micro architectural attacks
play

Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things - PowerPoint PPT Presentation

May 31, 2023 •292 likes •891 views

Micro-architectural Attacks Chester Rebeiro IIT Madras 1 Things we thought gave us security! Cryptography Passwords Information Flow Policies Privileged Rings ASLR Virtual Machines and confinement Javascript

  1. Micro-architectural Attacks Chester Rebeiro IIT Madras 1

  2. Things we thought gave us security! Cryptography • • Passwords • Information Flow Policies • Privileged Rings • ASLR • Virtual Machines and confinement • Javascript and HTML5 (due to restricted access to system resouces) • Enclaves (SGX and Trustzone) 2

  3. Micro-Architectural Attacks (can break all of this) Cryptography • • Passwords Cache timing attack • Information Flow Policies Branch prediction attack • Privileged Rings • ASLR Speculation Attacks • Virtual Machines and confinement Row hammer • Javascript and HTML5 (due to restricted access to system Fault Injection Attacks resouces) • Enclaves (SGX and Trustzone) cold boot attacks DRAM Row buffer (DRAMA) ….. and many more 3

  4. Causes Most micro-architectural attacks caused by performance optimizations Others due to inherent device properties security Third, due to stronger attackers performance 4

  5. Copy on Write pies of a process) cess if (fork() > 0){ // in parent process } else{ Parent // in child process Page } Table ss) Child created is an exact replica of the parent process. - Page tables of the parent duplicated in the child - New pages created only when parent (or child) modifies data Child - Postpone copying of pages as much as possible, thus Page Table optimizing performance Physical Memory - Thus, common code sections (like libraries) would be shared across processes. � 5

  6. Process Tree init Physical Memory : : SSLEncryption() SSLEncryption() : : Virtual Memory Virtual Memory (process 2) (process 1) 6

  7. Interaction with the LLC : SSLEncryption() Processes Processes : cache misses slow Core 2 Core 1 LLC 7

  8. Interaction with the LLC : : SSLEncryption() SSLEncryption() Processes Processes : : fast cache hits Core 2 Core 1 LLC One process can affect the execution time of another process 8

  9. Flush + Reload Attack on LLC Part of an encryption algorithm clflush Instruction Takes an address as input. Flushes that address from all caches clflush (line 8) executed only when e i = 1 Flush+Reload Attack, Yuval Yarom and Katrina Falkner (https://eprint.iacr.org/2013/448.pdf) 9

  10. Flush + Reload Attack : : SSLEncryption() Clflush(line 8) Processes Processes : : Core 2 Core 1 flush attacker reload victim access LLC 10

  11. Flush+Reload Attack 11

  12. Countermeasures • Do not use copy-on-write – Implemented by cloud providers Permission checks for clflush • – Do we need clflush? Non-inclusive cache memories • – AMD – Intel i9 versions • Fuzzing Clocks • Software Diversification – Permute location of objects in memory (statically and dynamically) 12

  13. Cache Collision Attacks • External Collision Attacks – Prime + Probe • Internal Collision Attacks – Time-driven attacks 13

  14. Prime + Probe Attack Victim Spy Core 2 Core 1 Last Level Cache Set 0 Set 1 Victim Spy Set 2 Set 3 SMT Core Set N-2 Set N-1 L1 Cache Memory way 0 way 1 way 2 way 3 14

  15. Prime Phase While(1){ for(each cache set){ start = time(); Set 0 access all cache ways Set 1 end = time(); access_time = end – start Set 2 } Set 3 wait for some time } way 0 way 1 way 2 way 3 15

  16. Victim Execution The execution causes some of the spy data to get evicted Set 0 Set 1 Set 2 Set 3 way 0 way 1 way 2 way 3 16

  17. Probe Phase While(1){ for(each cache set){ start = time(); Set 0 access all cache ways Set 1 end = time(); access_time = end – start Set 2 } Set 3 wait for some time } Time taken by sets that have victim data is more due to the cache way 0 way 1 way 2 way 3 misses 17

