SPECTRES, VIRTUAL GHOSTS, AND HARDWARE SUPPORT Xiaowan Dong - - PowerPoint PPT Presentation

spectres
SMART_READER_LITE
LIVE PREVIEW

SPECTRES, VIRTUAL GHOSTS, AND HARDWARE SUPPORT Xiaowan Dong - - PowerPoint PPT Presentation

Jul 31, 2023 501 likes •848 views

SPECTRES, VIRTUAL GHOSTS, AND HARDWARE SUPPORT Xiaowan Dong University of Rochester Zhuojia Shen University of Rochester John Criswell University of Rochester

slide-1
SLIDE 1

SPECTRES, VIRTUAL GHOSTS, AND HARDWARE SUPPORT

Xiaowan Dong University of Rochester Zhuojia Shen University of Rochester John Criswell University of Rochester Alan Cox Rice University Sandhya Dwarkadas University of Rochester

slide-2
SLIDE 2

Goal

Analyze the impact of speculation side channel mitigation on mechanisms that protect user data from compromised OS kernels.

2

slide-3
SLIDE 3

SPECTRES: SPECULATION SIDE CHANNELS

3

slide-4
SLIDE 4

Speculation Side Channels: Spectre and Meltdown

  • Speculative execution exacerbates

side channels

  • Confidential data is speculatively

read and exposed via cache side channels

  • Example of Spectre

if (x < array1_size) y = array2[array1[x] * 256];

4

slide-5
SLIDE 5

VIRTUAL GHOST:

PROTECTING APPLICATION DATA FROM COMPROMISED OS KERNELS

5

slide-6
SLIDE 6

Virtual Ghost

  • A compiler-based approach to protect application data from OS kernels by
  • Instrumenting every kernel load and store: Software Fault Isolation (SFI)
  • Requiring the OS kernel to invoke SVA-OS to
  • Manipulate program state (context switch)
  • Configure hardware state (MMU)

6

SVA-OS Processor OS Kernel

slide-7
SLIDE 7

Virtual Address Space of Virtual Ghost

  • Protected memory regions include
  • Secure user space
  • Protected from the OS kernel
  • Virtual Ghost space
  • Saves virtual ghost VM internal data structures

7

User Space Secure User Space Virtual Ghost Space Kernel Space

Virtual address space

slide-8
SLIDE 8

Virtual Ghost Instrumentation (SFI)

  • SFI on Virtual Ghost could be

vulnerable to bounds check bypass

  • A compromised kernel speculatively

reads data before the check completes

  • Example of SFI

If ((addr < SECURE_MEM_START) OR (addr > SECURE_MEM_END)) access_memory(addr);

8

Goal: Defend against bounds check bypass (Spectre variant 1) directly launched by the kernel on secure user and virtual ghost space

slide-9
SLIDE 9

THREE MITIGATIONS

9

slide-10
SLIDE 10

Three mitigations

  • Bit-Masking SFI
  • MPX SFI with lfence
  • Separate address spaces

10

slide-11
SLIDE 11

Bit-Masking SFI

  • Check whether a pointer points to

protected memory regions

  • Move it into the kernel region if so
  • Cmp and sete instructions
  • Results in a data dependence

between the SFI code and the memory load

  • Intel does not support value

speculation Check must complete before memory load is performed

User Space Secure User Space Virtual Ghost VM Memory Kernel Space

11

Addr

mov POINTER_ADDR_HIGH_ORDER_BITS, %R1 cmp PROT_MEM_HIGH_ORDER_BITS, %R1 sete %R2 sign-extend and left shift %R2

  • r POINTER_ADDR, %R2

mov (%R2), %R1

slide-12
SLIDE 12

Three mitigations

  • Bit-Masking SFI
  • MPX SFI with lfence
  • Separate address spaces

12

slide-13
SLIDE 13

MPX SFI

  • Intel MPX is a hardware mechanism designed for efficient bounds checking
  • Limitation: MPX only supports checks against one memory region at a time
  • Solution: Make the kernel- and user-space appear contiguous [1]
  • Subtract the start address of secure user space from the pointer address

13

264-1

User Space Secure User Space Virtual Ghost Space Kernel Space User Space Secure User Space Virtual Ghost Space Kernel Space

264-1 (264-1) - gstart

[1] Xiaowan Dong, Zhuojia Shen, John Criswell, Alan Cox, and Sandhya Dwarkadas. Shielding Software From Privileged Side- Channel Attacks. To appear in the 27th USENIX Security Symposium, 2018.

slide-14
SLIDE 14

Handling Speculation: MPX SFI with lfence

mov %R1, %R2 sub GHOST_MEM_START_ADDR, %R2 bndcl %R2, %bnd0 lfence mov (%R1), %R1

