leaky processors stealing your secrets with foreshadow
play

Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck - PowerPoint PPT Presentation

Nov 17, 2023 •482 likes •1.27k views

Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck OWASP BeNeLux-Days, November 30, 2018 A primer on software security Secure program: convert all input

  1. Leaky Processors: Stealing Your Secrets with Foreshadow Jo Van Bulck ↸ imec-DistriNet, KU Leuven � jo.vanbulck@cs.kuleuven.be � jovanbulck OWASP BeNeLux-Days, November 30, 2018

  2. A primer on software security Secure program: convert all input to expected output INPUT OUTPUT 1 / 20

  3. A primer on software security Buffer overflow vulnerabilities: trigger unexpected behavior INPUT OUTPUT 1 / 20

  4. A primer on software security Safe languages & formal verification: preserve expected behavior INPUT OUTPUT 1 / 20

  5. A primer on software security Side-channels: observe side-effects of the computation INPUT OUTPUT 1 / 20

  6. Evolution of “side-channel attack” occurrences in Google Scholar 4000 3000 2000 DO WE JUST SUCK AT... COMPUTERS? YUP. ESPECIALLY SHARED ONES. 1000 1990 1994 1998 2002 2006 2010 2014 2018 Based on github.com/Pold87/academic-keyword-occurrence and xkcd.com/1938/ 2 / 20

  8. CPU cache timing side-channel Cache principle: CPU speed ≫ DRAM latency → cache code/data while true do maccess(&a); endwh CPU + cache DRAM memory 3 / 20

  9. CPU cache timing side-channel Cache miss: Request data from (slow) DRAM upon first use cache miss while true do a maccess(&a); endwh CPU + cache DRAM memory 3 / 20

  10. CPU cache timing side-channel Cache hit: No DRAM access required for subsequent uses cache hit while true do a maccess(&a); endwh CPU + cache DRAM memory 3 / 20

  11. Cache timing attacks in practice: Flush+Reload if secret do maccess(&a); else maccess(&b); endif a flush(&a); CPU + cache DRAM memory start_timer maccess(&a); end_timer 4 / 20

  12. Cache timing attacks in practice: Flush+Reload if secret do secret=1, load 'a' into cache maccess(&a); else maccess(&b); cache miss endif a flush(&a); CPU + cache DRAM memory start_timer maccess(&a); end_timer 4 / 20

  13. Cache timing attacks in practice: Flush+Reload if secret do maccess(&a); else maccess(&b); endif cache hit a flush(&a); CPU + cache DRAM memory start_timer maccess(&a); fast access(&a) → secret=1 end_timer 4 / 20

  14. Cache timing attacks in practice: Flush+Reload if secret do maccess(&a); else maccess(&b); cache miss endif cache miss b flush(&a); CPU + cache DRAM memory start_timer maccess(&b); slow access(&b) → secret=1 end_timer 4 / 20

  15. A primer on software security (revisited) Side-channels: observe side-effects of the computation INPUT OUTPUT 5 / 20

  16. A primer on software security (revisited) Constant-time code: eliminate secret-dependent side-effects INPUT OUTPUT 5 / 20

  17. A primer on software security (revisited) Transient execution: HW optimizations do not respect SW abstractions (!) INPUT OUTPUT 5 / 20

  19. Out-of-order and speculative execution Key discrepancy: Programmers write sequential instructions 6 / 20

  20. Out-of-order and speculative execution Key discrepancy: Programmers write sequential instructions Modern CPUs are inherently parallel ⇒ Speculatively execute instructions ahead of time 6 / 20

  21. Out-of-order and speculative execution Key discrepancy: Programmers write sequential instructions Modern CPUs are inherently parallel Over fl ow ⇒ Speculatively execute instructions ahead of time Roll-back exception Best-effort: What if triangle fails? → Commit in-order, roll-back square . . . But side-channels may leave traces (!) 6 / 20

  23. Transient execution attacks: Welcome to the world of fun! CPU executes ahead of time in transient world Success → commit results to normal world � Fail → discard results, compute again in normal world � 7 / 20

  24. Transient execution attacks: Welcome to the world of fun! CPU executes ahead of time in transient world Success → commit results to normal world � Fail → discard results, compute again in normal world � Transient world (microarchitecture) may temp bypass architectural software intentions: Control flow prediction Delayed exception handling 7 / 20

  25. Transient execution attacks: Welcome to the world of fun! Key finding of 2018 ⇒ Transmit secrets from transient to normal world Transient world (microarchitecture) may temp bypass architectural software intentions: Control flow prediction Delayed exception handling 7 / 20

  26. Transient execution attacks: Welcome to the world of fun! Key finding of 2018 ⇒ Transmit secrets from transient to normal world Transient world (microarchitecture) may temp bypass architectural software intentions: Speculative buffer overflow/ROP CPU access control bypass 7 / 20