  18. Probe Time Plot 63 0 Each row is an iteration of the while loop; darker shades imply higher memory access time 18

  19. Prime + Probe in Cryptography char Lookup[] = {x, x, x, . . . x}; char RecvDecrypt(socket){ char key = 0x12; Key dependent memory accesses char pt, ct; read(socket, &ct, 1); pt = Lookup[key ^ ct]; return pt; } The attacker know the address of Lookup and the ciphertext (ct) The memory accessed in Lookup depends on the value of key Given the set number, one can identify bits of key ^ ct. 19

  20. Keystroke Sniffing Keystroke à interrupt à kernel mode switch à ISR execution à add to keyboard • buffer à … à return from interrupt Set 0 Set 1 Set 2 Set 3 way 0 way 1 way 2 way 3 20

  21. Keystroke Sniffing • Regular disturbance seen in Probe Time Plot Period between disturbance used to predict passwords • Svetlana Pinet, Johannes C. Ziegler, and F.-Xavier Alario. 2016. Typing Is Writing: Linguistic Properties Modulate Typing Execution. Psychon Bull Rev 23, 6 21

  22. Web Browser Attacks • Prime+Probe in – Javascript – pNACL – Web assembly 22

  23. Extract Gmail secret key https://www.cs.tau.ac.il/~tromer/drivebycache/drivebycache.pdf 23

  24. Website Fingerprinting • Privacy: Find out what websites are being browsed. 24

  25. Cross VM Attacks (Cache) Placement Placement Placement How does the attacker co-reside in the same physical machine as the victim ? *Ristenpart et.al., Hey, you, get off of my cloud: exploring information leakage in third-party compute 25 clouds , CCS- 2009 A Survey of Micro-Architectural Side Channel Attacks in the Cloud D.A.Balaraju 6/45

  26. Cross VM Attacks (DRAM) 26

  27. Internal Collision Attacks Victim (Adversary) 27

  28. Internal Collisions on a Cipher Part of a Cipher P P 0 4 K K 0 4 P ⊕ K P ⊕ K 0 0 4 4 Table Table (Adversary) P 0 ,P 4 If cache hit (less time) : If cache miss (more time) : P K P K ⊕ ≠ ⊕ P K P K ⊕ = ⊕ 0 4 0 4 0 4 0 4 K K P P ⇒ ⊕ ≠ ⊕ K K P P ⇒ ⊕ = ⊕ 4 4 0 0 4 4 28 28 0 0

  29. P 4 P 0 Random Suppose P4 Average DOM (K 0 = 00 and k 4 = 50) Time 00 2945.3 1.8 P 0 = 0, all other inputs are • Block Cipher random 10 2944.4 0.9 Make N time measurements • 20 2943.7 0.2 Segregate into Y buckets • based on value of P 4 30 2943.7 0.2 Find average time of each • Cipher Text 40 2944.8 1.3 bucket P 0 P 4 50 2937.4 -6.3 Find deviation of each • average from overall 60 2943.3 -0.2 K 0 K 4 average (DOM) 70 2945.8 2.3 T T : : : F0 Average : 2943.57 2941.8 -1.7 K K P P ⊕ = ⊕ Maximum : -6.3 4 4 0 0

  30. Implementation Difference of Easiness to attack Means AES (OpenSSL 0.9.8a ) -6.5 DES (PolarSSL 1.1.1 ) +11 CAMELLIA (PolarSSL 1.1.1) 19.2 CLEFIA (Ref. 23.4 Implementation 1.0) 30

  31. Speculation Attacks Some of the slides motivated from Yuval Yarom’s talk on Meltdown and Spectre at the Cyber security research bootcamp 2018 31

  32. Out-of-order execution How instructions are How they may be How the results are fetched executed committed load r0, addr1 sub r4, r5, r6 r0 mov r2, r1 store r1, add2 r2 add r2, r2, r3 mov r2, r1 r2 store r1, add2 add r2, r2, r3 addr2 sub r4, r5, r6 load r0, addr1 r4 inorder order restored out-of-order Out the processor core, execution looks in-order Insider the processor core, execution is done out-of-order 32

  33. Speculative Execution cmp r0, r1 jnz label cmp r0, r1 load r0, addr1 r0 jnz label load r0, addr1 mov r2, r1 r2 mov r2, r1 add r2, r2, r3 r2 add r2, r2, r3 store r1, add2 add2 store r1, add2 sub r4, r5, r6 r4 sub r4, r5, r6 : : : : : : : : : label: label: more instructions more instructions How instructions are How results are How instructions are fetched committed when executed speculation is correct Speculative execution (transient instructions) 33

