microscope enabling microarchitectural replay attacks
play

MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios - PowerPoint PPT Presentation

Jun 15, 2023 •529 likes •965 views

MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, and Christopher W. Fletcher Presented by Mengjia Yan MIT 6.888 Fall 2020 Why this paper? We have read

  1. MicroScope: Enabling Microarchitectural Replay Attacks Dimitrios Skarlatos, Mengjia Yan, Bhargava Gopireddy, Read Sprabery, Josep Torrellas, and Christopher W. Fletcher Presented by Mengjia Yan MIT 6.888 Fall 2020

  2. Why this paper? We have read a couple of attack papers, e.g., Spectre/Meltdown, Prime+Probe. Why read this paper? What is new here at a high level?

  3. Threat Model: Trusted Computing with SGX • OS/Hypervisor are untrusted • OS/Hypervisor cannot introspect/tamper enclave • Unfortunately, OS/Hypervisor still manages demand paging Attack Surface With Enclaves Attacker (OS) can: App App App • Manage page tables Operating System • Evict TLB entries Hypervisor • Evict page walk cache entries Hardware • Monitor side channels Attack Surface

  4. Recap: Address Translation Virtual Address Space (Programmer's View) Physical Address Space (limited by DRAM size) Page Table per process VA PA 4KB 4KB 4KB 4KB System software handles “page fault” 4

  5. Background: Page Fault • Page fault: access to a page that is • Unmapped • Invalid • Wrong access rights • Exception is generated → Run page fault handler • Page fault handler = Operating system (untrusted)

  6. Controlled Side Channels • OS can monitor enclaves access pattern at the granularity of page • After enclave start, remove access from all process pages (mark page not present) • Access will cause a page fault • Upon receiving a fault, the handler: if (secret = 1) • Logs the requested page access page A • Enables access to the page else access page B • Removes access to the previous page Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems; Xu et al. S&P’15

  7. Microscope Overview

  8. Motivation: Leakage over side channels Attacker: Victim: for .. if ( secret ) t1 = time() use resource use resource else t2 = time() don’t use resource • Need repeated measurements to be confident à Denoise • However, many applications run only once à Attacker gets 1 measurement • Can attackers really extract secrets?

  9. Overview: Microarchitectural Replay Attacks • Attacker leverages speculative execution } • To repeatedly replay a snippet of victim code Primitive to denoise arbitrary • That runs only once side channels Victim : Memory operation that will cause ld addr // “replay handle” a squash and re-execute … ld secret // secret the attacker tries to leak

  10. Contribution: Microarchitectural Replay Attacks Time Issue Replay Long Latency ld addr: Handle Event

  11. Contribution: Microarchitectural Replay Attacks Time Issue Replay Long Latency Event ld addr: Handle Speculative ld secret: Execution of Secret

  12. Contribution: Microarchitectural Replay Attacks Time Issue Replay Squash Clear Long Latency Event ld addr: Handle Event State ld secret: Speculative Execution of Secret Squash

  13. Contribution: Microarchitectural Replay Attacks Issue Replay Squash Clear Long Latency Event ld addr: Handle Event State ld secret: Speculative Execution of Secret Squash Replay!! Cause Shared Resource Contention & Monitor

  14. Strengths • Opens large new attack surface (for noisy side channels) • Exploits vulnerabilities of correct speculation • Dynamic instructions can be replayed through controlled squashes • Different from Spectre/Meltdown that exploits incorrect speculation • Demonstrate attacks on notoriously noisy side channels • Make impractical attacks possible

  15. Weaknesses • Is it really practical? • Attacker side: • Malicious OS • Control TLB/page mapping • Victim side: • The replay handler and the transmitter need to be in the ROB simultaneously • The replay handler and the transmitter needs to access different pages

  16. Page Tables Background Virtual Address 47 … 39 38 … 30 29 … 21 20 … 12 11 … 0 Virtual address 9-bits 9-bits 9-bits 9-bits Page Offset + pgd _t CR3 + pud_t + pmd_t + pte_t TLB Entry PGD PUD PMD PTE • Page tables stored in memory • On a TLB Miss à “ page walk ” = memory accesses • Each step of page walk = cache hit/miss. • Page walk cache (PWC): hardware cache of translations • If Present bit in pte_t is cleared à Page Fault, invoke OS

  17. Attack Examples Victim Code Loop Victim Code: 1. for i in ... 1. //public address 2. handle(pub_addrA); 2. handle(pub_addr); 3. ... 3. ... 4. transmit(secret[i]); 4. transmit(secret); 5. ... 5. ... 6. memOp(pub_addrB); 7. ...

