transient side channels
play

Transient Side Channels Mengjia Yan Fall 2020 Based on slides from - PowerPoint PPT Presentation

Nov 17, 2022 •285 likes •561 views

Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder 1 st paper review due midnight on 09/27 (before the next lecture) You will receive an invitation from HotCRP

  1. Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

  2. Reminder • 1 st paper review due midnight on 09/27 (before the next lecture) • You will receive an invitation from HotCRP • https://mit-6888-fa20.hotcrp.com/ 6.888 L6-Transient Side Channels 2

  3. Micro-architecture Side Channels secret-dependent execution A Channel (a micro-architecture structure) Victim Attacker X {Cache, DRAM, TLB, NoC, etc.} {Transient, Non-transient} Kiriansky et al. DAWG: a defense against cache timing attacks in speculative execution processors. MICRO’18 6.888 L6-Transient Side Channels 3

  4. Recap: 5-stage Pipeline 0x4 Add we rs1 rs2 rd1 we PC addr ws IR addr rdata ALU wdrd2 rdata GPRs Data Inst. Memory Memory Imm wdata Ext Write-Back Execute Memory Decode, Reg. Fetch I-Fetch (WB) (EX) (MA) (ID) (IF) 6.888 L6-Transient Side Channels 4

  5. 5-stage Pipeline 0x4 Add we rs1 rs2 rd1 we addr PC ws IR addr rdata ALU wdrd2 rdata GPRs Data Inst. Memory Imm Memory wdata Ext I-Fetch Write-Back Decode, Reg. Fetch Execute Memory (IF) (WB) (EX) (ID) (MA) • In-order execution: • Execute instructions according to the program order time t0 t1 t2 t3 t4 t5 t6 t7 . . . . instruction1 IF 1 ID 1 EX 1 MA 1 WB 1 instruction2 IF 2 ID 2 EX 2 MA 2 WB 2 instruction3 IF 3 ID 3 EX 3 MA 3 WB 3 instruction4 IF 4 ID 4 EX 4 MA 4 WB 4 instruction5 IF 5 ID 5 EX 5 MA 5 WB 5 6.888 L6-Transient Side Channels 5

  6. Data Hazard and Control Hazard time t0 t1 t2 t3 t4 t5 t6 t7 . . . . Loop: …… LD(R1, 0, R2) IF 1 ID 1 EX 1 MA 1 WB 1 ADD(R2, 10, R3) IF 2 ID 2 EX 2 MA 2 WB 2 BNE(R3, Loop) IF 3 ID 3 EX 3 MA 3 WB 3 …… 6.888 L6-Transient Side Channels 6

  7. Resolving Hazards • Stall or Bypass time t0 t1 t2 t3 t4 t5 t6 t7 . . . . Loop: …… LD(R1, 1, R2) IF 1 ID 1 EX 1 MA 1 WB 1 ADD(R2, 10, R3) IF 2 ID 2 EX 2 MA 2 WB 2 BNE(R3, Loop) IF 3 ID 3 EX 3 MA 3 WB 3 …… • Speculation (e.g., branch predictor) • Guess a value and continue executing anyway • When actual value is available, two cases • Guessed correctly à do nothing • Guessed incorrectly à restart with correct value (roll back) 6.888 L6-Transient Side Channels 7

  8. Branch Predictor • Predict Taken/Not taken • Not taken: PC+4 • Taken: need to know target address • Predict target address • Branch target buffer (BTB) • Map <current PC, target PC> • Use history information to setup the predictor 6.888 L6-Transient Side Channels 8

  9. Complex In-order Pipeline ALU Mem IF ID Issue WB Fadd GPRs FPRs Fmul Fdiv • Need complex bypass/stall/kill paths • In real systems, EX/MA can take multiple cycles 6.888 L6-Transient Side Channels 9

  10. Out-of-order Execution • When the pipeline is stalled, find something else to do • When we do out-of-order execution, we are speculating that previous instructions do not cause exception • If instruction n is speculative instruction, instruction n+i is also speculative time t0 t1 t2 t3 t4 t5 t6 t7 ALU Mem IF ID Issue WB LD(R1, 1, R2) IF 1 ID 1 EX 1 MA 1 MA 1 MA 1 MA 1 WB 1 Fadd GPRs ADD( R3 , 10, R4) IF 2 ID 2 EX 2 MA 2 WB 2 FPRs Fmul SUB(R4, 10, R5) IF 3 ID 3 EX 3 MA 3 WB 3 …… Fdiv 6.888 L6-Transient Side Channels 10

  11. Speculative & Out-of-Order Execution Update predictors Branch kill Resolution Branch kill kill Prediction kill Out-of-Order In-Order Decode & Reorder Buffer Commit PC Fetch Rename (ROB) (head of ROB) In-Order Physical Reg. File Physical Reg. File Dispatch logic: Detect data dependency, FALU …… issue instructions to execute ALU MEM Execute 11