  28. Meltdown: Transiently encoding unauthorized memory Unauthorized access 8 / 20

  29. Meltdown: Transiently encoding unauthorized memory Unauthorized access Transient out-of-order window oracle array secret idx 8 / 20

  30. Meltdown: Transiently encoding unauthorized memory Unauthorized access Transient out-of-order window Exception (discard architectural state) 8 / 20

  31. Meltdown: Transiently encoding unauthorized memory Unauthorized access Transient out-of-order window Exception handler oracle array cache hit 8 / 20

  32. Mitigating Meltdown: Unmap kernel addresses from user space OS software fix for faulty hardware ( ↔ future CPUs) 9 / 20

  33. Mitigating Meltdown: Unmap kernel addresses from user space OS software fix for faulty hardware ( ↔ future CPUs) Unmap kernel from user virtual address space → Unauthorized physical addresses out-of-reach (˜cookie jar) user unmapped context switch user switch address space kernel context switch SMAP+SMEP kernel Gruss et al. “KASLR is dead: Long live KASLR”, ESSoS 2017 [GLS + 17] 9 / 20

  35. Rumors: Meltdown immunity for SGX enclaves? “[enclaves] remain protected and completely secure” — International Business Times, February 2018 “[enclave memory accesses] redirected to an abort page, which has no value” — Anjuna Security, Inc., March 2018 10 / 20

  36. Rumors: Meltdown immunity for SGX enclaves? https://wired.com and https://arstechnica.com 10 / 20

  37. Enclaved execution attack surface: TCB reduction https://informationisbeautiful.net/visualizations/million-lines-of-code/ 11 / 20

  38. Enclaved execution attack surface: TCB reduction App App App App OS kernel Hypervisor TPM CPU Mem HDD Trusted Untrusted 11 / 20

  39. Enclaved execution attack surface: TCB reduction App App Enclave app OS kernel Hypervisor TPM CPU Mem HDD Intel SGX promise: hardware-level isolation and attestation 11 / 20

  40. Enclaved execution attack surface: TCB reduction App App Enclave app OS kernel Hypervisor TPM CPU Mem HDD Trusted CPU → exploit microarchitectural bugs/design flaws Van Bulck et al. “Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution”, USENIX 2018 [VBMW + 18] 11 / 20

  42. Building Foreshadow 12 / 20

  43. Building Foreshadow L1 terminal fault challenges Foreshadow can read unmapped physical addresses from the cache (!) 12 / 20

  44. Foreshadow-NG: Breaking the virtual memory abstraction CPU micro-architecture L1D T ag? vadrs padrs PT walk? L1 cache design: Virtually-indexed, physically-tagged 13 / 20

  45. Foreshadow-NG: Breaking the virtual memory abstraction CPU micro-architecture L1D T ag? vadrs padrs PT walk? Page fault: Early-out address translation 13 / 20

  46. Foreshadow-NG: Breaking the virtual memory abstraction CPU micro-architecture Tag? L1D Pass to out-of-order padrs vadrs PT walk? L1-Terminal Fault: match unmapped physical address (!) 13 / 20

  47. Foreshadow-NG: Breaking the virtual memory abstraction CPU micro-architecture Tag? L1D Pass to out-of-order padrs vadrs PT SGX? walk? Foreshadow-SGX: bypass enclave isolation 13 / 20

  48. Foreshadow-NG: Breaking the virtual memory abstraction CPU micro-architecture Tag? L1D Pass to out-of-order host guest padrs vadrs padrs PT EPT SGX? walk? walk? Foreshadow-VMM: bypass virtual machine isolation 13 / 20

  49. Mitigating Foreshadow 14 / 20

  50. Mitigating Foreshadow Future CPUs (silicon-based changes) https://newsroom.intel.com/editorials/advancing-security-silicon-level/ 14 / 20

  51. Mitigating Foreshadow OS kernel updates (sanitize page frame bits) https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/L1TF 14 / 20

  52. Mitigating Foreshadow Intel microcode updates ⇒ Flush L1 cache on enclave/VMM exit + disable HyperThreading https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault 14 / 20

  53. Mitigating Foreshadow/L1TF: Hardware-software cooperation 15 / 20

  55. Some good news? https://www.technologyreview.com/the-download/611879/intels-foreshadow-flaws-are-the-latest-sign-of-the-chipocalypse/ https://www.intel.com/content/www/us/en/architecture-and-technology/l1tf.html 16 / 20

  56. Some good news? https://www.zdnet.com/article/azure-confidential-computing-microsoft-boosts-security-for-cloud-data/ 16 / 20

  57. Some good news? ↔ https://www.zdnet.com/article/azure-confidential-computing-microsoft-boosts-security-for-cloud-data/ 16 / 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet,

