S C I E N C E P A S S I O N T E C H N O L O G Y

u www.iaik.tugraz.at

DRAMA:Exploiting DRAM Addressing for Cross-CPU Attacks

Usenix Security 2016, August 11

Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan MangardIAIK, Graz University of Technology, Austria

2Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

3Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Setting – Cloud Servers

Multi-CPU (multi-socket) systems

Multiple tenants separate VMs

dedicated CPUs no shared cache

No shared memory no cross-VM memory deduplication

Previously slow covert channel (< 1 kbps)

no side channel

4Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Overview

Cross-CPU attacks using DRAM addressing (DRAMA) fast covert channel (up to 2 Mbps)

first side-channel attack

Reverse-engineered DRAM addressing two approaches

Improving existing attacks

5Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

DRAM Organization

Hierarchy of

CPUs

CPU 2 MC

MCCPU 1

Inte

rco

nn

ect

DRAM Bus

DRAM Bus

6Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

DRAM Organization

Hierarchy of

CPUs

Channels

DIMMsChannel B

Channel A

CPU MC

DIMM

DIMM DIMM

DIMM

7Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Bank 1Bank 2

Bank 8....

DRAM Organization

Hierarchy of

CPUs

Channels

DIMMs

Ranks

Banks

8Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

DRAM Banks

Memory array rows of columns

Row Buffer buffers one entire row (8 KB)

Row 1Row 2

Row NRow Buffer

9Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

The Row Buffer

Behavior similar to a cache row hits fast access

row conflicts slow access

10Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Reverse Engineeringof DRAM Addressing

11Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Reverse-Engineering DRAM Addressing

Mapping to banks using physical-address bits

„Complex“ addressing functions distribute traffic to channels/banks

undisclosed (Intel)

Two approaches to reverse engineer

Presumption: linear functions (XORs)

12Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Approach 1: Probing the Memory Bus

Probing of control signals CS, BA, …

measure voltage with Osci.

recover logic value

Repeated access to address until value is determined

Function reconstruction linear algebra over bits

13Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Approach 2: Fully Automated SW-based

Exploit timing differences

Measuring phase build sets of same-bank addresses

alternating access to two addresses measure avg. access time

Reconstruction phase exhaustive search over linear functions with up to n set coefficients

Total time: seconds

14Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Comparison

Probing recover function labels

find a ground truth

equipment and access to internals of machine

SW-based fully automated

ability to run remotely, sandboxed, and on mobile devices

15Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Some Results - Desktop

...678911 1012131416171819202122...

BA0BA1

Rank

Ch.

15

BA2

Intel Haswell (desktop system) – DDR3

16Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Some Results – Server System

...678911 1012131416171819202122...

Rank

BG0

BG1BA0

Ch.

15

BA1

23242526

CPU

Dual-CPU Intel Haswell-EP – DDR4

17Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Some Results – Mobile

Samsung Exynos 7420 (Galaxy S6) – LPDDR4

...678911 1012131416171819202122...

RankBA0BA1

Ch.

15

BA2

18Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Cross-CPU Attacks…and how it continues with Romeo and Juliet

19Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

High-speed covert channel

20Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Concept

Occupy different rows in the same bank

Sender send 1: continuously access row

send 0: don‘t do anything

Receiver access row and measure avg. time

infer sent bits based on time

SenderSender

Row Buffer

ReceiverReceiverReceiver

21Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Implementation

Each bank is a channel use up to 8 banks in parallel

multithreading

Performance: desktop: 2.1 Mbps

multi-CPU server: 1.2 Mbps

Intel Haswell (desktop system)

22Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Performance Comparison

Performance Cross-CPU No Shared Memory

Ours 2.1 Mbps

Prime+Probe [2] 536 Kbps

Flush+Reload [2] 2.3 Mbps

Flush+Flush [2] 3.8 Mbps

Memory Bus Contention [3] 746 bps

Deduplication [4] 90 bps

23Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Low-noise side-channel attack

24Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Row Buffer

VictimVictim

Spy

VictimVictim

SpySpy

Spying on Memory Accesses

Memory in the same row/bank row size 8 KB / page size 4 KB

Spy activates conflict row

Victim computes and possibly accesses shared row

Spy accesses shared row fast row hit victim access

25Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Example

Keystrokes in Firefox address bar

26Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Implementation

high spatial accuracy (down to 512 B)

very low number of false positives monitor single events

Finding addresses: template attack [1] automatic location of vulnerable addresses

scan large fraction of memory (4 KB pages)

27Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Countermeasures to DRAMA

Restrictions of rdtsc

clflush

Multi-CPU: separating DRAM for tenants only access to CPU-local memory

degradation into single-CPU system

Detection via high number of cache misses / row conflicts

28Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Improving Attacks - Rowhammer

Rowhammer inducing bit flips in DRAM

by quickly switching rows

requires addressing functions

First documented bit flips on DDR4 Jan. 2016

29Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

The End… of Romeo and Juliet

30Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Source code for reverse-engineering tool and side-channel attack at

https://github.com/IAIK/drama

31Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

S C I E N C E P A S S I O N T E C H N O L O G Y

u www.iaik.tugraz.at

DRAMA:Exploiting DRAM Addressing for Cross-CPU Attacks

Usenix Security 2016, August 11

Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan MangardIAIK, Graz University of Technology, Austria

32Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11

www.iaik.tugraz.at

Bibliography

[1] Gruss, Spreitzer, Mangard. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In Usenix Security 2015

[2] Gruss, Maurice, Wagner, Mangard. Flush+Flush: A Fast and Stealthy Cache Attack. In DIMVA’16

[3] Wu, Xu, Wang. Whispers in the Hyper-space: High-bandwidth and Reliable Covert Channel Attacks Inside the Cloud. In Usenix Security 2012

[4] Xiao, Xu, Huang, Wang. Security implications of memory deduplication in a virtualized environment. In DSN‘13