  12. Terminology A speculative instruction may squash. When executed, can change uArch state • A Transient instruction will squash, i.e., will not commit. A Non-Transient instruction will not squash, i.e., will eventually retire. That is, transient instructions are unreachable on a non-speculative microarchitecture. 6.888 L6-Transient Side Channels 12

  13. General Attack Schema Attacker Victim Access secret recv() transmit (secret) Channel • The difference between transient and non-transient side channels • Whether the secret access or transmitter execution is transient 6.888 L6-Transient Side Channels 13

  14. Meltdown & Spectre

  15. Kernel/User Pages Virtual memory 0x00000000 • In x86, a process’s virtual address space Kernel pages includes kernel pages, but kernel pages are only accessible in kernel mode • For performance purpose • Avoids switching page tables on context switches • What will happen if accessing kernel User pages addresses in user mode? • Protection fault 6.888 L6-Transient Side Channels 15 0xffffffff

  16. Meltdown Exception handling is deferred when the instruction reaches the head of ROB. • Problem: Speculative instructions can change uArch state, e.g., cache • Attack procedure 1. Setup: Attacker allocates probe_array , with 256 cache lines. Flushes all its cache lines ROB head 2. Transmit: Attacker executes …… LD2 LD1 … … Ld1: uint8_t byte = *kernel_address; Ld2: unit8_t dummy = probe_array[byte*64]; 3. Receive: After handling protection fault, attacker performs cache side channel attack to figure out which line of probe_array is accessed à recovers byte 6.888 L6-Transient Side Channels 16

  17. Meltdown Type Attacks • Can be used to read arbitrary memory • Leaks across privilege levels • OS ßà Application • SGX ßà Application (e.g., Foreshadow) • Etc • Mitigations: • Stall speculation • Register poisoning • We generally consider it as a design bug 6.888 L6-Transient Side Channels 17

  18. Spectre Variant 1 – Exploit Branch Condition Always malicious? • Consider the following kernel code, e.g., in a system call No. It may be a benign misprediction. We do not consider Spectre as a bug. Br: if (x < size_array1) { ROB head Ld1: secret = array1[x]*64 Ld2: y = array2[secret] LD2 LD1 Br … … } Attacker to read arbitrary memory: 1. Setup: Train branch predictor 2. Transmit: Trigger branch misprediction; &array1[x] maps to some desired kernel address 3. Receive: Attacker probes cache to infer which line of array2 was fetched 6.888 L6-Transient Side Channels 18

  19. Spectre Variant 2 – Exploit Branch Target • Most BTBs store partial tags and targets… • <last n bits of current PC, target PC> BTB predicts … Ld1, Ld2 oxfff110 Br: if (…) { Branch target … } buffer (BTB) … oxfff234 Ld1: secret = array1[x]*4096 Fetch …… Ld2: y = array2[secret] Train BTB properly à Execute arbitrary gadgets speculatively 6.888 L6-Transient Side Channels 19

  20. General Attack Schema Attacker Victim Access secret recv() transmit (secret) Channel • Traditional (non-transient) attacks Hard to fix • Data-dependent program behavior • Transient attacks “Easy” to fix • Meltdown = transient execution + deferred exception handling • Spectre = transient execution on wrong paths Hard to fix 6.888 L6-Transient Side Channels 20

  21. Takeaways Transient execution attacks use (not “are”) side/covert channels. “Spectre” (wrong-path execution) is fundamental . Speculation/prediction is not perfect. “Meltdown” (deferred exceptions) is not fundamental . 6.888 L6-Transient Side Channels 21

  22. Transient v.s. Non-transient

  23. Classification recv() Access secret transmit (secret) Channel {Transient, Non-transient} secret x {Transient, Non-transient} transmitter Secret accessed Transmitter Classification Non-transient Non-transient Traditional side channels Transient Non-transient Not possible on today’s machines? Non-transient Transient Spectre Transient Transient Spectre 23

  24. Non-transient secret + Non-transient transmitter What can leak? A subset of committed architectural state, at each point in the program’s dynamic execution. secret <- load(0x5) secret <- load(0x5) secret <- load(0x5) if (false) secret <- secret + 1 Dummy<- load( secret ) Dummy<-load( secret ) secret -> store(0x5) secret does not leak secret leaks secret does not leak (assume ‘+’ data independent) 6.888 L6-Transient Side Channels 24

  25. Non-transient secret + {Transient, Non-transient} transmitter secret <- load(0x5) secret <- load(0x5) secret <- load(0x5) secret <- secret + 1 Dummy<- load( secret ) if (false) secret -> store(0x5) Dummy<-load( secret ) Non-transient secret + Non-transient transmitter: secret leaks secret does not leak secret does not leak = = Non-transient secret + Transient secret : secret leaks (!) secret does not leak secret leaks 6.888 L6-Transient Side Channels 25