  18. Terminology Victim Code Replay handle: • Load to a public address (known to OS) 1. //public address 2. handle(pub_addr); 3. ... 4. transmit(secret); 5. ... Transmitter: • Any instruction(s) whose execution reveals secret through some side channel • Occurs < ROB length from Replay Handle

  19. Timeline of a MicroScope Attack - Setup Attack Setup Time Attacker Victim

  20. Timeline of a MicroScope Attack - Setup Clear PTE Present Bit of Replay Handle Attack Setup Time Attacker Victim

  21. Timeline of a MicroScope Attack - Setup Clear PTE Flush Replay Handle Present Bit of Replay Handle Page Table Entries Attack Setup Time Attacker Victim

  22. Timeline of a MicroScope Attack - Setup Clear PTE Flush Replay Handle Flush Replay Handle Present Bit of Replay Handle Page Table Entries TLB Entry Attack Setup Time Attacker Victim

  23. Timeline of a MicroScope Attack Attack Setup Time Issue Replay handle(pub_addr): Handle Attacker Victim

  24. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB handle(pub_addr): Handle Miss Attacker Victim

  25. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB L2 TLB handle(pub_addr): Handle Miss Miss Speculative Execution transmit(secret): of Transmitter Attacker Victim

  26. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB L2 TLB PWC handle(pub_addr): Handle Miss Miss Miss Speculative Execution of transmit(secret): Transmitter Attacker Victim

  27. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Speculative Execution of Transmitter transmit(secret): Attacker Victim

  28. Timeline of a MicroScope Attack Tune speculative execution duration with: Attack Cache Hit or Miss Setup Time Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Speculative Execution of Transmitter transmit(secret): Attacker Victim

  29. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Speculative Execution of Transmitter transmit(secret): Attacker Victim

  30. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Speculative Execution of Transmitter Squash transmit(secret): Attacker Victim

  31. Timeline of a MicroScope Attack Attack Setup Time Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Attacker Victim

  32. Timeline of a MicroScope Attack Page Fault Attack Handler Setup Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Attacker Victim

  33. Timeline of a MicroScope Attack Page Fault Flush Replay Handle Attack Handler Page Table Entries Setup Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Attacker Victim

  34. Timeline of a MicroScope Attack Attack Setup Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Replay!! Attacker Victim

  35. Timeline of a MicroScope Attack Attack Setup Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Attacker Victim

  36. Timeline of a MicroScope Attack Attack Setup Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Attacker Victim

  37. Timeline of a MicroScope Attack Attack Setup Issue Replay L1 TLB L2 TLB PWC PGD PUD PMD PTE Page OS handle(pub_addr): Handle Miss Miss Miss Walk Walk Walk Walk Fault Invocation Speculative Execution of Transmitter Squash transmit(secret): Replay!! Cause Shared Resource Contention & Monitor Attacker Victim Attacker Monitor/Contention thread

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Microarchitectural Attacks and Heterogenous Cloud Computing By Daniel Moghimi PhD Candidate

Microarchitectural Attacks and Heterogenous Cloud Computing By Daniel Moghimi PhD Candidate

Microarchitectural Attacks and Heterogenous Cloud Computing By Daniel Moghimi PhD Candidate Worcester Polytechnic Institute (WPI) @danielmgmi Outline Data Dependency SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks

663 views • 28 slides
NFC Payments: The Art of Relay &amp; Replay Attacks Who are we? Troopers 2018? NFC

NFC Payments: The Art of Relay &amp; Replay Attacks Who are we? Troopers 2018? NFC