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet,

Leaky Processors and the RISE of Hardware-Based Trusted Computing Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck 1st RISE Annual Conference, November 14, 2018 A primer on software security Secure program:

952 views • 79 slides
Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook we all have secrets and these secrets matter to us thats what makes them secrets software should keep our secrets some secrets are awful

1k views • 75 slides
Transient Execution Attacks: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck

Transient Execution Attacks: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck

Transient Execution Attacks: Lessons from Spectre, Meltdown, and Foreshadow Jo Van Bulck imec-DistriNet, KU Leuven jo.vanbulck@cs.kuleuven.be jovanbulck ISSE Brussels, November 6, 2018 A primer on software security Secure

897 views • 58 slides
Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution Jo

Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution Jo

Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution Jo Van Bulck 1 Marina Minkin 2 Ofir Weisse 3 Daniel Genkin 3 Baris Kasikci 3 Frank Piessens 1 Mark Silberstein 2 Thomas F. Wenisch 3 Yuval Yarom 4 Raoul

601 views • 56 slides
Foreshadow: speculative attacks on SGX and beyond Mark Silberstein Joint work with Jo Van Bulck,

Foreshadow: speculative attacks on SGX and beyond Mark Silberstein Joint work with Jo Van Bulck,

Foreshadow: speculative attacks on SGX and beyond Mark Silberstein Joint work with Jo Van Bulck, Marina Minkin , Ofir Weisse, Daniel Genkin, Baris Kasikci, Frank Piessens, Thomas F. Wenisch, Yuval Yarom, and Raoul Strackx March 2019 Mark

1.07k views • 70 slides
Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to

Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to

NAHPXXJI6KNA Book ^ Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to describe. It typically does not price an excessive amount of. It is extremely difficult to leave it before

260 views • 3 slides
WORK STEALING SCHEDULER 2 6/16/2010 Work Stealing Scheduler

WORK STEALING SCHEDULER 2 6/16/2010 Work Stealing Scheduler

1 6/16/2010 Work Stealing Scheduler WORK STEALING SCHEDULER 2 6/16/2010 Work Stealing Scheduler Announcements Text books Assignment 1 Assignment

476 views • 32 slides
Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an

Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an

XUECRQXNRXVS Book Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an remarkable book which i have ever go through. It can be writter in simple terms and not difficult to

343 views • 3 slides
Seven Secrets to Building a Successful Business Introductions The Seven Secrets to Building a

Seven Secrets to Building a Successful Business Introductions The Seven Secrets to Building a

Seven Secrets to Building a Successful Business Introductions The Seven Secrets to Building a Successful Business The Essential Tools Incredible Offer!!! Todays Agenda Just for attending you get Copy of the Presentation Link to the

698 views • 56 slides
Presentation Secrets Presentation Secrets Filesize: 3.61 MB Reviews Reviews This is basically

Presentation Secrets Presentation Secrets Filesize: 3.61 MB Reviews Reviews This is basically

NHHOGOEDX28F PDF Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 3.61 MB Reviews Reviews This is basically the greatest pdf i have got go through right up until now. It normally fails to cost excessive. Once you

397 views • 3 slides
1 Secrets to Successful Retreat Planning Your Questions/Goals What are some of your best camp

1 Secrets to Successful Retreat Planning Your Questions/Goals What are some of your best camp

Welcome Secrets to Successful Retreat Planning Secrets to Successful Retreat Planning Be still and know that I am God Psalm 46:10 Secrets to Successful Retreat Planning Welcome Introduction (Leave w/everything you need to create your

465 views • 12 slides
Modelling Membrane Potentials by Diffusion Leaky Integrate-and-Fire Models Patrick Jahn

Modelling Membrane Potentials by Diffusion Leaky Integrate-and-Fire Models Patrick Jahn

Diffusion Leaky Integrate-and-Fire Neuronal Models Modelling by time-inhomogeneous Diffusion Models Modelling Membrane Potentials by Diffusion Leaky Integrate-and-Fire Models Patrick Jahn DEPARTMENT OF MATHEMATICAL SCIENCES UNIVERSITY OF

938 views • 40 slides
Controlling a large population of smart refrigerators as a leaky storage

Controlling a large population of smart refrigerators as a leaky storage

Controlling a large population of smart refrigerators as a leaky storage unit http://drawception.com/viewgame/tGKT5dGMF z/superfridge-and-his-magnetic-sidekicks/ Simon Tindemans , Vincenzo Trovato,

351 views • 17 slides
The secrets of WFM Call Centre Helper conference 2 nd April 2019 John Casey Ccplanning

The secrets of WFM Call Centre Helper conference 2 nd April 2019 John Casey Ccplanning

