MPX SFI • We propose two architectural improvements to MPX bndcl MULTI_BOUNDS, %R1 /* cmp is used to emulate new bndcl */ • Add a data dependence between sete %R2 bounds check and memory load sign-extend %R2 • Eliminate lfence • Set a flag in a register if the address or %R2, %R1 is out-of-bounds and check the flag mov (%R1), %R1 later • Support checks against multiple bounds • Reduce register pressure • alleviate pointer arithmetic 30

  31. The enhanced MPX-SFI does not outperform Bit-masking SFI Results LMBench Libc Compilation 31

  32. SSHD Results The enhanced MPX-SFI does not outperform Bit-masking SFI 32

  33. Conclusion • Bit-Masking SFI usually achieves the best performance • Separate address spaces can incur frequent and expensive address space switch • MPX-SFI with lfence performs the worst • With enhancements, MPX SFI does not outperform Bit-Masking SFI 33

More recommend