NFC Payments: The Art of Relay &amp; Replay Attacks Who are we? Troopers 2018? NFC Replay/Relay @Netxing @L_AGalloway Content Terminology Replay Attack Intro to NFC Relay Attack EMV Flow Process Extracting

1.09k views • 65 slides
A Flight Data Recorder for Enabling Full-system Multiprocessor Deterministic Replay M. Xu

A Flight Data Recorder for Enabling Full-system Multiprocessor Deterministic Replay M. Xu

A Flight Data Recorder for Enabling Full-system Multiprocessor Deterministic Replay M. Xu et al., ISCA 03 Slides by Bin Xin for CS590F Spring 2007 Overview Faithful replay of execution essential for debugging Non-determinism

343 views • 23 slides
Microarchitectural Attacks: Protecting Cloud Accelerators By Ahmad Daniel Moghimi PhD

Microarchitectural Attacks: Protecting Cloud Accelerators By Ahmad Daniel Moghimi PhD

Microarchitectural Attacks: Protecting Cloud Accelerators By Ahmad Daniel Moghimi PhD Candidate Worcester Polytechnic Institute (WPI) @danielmgmi OUTLINE Summary of Recent Contributions: Microarchiture MemJam Intel SGX

950 views • 52 slides
Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography

Microarchitectural Attacks in the Cloud Thomas Eisenbarth 07.11.2017 Workshop on Cryptography for the Internet of Things and Cloud Ruhr-Universitt Bochum Outline Cloud and Cryptography Co-Location in the Cloud Cache Attacks in the

2.23k views • 37 slides
NFC Payments: The Art of Relay &amp; Replay Attacks Who am I? Security Researcher

NFC Payments: The Art of Relay &amp; Replay Attacks Who am I? Security Researcher

NFC Payments: The Art of Relay &amp; Replay Attacks Who am I? Security Researcher Samsung Pay Exploiting Mag-stripe info with Bluetooth audio Co-founder of Women in Tech Fund @Netxing (WomenInTechFund.org) Content

1.07k views • 73 slides
A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara

A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara

ASIAN07 A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara Bodei 2 , Pierpaolo Degano 2 , Hanne Riis Nielson 1 Informatics and Mathematics Modelling, Technical University of Denmark 1 Dipartimento di

435 views • 20 slides
ReVirt Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap

ReVirt Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap

ReVirt Enabling Intrusion Analysis through Virtual Machine Logging and Replay George Dunlap Samuel Talmadge King Sukru Cinar Murtaza Basrai Peter M. Chen University of Michigan Introduction: Security

530 views • 34 slides
Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University

Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University

SpectreGuard: An Efficient Data-centric Defense Mechanism against Spectre Attacks Jacob Fustos, Farzad Farshchi, Heechul Yun University of Kansas 1 Speculative Execution Attacks Attacks exploiting microarchitectural side-effects of

499 views • 21 slides
Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS

Yasser F. O. Mohammad 2010.2.23 REMINDER 1: Active Attacks Masquerade Modification Replay DoS REMINDER 2: Security Services in X.800 Authentication 1. Pear entity authentication Data origin authentication Access Control 2.

618 views • 13 slides
Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with

Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with

Do you have to reproduce the bug on the first replay attempt? PRES: Probabilistic Replay with Execution Sketching on Multiprocessors Soyeon Park , Yuanyuan Zhou University of California, San Diego Weiwei Xiong, Zuoning Yin, Rini Kaushik, Kyu H.

749 views • 29 slides
Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi

Remote Timing Attacks on TPMs, AKA TPM-Fail Daniel Moghimi About Me Daniel Moghimi @danielmgmi https://moghimi.org Security Researcher PhD Candidate @ WPI Microarchitectural Attacks Side Channels Breaking Crypto

1.2k views • 71 slides
www.m-shot.com Biological microscope Introcuction Biological microscope ML31 is a high quality

www.m-shot.com Biological microscope Introcuction Biological microscope ML31 is a high quality

www.m-shot.com Biological microscope Introcuction Biological microscope ML31 is a high quality compound biological microscope equipment with infinity optical system and LED light. It is idea for laboratory microscopy purpose of biological tissue

459 views • 9 slides
June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs June 5, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

