process isolation vms and side channel
play

Process isolation, VMs and side channel Deian Stefan Slides - PowerPoint PPT Presentation

Jan 04, 2023 •165 likes •681 views

CSE 127: Computer Security Process isolation, VMs and side channel Deian Stefan Slides adopted from Stefan Savage Process Isolation Process boundary is a trust boundary Any inter-process interface is part of the attack surface How

  1. CSE 127: Computer Security Process isolation, VMs and side channel Deian Stefan Slides adopted from Stefan Savage

  2. Process Isolation • Process boundary is a trust boundary ➤ Any inter-process interface is part of the attack surface • How are individual processes isolated from each other? ➤ Each process gets its own virtual address space, managed by the operating system

  3. Process Isolation • Process boundary is a trust boundary ➤ Any inter-process interface is part of the attack surface • How are individual processes isolated from each other? ➤ Each process gets its own virtual address space, managed by the operating system

  4. Virtual Memory • Memory addresses used by processes are virtual addresses • Who maps VAs to PAs? ➤ The operating system + MMU https://en.wikipedia.org/wiki/Virtual_memory#/media/File:Virtual_memory.svg

  5. How do we get isolation? Virtualized view of memory with limited visibility/ access to the underlying memory space

  6. How do we translate VAs? • Using 64-bit ARM architecture as an example… • How to practically map arbitrary 64bit addresses? ➤ 64 bits * 2 64 (128 exabytes) to store any possible mapping

  7. Address Translation 00…00 FF…FF … … … … … • Page: basic unit of translation ➤ Usually 4KB • How many page mappings? ➤ 52 bits * 2 52 (208 petabytes)

  8. Address Translation 00…00 FF…FF … … … … … • Page: basic unit of translation ➤ Usually 4KB • How many page mappings? ➤ 52 bits * 2 52 (208 petabytes)

  9. So what do we actually do? 00…00 FF…FF … … … … … 00 01 FF 00 01 FF 00 01 FF Multi-level Page Tables 00 01 FF 00 01 FF ➤ Sparse tree of page mappings 00 01 FF 00 01 FF ➤ Use VA as path through tree 00 01 FF ➤ Leaf nodes store PAs ➤ Where is the root kept?

  10. What are the nodes of the trees? • Page tables! ➤ Data structures used to store address mapping • Each table (node) is: ➤ Array of translation descriptors ➤ What’s the size of a page table?

  11. How do we use these tables? • Organized into a tree of descriptors ➤ Iteratively resolve n bits of address at a time ➤ Each descriptor is either ➤ Page descriptor (leaf node)

  12. How do we use these tables? • Organized into a tree of descriptors ➤ Iteratively resolve n bits of address at a time ➤ Each descriptor is either ➤ Page descriptor (leaf node) ➤ Table descriptor (internal node)

  13. Page table walk 4KB … 64 bits 512 (2 9 ) entries … … Invalid Descriptor … … Table Descriptor address of next-level table Page Descriptor address of page … … … Translation Table Base Register 63..48 11..0 47 11

  14. Page table walk 4KB … 64 bits 512 (2 9 ) entries … … Invalid Descriptor … … Table Descriptor address of next-level table Page Descriptor address of page … … … Level 0 Translation Table Base Register 9 63..48 47..39 11..0 47 11

  15. Page table walk 4KB … 64 bits 512 (2 9 ) entries … … Invalid Descriptor … … Table Descriptor address of next-level table Page Descriptor address of page … … Level 1 … Level 0 Translation Table Base Register 9 9 63..48 47..39 38..30 11..0 47 11

  16. Page table walk 4KB … 64 bits 512 (2 9 ) entries … … Invalid Descriptor … … Level 2 Table Descriptor address of next-level table Page Descriptor address of page … … Level 1 … Level 0 Translation Table Base Register 9 9 9 63..48 47..39 38..30 29..21 11..0 47 11

  17. Page table walk 4KB … 64 bits 512 (2 9 ) entries Level 3 … … Invalid Descriptor … … Level 2 Table Descriptor address of next-level table Page Descriptor address of page … … Level 1 … Level 0 Translation Table Base Register 9 9 9 9 63..48 47..39 38..30 29..21 20..12 11..0 47 11

  18. When do we do translation? • Every memory access a process performs goes through address translation ➤ Load, store, instruction fetch ➤ Why is this necessary?

