DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks Peter - - PowerPoint PPT Presentation

drama
SMART_READER_LITE
LIVE PREVIEW

DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks Peter - - PowerPoint PPT Presentation

Aug 20, 2022 499 likes •842 views

S C I E N C E P A S S I O N T E C H N O L O G Y DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks Peter Pessl, Daniel Gruss, Clmentine Maurice, Michael Schwarz, Stefan Mangard IAIK, Graz

slide-1
SLIDE 1

S C I E N C E  P A S S I O N  T E C H N O L O G Y

u www.iaik.tugraz.at

DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks

Usenix Security 2016, August 11 Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan Mangard IAIK, Graz University of Technology, Austria

slide-2
SLIDE 2

2

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

slide-3
SLIDE 3

3

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Setting – Cloud Servers

  • Multi-CPU (multi-socket) systems
  • Multiple tenants
  • separate VMs
  • dedicated CPUs  no shared cache
  • No shared memory
  • no cross-VM memory deduplication
  • Previously
  • slow covert channel (< 1 kbps)
  • no side channel
slide-4
SLIDE 4

4

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Overview

  • Cross-CPU attacks using DRAM addressing (DRAMA)
  • fast covert channel (up to 2 Mbps)
  • first side-channel attack
  • Reverse-engineered DRAM addressing
  • two approaches
  • Improving existing attacks
slide-5
SLIDE 5

5

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

DRAM Organization

Hierarchy of

  • CPUs

CPU 2 MC MC CPU 1 Interconnect DRAM Bus DRAM Bus

slide-6
SLIDE 6

6

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

DRAM Organization

Hierarchy of

  • CPUs
  • Channels
  • DIMMs

Channel B Channel A CPU MC DIMM DIMM DIMM DIMM

slide-7
SLIDE 7

7

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Bank 1 Bank 2 Bank 8

.. .. DRAM Organization

Hierarchy of

  • CPUs
  • Channels
  • DIMMs
  • Ranks
  • Banks
slide-8
SLIDE 8

8

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

DRAM Banks

  • Memory array
  • rows of columns
  • Row Buffer
  • buffers one entire row (8 KB)

Row 1 Row 2 Row N Row Buffer

slide-9
SLIDE 9

9

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

The Row Buffer

  • Behavior similar to a cache
  • row hits  fast access
  • row conflicts  slow access
slide-10
SLIDE 10

10

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Reverse Engineering

  • f DRAM Addressing
slide-11
SLIDE 11

11

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Reverse-Engineering DRAM Addressing

  • Mapping to banks using physical-address bits
  • „Complex“ addressing functions
  • distribute traffic to channels/banks
  • undisclosed (Intel)
  • Two approaches to reverse engineer
  • Presumption: linear functions (XORs)
slide-12
SLIDE 12

12

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Approach 1: Probing the Memory Bus

  • Probing of control signals
  • CS, BA, …
  • measure voltage with Osci.
  • recover logic value
  • Repeated access to address
  • until value is determined
  • Function reconstruction
  • linear algebra over bits
slide-13
SLIDE 13

13

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Approach 2: Fully Automated SW-based

  • Exploit timing differences
  • Measuring phase
  • build sets of same-bank addresses
  • alternating access to two addresses
  • measure avg. access time
  • Reconstruction phase
  • exhaustive search over linear functions with up to n set coefficients
  • Total time: seconds
slide-14
SLIDE 14

14

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Comparison

  • Probing
  • recover function labels
  • find a ground truth
  • equipment and access to internals of machine
  • SW-based
  • fully automated
  • ability to run remotely, sandboxed, and on mobile devices
slide-15
SLIDE 15

15

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Some Results - Desktop

... 6 7 8 9 11 10 12 13 14 16 17 18 19 20 21 22 ... BA0 BA1 Rank Ch. 15 BA2

Intel Haswell (desktop system) – DDR3

slide-16
SLIDE 16

16

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Some Results – Server System

... 6 7 8 9 11 10 12 13 14 16 17 18 19 20 21 22 ... Rank BG0 BG1 BA0 Ch. 15 BA1 23 24 25 26 CPU