716 views • 33 slides
November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs November 13, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

436 views • 28 slides
February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the

The Commonwealth of Massachusetts Bond Financing Programs February 7, 2020 Commonwealth Credit Review Replay Information Please note that a replay of the investor broadcast associated with the following slides is available. The replay can be

854 views • 34 slides
Configuring and Benchmarking Open vSwitch, DPDK and vhost-user Pei Zhang ( )

Configuring and Benchmarking Open vSwitch, DPDK and vhost-user Pei Zhang ( )

Configuring and Benchmarking Open vSwitch, DPDK and vhost-user Pei Zhang ( ) pezhang@redhat.com October 26, 2017 Agenda 1. Background 2. Configure Open vSwitch, DPDK and vhost-user 3. Improve network performance 4. Show results

382 views • 25 slides
Polarization Mode Dispersion and Its Mitigation Techniques in High Speed Fiber Optical

Polarization Mode Dispersion and Its Mitigation Techniques in High Speed Fiber Optical

Polarization Mode Dispersion and Its Mitigation Techniques in High Speed Fiber Optical Communication Systems Chongjin Xie Bell Labs, Lucent Technologies 791 Holmdel-Keyport Road, Holmdel, NJ 07733 WOCC2005, April 22, 2005, Newark, NJ

558 views • 32 slides
Phylink and SFP: Going Beyond 1G Copper Andrew Lunn andrew@lunn.ch LPC 2018 Purpose of this

Phylink and SFP: Going Beyond 1G Copper Andrew Lunn andrew@lunn.ch LPC 2018 Purpose of this

Phylink and SFP: Going Beyond 1G Copper Andrew Lunn andrew@lunn.ch LPC 2018 Purpose of this Talk To raise awareness of MAC driver writers of the Phylink and SFP subsystems, and what problems they solve. Anybody writing a MAC driver for

492 views • 21 slides
Elastic Cuckoo Page Tables: Rethinking Virtual Memory Translation for Parallelism Dimitrios

Elastic Cuckoo Page Tables: Rethinking Virtual Memory Translation for Parallelism Dimitrios

Elastic Cuckoo Page Tables: Rethinking Virtual Memory Translation for Parallelism Dimitrios Skarlatos , Apostolos Kokolis, Tianyin Xu, Josep Torrellas University of Illinois at Urbana-Champaign skarlat2.web.engr.illinois.edu ASPLOS 2020 Virtual

1k views • 71 slides
Informa(on Model for Wavelength Switched Op(cal Networks (WSON)

Informa(on Model for Wavelength Switched Op(cal Networks (WSON)

Informa(on Model for Wavelength Switched Op(cal Networks (WSON) with Op(cal Impairments Valida(on. dra$-mar'nelli-ccamp-wson-iv-info-01 Giovanni

359 views • 15 slides
Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Autom atic code

Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Autom atic code

Chair of Softw are Engineering Software Engineering Prof. Dr. Bertrand Meyer March 2007 June 2007 Autom atic code inspection Automation of code reviewing Possible bugs Code convention violations Dead code Duplicated code Suboptimal

227 views • 12 slides
Webinar: Attachment 7 Refresh Workgroup Update September 24, 2019 AGENDA Time Topic Presenter

Webinar: Attachment 7 Refresh Workgroup Update September 24, 2019 AGENDA Time Topic Presenter

Webinar: Attachment 7 Refresh Workgroup Update September 24, 2019 AGENDA Time Topic Presenter 10:00-10:05 Welcome and Introductions Thai Review Timeline Workgroup Participants Role and Responsibilities Thai 10:05-10:20 Overview of

401 views • 10 slides
Performance Measurement &amp; Data Committee August 13, 2018 Meeting Agenda 10:30 10:40

Performance Measurement &amp; Data Committee August 13, 2018 Meeting Agenda 10:30 10:40

The Accountable Community of Health for King County Performance Measurement &amp; Data Committee August 13, 2018 Meeting Agenda 10:30 10:40 Welcome and Introductions Mattie Osborn, Amerigroup 10:40 10:55 HealthierHere Update Thuy

443 views • 25 slides

More recommend