  • Problem: Intel speculatively executes the

instructions following bounds check

  • Assumes the bounds check will pass
  • Solution: Insert an lfence instruction

between the bounds check and the memory load

  • Introduce pipeline stalls

All subsequent instructions are stalled until the bounds check commits

14

slide-15
SLIDE 15

Comparing The Two Approaches

Bit-Masking SFI

  • Only introduces data dependence
  • Other instructions can proceed

Bounds_check(addr) Access(addr) Instr1 Instr2

MPX SFI with lfence

  • Stalls the pipeline completely
  • More expensive than Bit-Masking SFI

Bounds_check(addr) lfence Access(addr) Instr1 Instr2

15

Data Dependence

slide-16
SLIDE 16

Three mitigations

  • Bit-Masking SFI
  • MPX SFI with lfence
  • Separate address spaces

16

slide-17
SLIDE 17

Separate Address Spaces

17

User Space Secure User Space Virtual Ghost Space Virtual Ghost VM Trampolines Kernel Space Virtual Ghost and application root-level page table pages Virtual address space Kernel root-level page table page User Space Secure User Space Virtual Ghost Space Virtual Ghost VM Trampolines Kernel Space User Space Virtual Ghost VM Trampolines Kernel Space

slide-18
SLIDE 18

Separate Address Spaces

  • Challenges: Address space switch can be frequent and expensive
  • Each kernel invocation of SVA-OS incurs two address space switches
  • Kernel-AddrSpace

VirtualGhost-AddrSpace

  • Address space switch incurs execution of serializing instructions
  • Updating the CR3 register with the page table base address

18

slide-19
SLIDE 19

Comparing The Three Approaches

Bit-Masking SFI

  • Instruments every

load and store

  • Introduces data

dependence MPX SFI with lfence

  • Instruments every

load and store

  • lfence incurs pipeline

stall

19

Separate Address Spaces

  • Address space switch is

very expensive

  • Kernel

Virtual Ghost can be frequent

slide-20
SLIDE 20

EVALUATION

20

slide-21
SLIDE 21

Methodology

  • Experiment environment
  • 3.4GHz Intel i7-6700 hyperthreading quad-core processor
  • 16 GB RAM
  • 256 GB SSD
  • FreeBSD 9.0 ported to Virtual Ghost

21

slide-22
SLIDE 22

Benchmarks

  • Basic OS operation Benchmarks
  • LMBench
  • Null syscall, open/close, mmap, page fault, fork, fork + exec
  • Applications
  • FreeBSD 9.0 C library compilation
  • SSHD
  • On an isolated Gigabit Ethernet network
  • Use scp to transfer files from the OpenSSH server to the client

22

slide-23
SLIDE 23

LMBench Results

23

The best performance lfence is very expensive The best performance

slide-24
SLIDE 24

Libc Compilation Results

24

slide-25
SLIDE 25

SSHD FileTransfer Rates

25

SSH Server File Transfer Bandwidth

slide-26
SLIDE 26

SSHD File Transfer Rates

26

SSH Server File Transfer Bandwidth

slide-27
SLIDE 27

SSHD File Transfer Rates

27

SSH Server File Transfer Bandwidth

slide-28
SLIDE 28

SSHD File Transfer Rates

28

SSH Server File Transfer Bandwidth

slide-29
SLIDE 29
  • MPX-SFI without lfence is faster than bit-masking SFI
  • Can we eliminate the use of lfence on MPX-SFI?

29

slide-30
SLIDE 30

Enhanced MPX SFI

  • We propose two architectural

improvements to MPX

  • Add a data dependence between

bounds check and memory load

  • Eliminate lfence
  • Set a flag in a register if the address

is out-of-bounds and check the flag later

  • Support checks against multiple bounds
  • Reduce register pressure
  • alleviate pointer arithmetic

bndcl MULTI_BOUNDS, %R1 /* cmp is used to emulate new bndcl */ sete %R2 sign-extend %R2

  • r %R2, %R1

mov (%R1), %R1

30

slide-31
SLIDE 31

Results

31

LMBench Libc Compilation

The enhanced MPX-SFI does not outperform Bit-masking SFI

slide-32
SLIDE 32

SSHD Results

32

The enhanced MPX-SFI does not outperform Bit-masking SFI

slide-33
SLIDE 33

Conclusion

  • Bit-Masking SFI usually achieves the best performance
  • Separate address spaces can incur frequent and expensive address

space switch

  • MPX-SFI with lfence performs the worst
  • With enhancements, MPX SFI does not outperform Bit-Masking SFI

33