The secrets of WFM Call Centre Helper conference 2 nd April 2019 John Casey Ccplanning John.Casey@ccplanning.net The secrets of WFM Making Resource Planning real The secrets of WFM Top Tip The secrets of WFM Principles of WFM These

467 views • 21 slides
Stochastic Processors (or processors that do not always compute correctly by design) Rakesh Kumar

Stochastic Processors (or processors that do not always compute correctly by design) Rakesh Kumar

Stochastic Processors (or processors that do not always compute correctly by design) Rakesh Kumar Department of Electrical and Computer Engineering University of Illinois, Urbana-Champaign Insisting on Correctness Always is Expensive

281 views • 12 slides
Business Secrets Of Steve Jobs Presentation Secrets And Innovation Secrets All In One Book

Business Secrets Of Steve Jobs Presentation Secrets And Innovation Secrets All In One Book

Business Secrets Of Steve Jobs Presentation Secrets And Innovation Secrets All In One Book Ebook Bundle Gallo Carmine.pdf Business Secrets Of Steve Jobs Presentation Secrets And Innovation Secrets All In One Book Ebook Bundle Gallo Carmine

1.07k views • 51 slides
Financial Results 6 August 2020 1H 2020 RESULTS ANNOUCEMENT | AUGUST 2020 1 Important Notice

Financial Results 6 August 2020 1H 2020 RESULTS ANNOUCEMENT | AUGUST 2020 1 Important Notice

1H 2020 Financial Results 6 August 2020 1H 2020 RESULTS ANNOUCEMENT | AUGUST 2020 1 Important Notice This document may contain forward-looking statements that involve assumptions, An investment in Units is subject to investment risks,

379 views • 18 slides
Q3 Investm ent Update October 25, 20 17 Russ Allen, CIO Disclosures Important Disclosures:

Q3 Investm ent Update October 25, 20 17 Russ Allen, CIO Disclosures Important Disclosures:

Q3 Investm ent Update October 25, 20 17 Russ Allen, CIO Disclosures Important Disclosures: This information is for discussion purposes only and is being furnished on October 25, 2017. This information is not to be re-transmitted in whole or

557 views • 44 slides
SMITHS GROUP PLC Annual Results 20 September 2019 2 SMITHS GROUP PLC Annual Results 2019

SMITHS GROUP PLC Annual Results 20 September 2019 2 SMITHS GROUP PLC Annual Results 2019

www.smiths.com SMITHS GROUP PLC Annual Results 20 September 2019 2 SMITHS GROUP PLC Annual Results 2019 DISCLAIMER This presentation contains certain statements that are forward-looking statements. They appear in a number of places

930 views • 44 slides
The ideal versus the real: a brief history of secure isolatoo io virtual machioes aod cootaioers

The ideal versus the real: a brief history of secure isolatoo io virtual machioes aod cootaioers

The ideal versus the real: a brief history of secure isolatoo io virtual machioes aod cootaioers Allisoo Raodal University of Cambridge Except where otherwise ooted, liceosed uoder Creatve Commoos Atributoo ShareAlike 4.0 Ioteroatooal. Between

714 views • 35 slides
Recent Surprises in the Simulation of Quantum Phase T ransitions Lei W ang, ETH Zrich

Recent Surprises in the Simulation of Quantum Phase T ransitions Lei W ang, ETH Zrich

Recent Surprises in the Simulation of Quantum Phase T ransitions Lei W ang, ETH Zrich Cologne 2015.04 Quantum Phase T ransitions H ( ) = H 0 + H 1 Quantum Temperature Where is the QCP ? Critical What are the phases ?

986 views • 44 slides
PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING

PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING

PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING PERSONALIZING SEARCH RESULTS IN REAL-TIME Grebennikov Roman / ndify.io

660 views • 45 slides
Generalized tensor methods and entanglement measurements for models with long-range interactions

Generalized tensor methods and entanglement measurements for models with long-range interactions

Generalized tensor methods and entanglement measurements for models with long-range interactions Ors Legeza in collaboration with Jen o S olyom, Gergely Barcza (Budapest) Florian Gebhard, Reinhard M. Noack (Marburg) Valentin

747 views • 64 slides
Beam Transfer Devices: Septa & Kickers M.J. Barnes CERN TE/ABT Acknowledgements: J.

Beam Transfer Devices: Septa & Kickers M.J. Barnes CERN TE/ABT Acknowledgements: J.

Beam Transfer Devices: Septa & Kickers M.J. Barnes CERN TE/ABT Acknowledgements: J. Borburgh, M. Hourican, T. Masson, J-M Cravero, L. Ducimetire, T. Fowler, V. Senaj, L. Sermeus, B. Goddard, M. Gyr, J. Uythoven 06/11/2013 CAS: Septa

782 views • 28 slides

More recommend