  19. When do we do translation? • Every memory access a process performs goes through address translation ➤ Load, store, instruction fetch ➤ Why is this necessary? • Who does the translation?

  20. When do we do translation? • Every memory access a process performs goes through address translation ➤ Load, store, instruction fetch ➤ Why is this necessary? • Who does the translation? ➤ MMU

  21. When do we do translation? • Every memory access a process performs goes through address translation ➤ Load, store, instruction fetch ➤ Why is this necessary? • Who does the translation? ➤ MMU

  22. Translation Lookaside Buffer (TLB) • Small cache of recently translated addresses ➤ Before translating a referenced address, the processor checks the TLB • What does the TLB give us? ➤ Physical page corresponding to virtual page 
 (or that page isn’t present) ➤ If page mapping allows the mode of access 
 (access control)

  23. Translation Lookaside Buffer (TLB) • Small cache of recently translated addresses ➤ Before translating a referenced address, the processor checks the TLB • What does the TLB give us? ➤ Physical page corresponding to virtual page 
 (or that page isn’t present) ➤ If page mapping allows the mode of access 
 (access control)

  24. Access Control • Not everything within a processes’ virtual address space is equally accessible • Page descriptors contain additional access control information ➤ Read, Write, eXecute permissions ➤ Who sets these bits?

  25. How do we get process isolation? • Each process gets its own tree ➤ When you context switch: need to change root ➤ What do you do about TLB? ➤ Most often you flush ➤ Don’t need to flush if HW has process-context identifiers (PCIDs)

  26. How do we get process isolation? • Each process gets its own tree ➤ When you context switch: need to change root ➤ What do you do about TLB? ➤ Most often you flush ➤ Don’t need to flush if HW has process-context identifiers (PCIDs)

  27. Beyond process isolation • Kernel’s virtual memory space is mapped into every process, but made inaccessible in usermode high address ➤ Why? kernel • What happens on sys call? process low address ➤ Translation Table Base Register updated • Do all processes share kernel?

  28. Kernel security • Threat model: ➤ Confidentiality and integrity of kernel memory and control flow must be protected from compromise by usermode processes ➤ All usermode processes are untrusted and potentially malicious • Operating model: ➤ Usermode processes make frequent calls into the kernel, with data passing back and forth

  29. Meltdown broke this, so we have: https://en.wikipedia.org/wiki/Kernel_page-table_isolation#/media/File:Kernel_page-table_isolation.svg

  30. Beyond process isolation: VMs • VM: the hardware running the OS is virtualized ➤ Each OS is oblivious to this happening (mostly) ➤ Hypervisor implements VM environment and provides isolation between VMs ➤ Are processes within guest OS still isolated?

  31. 
 
 
 
 
 
 How does address translation work? • Multiple stages of address translation to support virtualization ➤ Hardware support for this (extended/nestate page tables) 
 Virtual Virtual Address Address 1 1 Intermediate Physical Physical Address Address 2 Physical Address

  32. VM security • Details vary a lot between processor architectures and operating system kernels ➤ Even within an architectural family, details may vary a lot between specific processors ➤ Even within an operating system, details may vary a lot between specific kernel versions

  33. How can we break isolation?

  34. Cache side channels

  35. Cache • Main memory is huge… but slow • Processors try to “cache” recently used memory in faster, but smaller capacity, memory cells closer to the actual processing core

  36. Cache hierarchy • Caches are such a great idea, let’s have caches for caches! • The close to the core, the: ➤ Faster ➤ Smaller https://en.wikipedia.org/wiki/Cache_hierarchy

  37. How is the cache organized? • Cache line: unit of granularity ➤ E.g., 64 bytes • Cache lines grouped into sets ➤ Each memory address is mapped 
 to a set of cache lines • What happens when we have collisions? ➤ Evict! https://en.wikipedia.org/wiki/CPU_cache

  38. How is the cache organized? • Cache line: unit of granularity ➤ E.g., 64 bytes • Cache lines grouped into sets ➤ Each memory address is mapped 
 to a set of cache lines • What happens when we have collisions? ➤ Evict! https://en.wikipedia.org/wiki/CPU_cache

  39. Cache side channel attacks • Cache is a shared system resource ➤ Not isolated by process, VM, or privilege level ➤ “Just a performance optimization” • Can we abuse this shared resource to learn information about another process, VM, etc.?