  34. Speculative Execution cmp r0, r1 jnz label cmp r0, r1 load r0, addr1 jnz label load r0, addr1 mov r2, r1 mov r2, r1 add r2, r2, r3 add r2, r2, r3 store r1, add2 store r1, add2 sub r4, r5, r6 sub r4, r5, r6 : : : : : : : : : label: label: more instructions more instructions How instructions are How results are How instructions are fetched committed when executed speculation is incorrect Speculative execution (transient instructions) 34

  35. Speculative Execution cmp r0, r1 div r0, r1 cmp r0, r1 load r0, addr1 div r0, r1 load r0, addr1 mov r2, r1 mov r2, r1 add r2, r2, r3 add r2, r2, r3 store r1, add2 store r1, add2 sub r4, r5, r6 sub r4, r5, r6 : : : : : : : : : label: label: more instructions more instructions How instructions are How results are How instructions are fetched committed when executed speculation is incorrect Speculative execution (eg. If r1 = 0) 35

  36. Speculative Execution and Micro-architectural State data=84 Even though line 3 is not reached, the micro-architectural state is modified due to Line 3. 36

  37. Meltdown Virtual address space of process Normal Circumstances Kernel space i = *pointer y = array[i * 256] Cache Memory Set 0 Set 1 *pointer Set 2 User space Set 3 array way 0 way 1 way 2 way 3 37

  38. Meltdown Virtual address space of process Not normal Circumstances Kernel space i = *pointer y = array[i * 256] *pointer Cache Memory Set 0 Set 1 Set 2 User space Set 3 array way 0 way 1 way 2 way 3 38

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

From Monolith to Micro-Services An Architectural Strategy Software Intelligence for Digital

From Monolith to Micro-Services An Architectural Strategy Software Intelligence for Digital

From Monolith to Micro-Services An Architectural Strategy Software Intelligence for Digital Leaders www.castsoftware.com Goal of this Workshop Present approaches and techniques used on various architectures to support the transformation of

261 views • 24 slides
Understanding Economic Motivation behind Ransom Attacks Fyodor Yarochkin Trend Micro Researcher

Understanding Economic Motivation behind Ransom Attacks Fyodor Yarochkin Trend Micro Researcher

Understanding Economic Motivation behind Ransom Attacks Fyodor Yarochkin Trend Micro Researcher | HITCON Review Board Member Agenda Evolution of Ransom Attacks Where is the Profit? What are the Margins? Conclusions How it started

446 views • 41 slides
Hunting Deadlocks Efficiently in Micro-Architectural Models of Communication Fabrics Freek

Hunting Deadlocks Efficiently in Micro-Architectural Models of Communication Fabrics Freek

Hunting Deadlocks Efficiently in Micro-Architectural Models of Communication Fabrics Freek Verbeek and Julien Schmaltz Growing number of cores (W. Tichy - Keynote ICST 2011) AMD Opteron 12 cores Sun Niagara3 16 cores Intel 8 cores ~1.8 Bill.

833 views • 59 slides
NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural is a family owned business, based in Colchester. The manufacturing facility is 70,000 sq. ft with a staff of over 50. What do we do? NES

274 views • 16 slides
From Tap Water to Marine Organisms: a Micro-Spectroscopic Approach to Micro-Plastic

From Tap Water to Marine Organisms: a Micro-Spectroscopic Approach to Micro-Plastic

From Tap Water to Marine Organisms: a Micro-Spectroscopic Approach to Micro-Plastic Characterization The world leader in serving science Proprietary & Confidential Micro-Plastics What are they? A micro-plastic is a small piece of

319 views • 31 slides
Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Micro-Architectural Attacks on Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical Systems Cyber Physical Systems (CPS) Cyber (Computer) + Physical (Plant) Real-time Control physical