  26. Leakage Summary {Transient, Non-transient} secret x {Transient, Non-transient} transmitter All of program memory Transient + Transient Non-transient + Transient Non-transient + Non-transient (Larger?) Subset of committed Subset of committed arch state. arch state Depends on what speculation. 6.888 L6-Transient Side Channels 26

  27. Next Lecture: Tiwari et al. Complete information flow tracking from the gates up. ASPLOS. 2009.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab Assignment Handout on course website Each (regular) student will receive an email Solo or 2-person group Individual GitHub repo

1.24k views • 102 slides
Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab

Non-transient Side Channels Mengjia Yan Fall 2020 6.888 L5-Non-transient Side Channels 1 Lab Assignment Handout on course website Each (regular) student will receive an email Solo or 2-person group Individual GitHub repo

978 views • 42 slides
Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer Security Transient execution and kernel isolation: Meltdown Day 11: Side Channels and Transient Execution Stephen McCamant Transient execution and kernel

496 views • 4 slides
Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher

Transient Side Channels Mengjia Yan Fall 2020 Based on slides from Christopher W. Fletcher Reminder 1 st paper review due midnight on 09/27 (before the next lecture) You will receive an invitation from HotCRP

1.46k views • 78 slides
Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems

Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems

Side Channels Covert Channels References Side Channels and Covert Channels Daniel Bosk Department of Information and Communication Systems (ICS), Mid Sweden University, Sundsvall. 1st May 2017 Daniel Bosk MIUN ICS Side Channels and Covert

689 views • 32 slides
Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni

Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni

Screaming Ch Channels When Electromagnetic Side Channels Meet Radio Transceivers Giovanni Camurati, Sebastian Poeplau, Marius Muench, Tom Hayes, Aurlien Francillon Whats this all about? - A nov novel attack ex exploiting g EM side

886 views • 77 slides
Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that

Covert and Side Channels Robert Brotzman-Smith Covert Channels Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy US DoD 1985 Basically a

1.04k views • 67 slides
Outline Transient execution covert channels (contd) OS trust and assurance CSci 5271

Outline Transient execution covert channels (contd) OS trust and assurance CSci 5271

Outline Transient execution covert channels (contd) OS trust and assurance CSci 5271 Introduction to Computer Security Announcements intermission Transient Execution, OS Assurance, and Networks Brief introduction to networking Stephen

554 views • 7 slides
Palomar Transient Factory and the Search for Progenitors Channels of SNe Ia Peter Nugent, Chris

Palomar Transient Factory and the Search for Progenitors Channels of SNe Ia Peter Nugent, Chris

Palomar Transient Factory and the Search for Progenitors Channels of SNe Ia Peter Nugent, Chris Frohmaier &amp; Mark Sullivan Motivation SNe govern the heavy element production of the Universe and cycle matter in galaxies. - A SN rate provides

463 views • 27 slides
FUCHSIA: Data-Driven Debugging for Functional Side Channels Saeid Tizpaz-Niari* , Pavol Cerny,

FUCHSIA: Data-Driven Debugging for Functional Side Channels Saeid Tizpaz-Niari* , Pavol Cerny,

FUCHSIA: Data-Driven Debugging for Functional Side Channels Saeid Tizpaz-Niari* , Pavol Cerny, Ashutosh Trivedi *University of Colorado Boulder Functional Case Motivation Side Channels Studies Functional Case Motivation Side Channels

366 views • 24 slides
Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel

Side Channels CS 161: Computer Security Prof. David Wagner April 23, 2013 UI Side Channel Snooping Scenario: Ann the Attacker works in a building across the street from Victor the Victim. Late one night Ann can see Victor hard at work in

727 views • 44 slides
CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia

CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia

CSE 127: I ntroduction to Security Lecture 16: Side Channels and Constant-Time Code Nadia Heninger and Deian Stefan UCSD Fall 2019 Some material from Dan Boneh, Stefan Savage Reminder: Side-channel attacks You saw before how timing

1.37k views • 81 slides
Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon,

Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon,

Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar Michael K. Reiter Co-residency side-channel attacks in clouds Stealing secrets (e.g., keys) VM VM VM Machine Machine Many

1.03k views • 69 slides
Loose Ends: Side Channels, Government Surveillance &amp; Targeted

Loose Ends: Side Channels, Government Surveillance &amp; Targeted

CSE 484 / CSE M 584: Computer Security and Privacy Loose Ends: Side Channels, Government Surveillance &amp; Targeted Attacks Spring 2015 Franziska

622 views • 27 slides
Off-Path Round Trip Time Measurement via TCP/IP Side Channels Geoffrey Alexander and Jedidiah R.