  40. Thread model • Attacker and victim are isolated (e.g., processes) but on the same physical system • Attacker is able to invoke (directly or indirectly) functionality exposed by the victim ➤ What’s an example of this? • Attacker should not be able to infer anything about the contents of victim memory

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert

CaSym: Cache Aware Symbolic Execution for Side Channel Detection and Mitigation Robert Brotzman, Shen Liu, Danfeng Zhang, Gang Tan, Mahmut Kandemir Pennsylvania State University Cache Side Channels Process Data CPU Cache Program Side

390 views • 20 slides
+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel

+ Side Channel and Covert Channel A1acks on Microkernel Architectures WAMOS 2015 Advanced Opera3ng Systems Hochschule RheinMain Alexander Baumgrtner and

539 views • 25 slides
FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware

FIDES: Lightweight Authentication Cipher with Side-Channel Resistance for Constrained Hardware Begl Bilgin, Andrey Bogdanov, Miroslav Kne evi , Florian Mendel, and Qingju Wang 1 DIAC 2013, Chicago Side Channel Resistance 2 Side

1.29k views • 76 slides
Reducing Social Isolation and Loneliness by enabling and empowering people with dementia ntia

Reducing Social Isolation and Loneliness by enabling and empowering people with dementia ntia

Exploring opportunities Building communities Changing lives Side by Side Reducing Social Isolation and Loneliness by enabling and empowering people with dementia ntia Side by Side 2 Reducing Social Isolation and Loneliness by enabling and

494 views • 10 slides
Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel

Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel

Method Taking into Account Process Dispersion to Detect Hardware Trojan Horse by Side-Channel X. Ngo, Z. Najm, S. Guilley, S. Bhasin, J.-L.Danger PROOFS14, Busan, South Korea Introduction to HTH and its detection Proposed HTH Detection

429 views • 27 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel

The Curse of Class Imbalance and Conflicting Metrics with Machine Learning for Side-channel Evaluations Stjepan Picek, Annelie Heuser, Alan Jovic, Shivam Bhasin, and Francesco Regazzoni Big Picture side-channel measurements device classifier

822 views • 33 slides
Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X.

Side-Channel Cryptanalysis Models and Dependencies New Generic Test Experiments Conclusions Generic Side-Channel Distinguishers: Improvements and Limitations N. Veyrat-Charvillon and F-X. Standaert UCL Crypto Group, Universit e catholique

355 views • 24 slides
SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna

SIDE-CHANNEL ATTACKS ON HARDWARE IMPLEMENTATIONS OF CRYPTOGRAPHIC ALGORITHMS Sddka Berna Ors Yal cn Istanbul Technical University Department of Electronics and Communication Engineering Introduction A side-channel analysis attack

1.81k views • 99 slides
456 457 458 The purpose of shallow trench isolation (STI) is to provide isolation between

456 457 458 The purpose of shallow trench isolation (STI) is to provide isolation between

In this module we would review a typical gate first, poly-Si gate CMOS process flow. 456 457 458 The purpose of shallow trench isolation (STI) is to provide isolation between individual devices in a CMSO chip. Typical process details and the

381 views • 8 slides
Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers

Side-Channel Cryptanalysis Joseph Bonneau Security Group jcb82@cl.cam.ac.uk Rule 0: Attackers will always cheat xkcd #538 What is side channel cryptanalysis? Side Channels: whatever the designers ignored Key Plaintext Encryption Cipher

1.14k views • 112 slides
Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with

Recent advances in side- channel analysis using machine learning techniques Annelie Heuser with Stjepan Picek, Sylvain Guilley, Alan Jovic, Shivam Bhasin, Tania Richmond, Karlo Knezevic In this talk Short recap on side-channel analysis