310 views • 29 slides
PHI: ARCHITECTURAL SUPPORT FOR SYNCHRONIZATION- AND BANDWIDTH-EFFICIENT COMMUTATIVE SCATTER

PHI: ARCHITECTURAL SUPPORT FOR SYNCHRONIZATION- AND BANDWIDTH-EFFICIENT COMMUTATIVE SCATTER

PHI: ARCHITECTURAL SUPPORT FOR SYNCHRONIZATION- AND BANDWIDTH-EFFICIENT COMMUTATIVE SCATTER UPDATES Anurag Mukkara , Nathan Beckmann, Daniel Sanchez MICRO 2019 Scatter updates are common but inefficient 2 Scatter updates are common but

1.55k views • 152 slides
Cybercrime and Attacks in in the Dark Sid ide of the Web Dr. Marco Balduzzi * Senior Researcher

Cybercrime and Attacks in in the Dark Sid ide of the Web Dr. Marco Balduzzi * Senior Researcher

Cybercrime and Attacks in in the Dark Sid ide of the Web Dr. Marco Balduzzi * Senior Researcher at Trend Micro http://www.madlab.it @embyte * With the cooperation of Mayra Rosario and Vincenzo Ciancaglini The Dark Ecosystem Dark Nets TOR

966 views • 39 slides
Trading Space for Place Micro-Loft Case Studies WHAT IS A MICRO-LOFT? Micro-Lofts are rental or

Trading Space for Place Micro-Loft Case Studies WHAT IS A MICRO-LOFT? Micro-Lofts are rental or

CANADIAN APARTMENT INVESTMENT CONFERENCE Trading Space for Place Micro-Loft Case Studies WHAT IS A MICRO-LOFT? Micro-Lofts are rental or condominium homes that are smaller than typical for a given market. Apart from the small unit size,

551 views • 34 slides
DISPLAY WALLS USING NVAPI HOW TO MAKE A FUNKY DISPLAY WALL ; - ) DOUG TRAILL SENIOR

DISPLAY WALLS USING NVAPI HOW TO MAKE A FUNKY DISPLAY WALL ; - ) DOUG TRAILL SENIOR

S5143 - ARCHITECTURAL DISPLAY WALLS USING NVAPI HOW TO MAKE A FUNKY DISPLAY WALL ; - ) DOUG TRAILL SENIOR SOLUTIONS ARCHITECT , NVIDIA ARCHITECTURAL DISPLAYS Image courtesy of Christie Digital Micro Tiles Image courtesy of Planar

482 views • 34 slides
IAB IAB Architectural Consideration for Architectural Consideration for OPES OPES Abbie

IAB IAB Architectural Consideration for Architectural Consideration for OPES OPES Abbie

IAB IAB Architectural Consideration for Architectural Consideration for OPES OPES Abbie Barbir abbieb@nortelnetworks.com Design Team IAB consideration (RFC 3238) Brief Review of Some Issue IP-layer communications (2.2) For an OPES

216 views • 8 slides
MICRO STANDING OFFER PROGRAM (MICRO-SOP) JUNE 9 VANCOUVER MEETING AND JUNE 10 WEBINAR June 9

MICRO STANDING OFFER PROGRAM (MICRO-SOP) JUNE 9 VANCOUVER MEETING AND JUNE 10 WEBINAR June 9

MICRO STANDING OFFER PROGRAM (MICRO-SOP) JUNE 9 VANCOUVER MEETING AND JUNE 10 WEBINAR June 9 /10, 2014 MICRO-SOP OVERVIEW AGENDA BC Hydro Offers for Small, Clean Energy Projects What is the Micro-SOP? Engagement Overview Key

565 views • 19 slides
Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large

Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large

Architectural Patterns Architectural Patterns The fundamental problem to be solved with a large system is how to break it into chunks manageable for human programmers to understand, implement, and maintain. Dr. James A. Bednar Large-scale

893 views • 12 slides
Going Reactive An architectural journey Going Reactive An architectural journey Matthias

Going Reactive An architectural journey Going Reactive An architectural journey Matthias

Going Reactive An architectural journey Going Reactive An architectural journey Matthias Kppler October 2015 commit 24c61b35754ff5ca153ce37c5886279153f0d16f Author: Matthias Kaeppler <mk@soundcloud.com> Date: Wed Mar 13

700 views • 41 slides
Supporting Radio Clocks in OpenBSD Marc Balmer < mbalmer@openbsd.org > micro systems/OpenBSD

Supporting Radio Clocks in OpenBSD Marc Balmer < mbalmer@openbsd.org > micro systems/OpenBSD