Off-Path Round Trip Time Measurement via TCP/IP Side Channels Geoffrey Alexander and Jedidiah R.

Off-Path Round Trip Time Measurement via TCP/IP Side Channels Geoffrey Alexander and Jedidiah R. Crandall University of New Mexico, USA How do you measure something? Interact directly T ake samples Multiple tests 2 Problem How

533 views • 26 slides
Isolation and side-channels Nadia Heninger and Deian Stefan Some slides adopted from John

Isolation and side-channels Nadia Heninger and Deian Stefan Some slides adopted from John

CSE 127: Computer Security Isolation and side-channels Nadia Heninger and Deian Stefan Some slides adopted from John Mitchell, Dan Boneh, and Stefan Savage Today Lecture objectives: Understand basic principles for building secure systems

1.08k views • 78 slides
Power Analysis on NTRU Prime Wei-Lun Huang, Jiun-Peng Chen, Bo-Yin Yang Academia Sinica, Taiwan

Power Analysis on NTRU Prime Wei-Lun Huang, Jiun-Peng Chen, Bo-Yin Yang Academia Sinica, Taiwan

Power Analysis on NTRU Prime Wei-Lun Huang, Jiun-Peng Chen, Bo-Yin Yang Academia Sinica, Taiwan CHES 2020 1 Topics NTRU Prime A Brief Preview Correlation Power Analysis: vertical vs. horizontal in-depth Online Template

1.38k views • 50 slides
Security AutoSecure Router HardeningAutomagically The process of turning off unnecessary

Security AutoSecure Router HardeningAutomagically The process of turning off unnecessary

Security AutoSecure Router HardeningAutomagically The process of turning off unnecessary services is called hardening a router to prevent attacks or exploits. The basic steps of router hardening are: 1) Administratively shut down

102 views • 8 slides
Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 6 has been released

Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 6 has been released

Principles of Software Construction: Objects, Design, and Concurrency DevOps Charlie Garrod Chris Timperley 17-214 1 Administrivia Homework 6 has been released Sequential implementation due by Tuesday, Nov. 26 Parallel

597 views • 47 slides
Upgrade to MongoDB 4.0 Antonios Giannopoulos DBA @ Rackspace/ObjectRocket

Upgrade to MongoDB 4.0 Antonios Giannopoulos DBA @ Rackspace/ObjectRocket

Upgrade to MongoDB 4.0 Antonios Giannopoulos DBA @ Rackspace/ObjectRocket linkedin.com/in/antonis/ 1 Introduction Antonios Giannopoulos www.objectrocket.com 2 Overview Upgrade Procedure Application Layer Middleware

750 views • 60 slides
How to implement continuous delivery and testing Tamas Csako November 2019 1 TAMAS CSAKO,

How to implement continuous delivery and testing Tamas Csako November 2019 1 TAMAS CSAKO,

How to implement continuous delivery and testing Tamas Csako November 2019 1 TAMAS CSAKO, PH.D. Senior Software Testing Manager Head of Cloud &amp; DevTestSecOps Practice EPAM Hungary 10+ years experience in IT 6+ years experience

166 views • 15 slides
Dynamic Vertical Memory Scalability for OpenJDK Cloud Applications Rodrigo Bruno , Paulo Ferreira

Dynamic Vertical Memory Scalability for OpenJDK Cloud Applications Rodrigo Bruno , Paulo Ferreira

Dynamic Vertical Memory Scalability for OpenJDK Cloud Applications Rodrigo Bruno , Paulo Ferreira : INESC-ID / Instituto Superior Tcnico, University of Lisbon Ruslan Synytsky, Tetiana Fydorenchyk : Jelastic Jia Rao : The University of Texas at

1.02k views • 44 slides
Application of AIRS v5.0 Averaging Kernels Eric Maddy, Chris Barnet, Murty Divakarla, Jennifer

Application of AIRS v5.0 Averaging Kernels Eric Maddy, Chris Barnet, Murty Divakarla, Jennifer

Application of AIRS v5.0 Averaging Kernels Eric Maddy, Chris Barnet, Murty Divakarla, Jennifer Wei, Antonia Gambacorta, Mitch Goldberg 10/6/06 AIRS Science Team Meeting Greenbelt, MD 1 Outline Provide an overview of v5.0 averaging

419 views • 24 slides
Network Services, over Slic liced Programmable In Infrastructures Prof. Panagiotis Demestichas

Network Services, over Slic liced Programmable In Infrastructures Prof. Panagiotis Demestichas

Framework for the Desig ign, , Development and Orchestration of 5G-ready Appli lications and Network Services, over Slic liced Programmable In Infrastructures Prof. Panagiotis Demestichas Dr. Andreas Georgakopoulos 5G Summit,

768 views • 9 slides

More recommend