Dual-CPU Intel Haswell-EP – DDR4

slide-17
SLIDE 17

17

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Some Results – Mobile

Samsung Exynos 7420 (Galaxy S6) – LPDDR4

... 6 7 8 9 11 10 12 13 14 16 17 18 19 20 21 22 ... Rank BA0 BA1 Ch. 15 BA2

slide-18
SLIDE 18

18

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Cross-CPU Attacks

…and how it continues with Romeo and Juliet

slide-19
SLIDE 19

19

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

High-speed covert channel

slide-20
SLIDE 20

20

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Concept

  • Occupy different rows in the same bank
  • Sender
  • send 1: continuously access row
  • send 0: don‘t do anything
  • Receiver
  • access row and measure avg. time
  • infer sent bits based on time

Sender Sender Row Buffer Receiver Receiver Receiver

slide-21
SLIDE 21

21

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Implementation

  • Each bank is a channel
  • use up to 8 banks in parallel
  • multithreading
  • Performance:
  • desktop: 2.1 Mbps
  • multi-CPU server: 1.2 Mbps

Intel Haswell (desktop system)

slide-22
SLIDE 22

22

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Performance Comparison

Performance Cross-CPU No Shared Memory Ours 2.1 Mbps   Prime+Probe [2] 536 Kbps   Flush+Reload [2] 2.3 Mbps   Flush+Flush [2] 3.8 Mbps   Memory Bus Contention [3] 746 bps   Deduplication [4] 90 bps  

slide-23
SLIDE 23

23

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Low-noise side-channel attack

slide-24
SLIDE 24

24

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Row Buffer Victim Victim Spy Victim Victim Spy Spy

Spying on Memory Accesses

  • Memory in the same row/bank
  • row size 8 KB / page size 4 KB
  • Spy activates conflict row
  • Victim computes and possibly

accesses shared row

  • Spy accesses shared row
  • fast row hit  victim access
slide-25
SLIDE 25

25

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Example

Keystrokes in Firefox address bar

slide-26
SLIDE 26

26

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Implementation

  • high spatial accuracy (down to 512 B)
  • very low number of false positives
  • monitor single events
  • Finding addresses: template attack [1]
  • automatic location of vulnerable addresses
  • scan large fraction of memory (4 KB pages)
slide-27
SLIDE 27

27

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Countermeasures to DRAMA

  • Restrictions of
  • rdtsc
  • clflush
  • Multi-CPU: separating DRAM for tenants
  • only access to CPU-local memory
  • degradation into single-CPU system
  • Detection via high number of cache misses / row conflicts
slide-28
SLIDE 28

28

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Improving Attacks - Rowhammer

  • Rowhammer
  • inducing bit flips in DRAM
  • by quickly switching rows
  • requires addressing functions
  • First documented bit flips on DDR4
  • Jan. 2016
slide-29
SLIDE 29

29

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

The End

… of Romeo and Juliet

slide-30
SLIDE 30

30

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Source code for reverse-engineering tool and side-channel attack at https://github.com/IAIK/drama

slide-31
SLIDE 31

31

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at  S C I E N C E  P A S S I O N  T E C H N O L O G Y

u www.iaik.tugraz.at

DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks

Usenix Security 2016, August 11 Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan Mangard IAIK, Graz University of Technology, Austria

slide-32
SLIDE 32

32

Pessl, Gruss, Maurice, Schwarz, Mangard Usenix Security 2016, August 11

www.iaik.tugraz.at 

Bibliography

[1] Gruss, Spreitzer, Mangard. Cache Template Attacks: Automating Attacks on Inclusive Last-Level

  • Caches. In Usenix Security 2015

[2] Gruss, Maurice, Wagner, Mangard. Flush+Flush: A Fast and Stealthy Cache Attack. In DIMVA’16 [3] Wu, Xu, Wang. Whispers in the Hyper-space: High-bandwidth and Reliable Covert Channel Attacks Inside the Cloud. In Usenix Security 2012 [4] Xiao, Xu, Huang, Wang. Security implications of memory deduplication in a virtualized

  • environment. In DSN‘13