Supporting Radio Clocks in OpenBSD Marc Balmer < mbalmer@openbsd.org > micro systems/OpenBSD BSDConTr, Istanbul, Turkey Agenda 1 Introduction 2 Radio Clocks 3 Architectural Overview 4 Support for GPS-Receivers 5 Support for Time Signal

745 views • 35 slides
Architectural Patterns The fundamental problem to be solved with a large system Architectural

Architectural Patterns The fundamental problem to be solved with a large system Architectural

Architectural Patterns The fundamental problem to be solved with a large system Architectural Patterns is how to break it into chunks manageable for human programmers to understand, implement, and maintain. Dr. James A. Bednar Large-scale

354 views • 12 slides
Factoring RSA Modulus using Prime Reconstruction from Random Known Bits S. Maitra, S. Sarkar and

Factoring RSA Modulus using Prime Reconstruction from Random Known Bits S. Maitra, S. Sarkar and

Factoring RSA Modulus using Prime Reconstruction from Random Known Bits S. Maitra, S. Sarkar and S. Sen Gupta Cryptology Research Group, ASU Indian Statistcal Institute, Kolkata May 3, 2010 Background Slide 2 of 31 RSA Framework Key-Gen

607 views • 58 slides
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World

Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy ibenik , Croatia Outline Why physical attacks matter Implementation attacks and power analysis Leakage Detection

972 views • 52 slides
Low Power Multicore Architecture Using FDSOI Technology Marcello Coppola STMicroelectronics

Low Power Multicore Architecture Using FDSOI Technology Marcello Coppola STMicroelectronics

7/15/2014 Low Power Multicore Architecture Using FDSOI Technology Marcello Coppola STMicroelectronics Agenda 2 FDSOI STNOC with FDSOI Application example Conclusions 1 7/15/2014 FD-SOI Speed & Energy Efficiency

211 views • 8 slides
Outline Crypto failures, contd CSci 5271 Announcements intermission Introduction to Computer

Outline Crypto failures, contd CSci 5271 Announcements intermission Introduction to Computer

Outline Crypto failures, contd CSci 5271 Announcements intermission Introduction to Computer Security Day 21: Firewalls, NATs, and IDSes Firewalls and NAT boxes Stephen McCamant University of Minnesota, Computer Science & Engineering

1.35k views • 7 slides
Restriction Access, Population Recovery & Partial Identification Avi Wigderson IAS,

Restriction Access, Population Recovery & Partial Identification Avi Wigderson IAS,

Restriction Access, Population Recovery & Partial Identification Avi Wigderson IAS, Princeton Joint with Zeev Dvir Anup Rao Amir Yehudayoff Restriction Access, A new model of Grey-box access Systems, Models, Observations From

751 views • 29 slides
NP04 Powercut Recovery and Cold Starts Pengfei Dine, Bonnie King, Geoff Savage DUNE DAQ meeting

NP04 Powercut Recovery and Cold Starts Pengfei Dine, Bonnie King, Geoff Savage DUNE DAQ meeting

NP04 Powercut Recovery and Cold Starts Pengfei Dine, Bonnie King, Geoff Savage DUNE DAQ meeting 29 July 2019 Power cut #1 July 23 Power cut with subsequent cooling failure brought down all servers except np04-srv-001 and np04-srv-004 (on

238 views • 6 slides
SimBench A Portable Benchmarking Methodology for Full-System Simulators Harry Wagstaff Bruno

SimBench A Portable Benchmarking Methodology for Full-System Simulators Harry Wagstaff Bruno

SimBench A Portable Benchmarking Methodology for Full-System Simulators Harry Wagstaff Bruno Bodin Tom Spink Bjrn Franke Institute for Computing Systems Architecture University of Edinburgh ISPASS 2017 1 Motivation Instruction Set

1.05k views • 52 slides
Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on

Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on

Challenges in Leakage-Resilient Symmetric Cryptography Krzysztof Pietrzak ECRYPT II Workshop on Physical Attacks, Graz, November 28, 2012 Krzysztof Pietrzak Challenges in Leakage-ResilientSymmetric Cryptography Krzysztof Pietrzak Challenges

994 views • 96 slides

More recommend