4.52k views • 56 slides
Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of

Systems Security: Side-channel attacks Stjepan Picek s.picek@tudelft.nl Delft University of Technology, The Netherlands May 6, 2018 Outline 1 Side-channels 2 Implementation Attacks 3 Side-channel Attacks 4 Fault Injection 2 / 48

824 views • 48 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel

The Need for Speed: Applications of HPC in Side Channel Research Dr. M. Elisabeth Oswald Reader, EPSRC Leadership Fellow University of Bristol Roadmap

280 views • 25 slides
A P lanetary Science VO prototype (OV-Paris / Observatoire de Paris) Stphane Erard Pierre Le

A P lanetary Science VO prototype (OV-Paris / Observatoire de Paris) Stphane Erard Pierre Le

A P lanetary Science VO prototype (OV-Paris / Observatoire de Paris) Stphane Erard Pierre Le Sidaner Jrme Berthier Baptiste Cecconi Florence Henry Laurent Lamy Cyril Chauvin Renaud Savale Ivan Zolotukhin Euro-VO forum, Heidelberg

388 views • 36 slides
Multi-scale Statistical Image Models and Denoising Eero P. Simoncelli Center for Neural Science,

Multi-scale Statistical Image Models and Denoising Eero P. Simoncelli Center for Neural Science,

Multi-scale Statistical Image Models and Denoising Eero P. Simoncelli Center for Neural Science, and Courant Institute of Mathematical Sciences New York University http://www.cns.nyu.edu/~eero Multi-scale roots Signal/image Biological

606 views • 34 slides
JEDI Portability Across Platforms Containers, Cloud Computing, and HPC Mark Miesch, Rahul

JEDI Portability Across Platforms Containers, Cloud Computing, and HPC Mark Miesch, Rahul

JEDI Portability Across Platforms Containers, Cloud Computing, and HPC Mark Miesch, Rahul Mahajan, Xin Zhang, David Hahn, Francois Vandenberg, Jim Rosinski, Dan Holdaway, Yannick Tremolet, Maryam Abdioskouei, Steve Herbener, Mark Olah,

302 views • 27 slides
Chapter 2: Celestial Sphere, Seasons, Moon Phases and Eclipses Grab an ABCD page from Reading

Chapter 2: Celestial Sphere, Seasons, Moon Phases and Eclipses Grab an ABCD page from Reading

Chapter 2: Celestial Sphere, Seasons, Moon Phases and Eclipses Grab an ABCD page from Reading Assignment to be completed in Canvas me if you dont have one due on Monday, August 27th A B HW1 posted to website under:

852 views • 62 slides
Isolation and side-channels Nadia Heninger and Deian Stefan Some slides adopted from John

Isolation and side-channels Nadia Heninger and Deian Stefan Some slides adopted from John

CSE 127: Computer Security Isolation and side-channels Nadia Heninger and Deian Stefan Some slides adopted from John Mitchell, Dan Boneh, and Stefan Savage Today Lecture objectives: Understand basic principles for building secure systems

1.08k views • 78 slides
New Directions in V&V Evidence, Arguments, and Automation John Rushby Computer Science

New Directions in V&V Evidence, Arguments, and Automation John Rushby Computer Science

New Directions in V&V Evidence, Arguments, and Automation John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I V&V: Evidence, Arguments, Automation 1 V&V for Fault Management

668 views • 32 slides
Dynamics of Lunar mantle evolution: exploring the role of compositional buoyancy E.M. Parmentier

Dynamics of Lunar mantle evolution: exploring the role of compositional buoyancy E.M. Parmentier

Dynamics of Lunar mantle evolution: exploring the role of compositional buoyancy E.M. Parmentier Brown University September 26, 2018 JAXA/NHK Global scale characteristics of the Moon 1) hemispheric crustal asymmetry a) mare basalt

508 views • 28 slides
From bottom to top: Exploiting hardware side channels in web browsers Cl ementine Maurice,

From bottom to top: Exploiting hardware side channels in web browsers Cl ementine Maurice,

From bottom to top: Exploiting hardware side channels in web browsers Cl ementine Maurice, Graz University of Technology July 4, 2017RMLL, Saint- Etienne, France Rennes Graz Cl ementine Maurice now postdoc at TU Graz, Austria PhD

2.37k views • 178 slides

More recommend