Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution •...
Transcript of Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution •...
![Page 1: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/1.jpg)
Micro-architecture Attacks
Chengyu Song
Slides modified fromNael B. Abu-Ghazaleh and Daniel Gruss
1
![Page 2: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/2.jpg)
Micro-architecture• Architecture: hardware features that are exposed to software via Instruction
Sect Architecture (ISA)
• Micro-architecture: hardware features that are "transparent" to software
2
![Page 3: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/3.jpg)
Architecture States• What are architecture states?
3
![Page 4: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/4.jpg)
Architecture States• What are architecture states?
• Registers
• General registers
• Configuration registers
• Page tables
• Memory (both virtual and physical)
• Devices
4
![Page 5: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/5.jpg)
Micro-architecture States• What are micro-architecture states?
5
![Page 6: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/6.jpg)
Micro-architecture States• What are micro-architecture states?
• Execution Units
• TLB (translation lookahead buffer)
• Caches
• Predictors
• Re-ordering buffer
• Load/Store/Line-Fill Buffers
6
![Page 7: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/7.jpg)
Review: address translation
7
![Page 8: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/8.jpg)
Review: memory access
8
![Page 9: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/9.jpg)
Review: security guarantees from hardware• Privilege separation
• Privileged instructions
• Privileged registers/configurations
• Memory isolation
• Kernel / userspace isolation
• Virtual address space isolation
• Virtual machine / host isolation
• Trusted execution environment (SGX, TrustZone)
9
![Page 10: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/10.jpg)
Micro-architecture attacks• Breaking the isolation boundaries
• How?
• Through side-channels
10
![Page 11: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/11.jpg)
Review: side-channels• What are side-channels?
11
![Page 12: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/12.jpg)
Review: side-channels• What are side-channels?
• Types of side-channels?
12
![Page 13: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/13.jpg)
Review: side-channels• What are side-channels?
• Types of side-channels?
• Timing , access pattern, power consumption, electromagnetic, acoustic,
etc.
13
![Page 14: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/14.jpg)
Review: timing side-channel
14
![Page 15: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/15.jpg)
Micro-architecture timing side-channels• What can cause timing differences?
15
![Page 16: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/16.jpg)
Micro-architecture timing side-channels• What can cause timing differences?
• Caches: data/instruction caches, TLB, predictors
• Execution unit: different instructions take different time to finish
• Contention: competing -> waiting
16
![Page 17: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/17.jpg)
The Era of micro-architecture attacks
17
![Page 18: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/18.jpg)
General steps1. Access the secret
2. Leak the secret
18
![Page 19: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/19.jpg)
Flush + Reload
19
![Page 20: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/20.jpg)
Flush + Reload
20
![Page 21: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/21.jpg)
Flush + Reload
21
![Page 22: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/22.jpg)
Prime + Probe
22
![Page 23: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/23.jpg)
Prime + Probe
23
![Page 24: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/24.jpg)
Prime + Probe
24
![Page 25: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/25.jpg)
Challenges• How to get high resolution timer?
• How to find the secret data?
• L1: VIVT or VIPT
• L2/L3: PIPT
• L3 (LLC): shared/not shared, inclusive/non-inclusive
25
![Page 26: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/26.jpg)
Other side-channels• In TLB or not
• In BTB (branch target buffer) or not
• Execution Unit / Port Contention
• Path length
26
![Page 27: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/27.jpg)
General steps1. Access the secret
2. Leak the secret
27
![Page 28: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/28.jpg)
How to access the data• Talk to (invoke) the victim
• What if the victim will not access the secret?
• Force it to access (by manipulate predictors) -> Spectre-style attacks
• Just access it (and handle exception) -> Meltdown-style attacks
28
![Page 29: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/29.jpg)
Out-of-order execution• Idea: don't stall the pipeline, exploit instruction level
• Schedule/issue an instruction as soon as dependencies are "ready"
• Challenge: what if there're branches?
• Conditional: which branch to take?
• Indirect: what's the target?
29
![Page 30: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/30.jpg)
Speculative execution• Idea: let's just guess
• Direction prediction: pattern history table (PHT)
• Target prediction: branch target buffer (BTB), return stack buffer (RSB)
• More than just branch
• The most important technique for high-performance processors
30
![Page 31: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/31.jpg)
Spectre attacks• Q: what happens when the processor mispredict?
• A: it will squash the speculatively executed instructions
• No architecture side-effects
• However, it will leave micro-architecture side-effects!
• Idea: use micro-architecture side-channel to extract the side-effects (secret)
31
![Page 32: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/32.jpg)
Spectre v1if (x < array1_size) { // array1[x] is the secret value // it won't be accessible at architecture level secret = array1[x]; // however, we can leak it through another layer of indirection // 4096 is page size, used to denoise cache side-channel y = array2[secret * 4096];
32
![Page 33: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/33.jpg)
Spectre family attacks
33
![Page 34: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/34.jpg)
Meltdown attacks• Q: what if an instruction triggers an exception?
• Most ISA guarantees precise exception
• Out of order instructions will be squashed -> no architecture changes
• However, it will also leave micro-architecture side-effects!
• Idea: use micro-architecture side-channel to extract the side-effects (secret)
34
![Page 35: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/35.jpg)
Meltdown-U/Sxor rax, raxretry:mov al, byte [rcx] ; rcx = kernel address, will cause page faultshl rax, 0xc ; << 12 == * 4096jz retry mov rbx, qword [rbx + rax] ; leak, rbx = probe array
35
![Page 36: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/36.jpg)
Meltdown family attacks
36
![Page 37: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/37.jpg)
Defenses
37
![Page 38: Nael B. Abu-Ghazaleh and D aniel Gruss Slides …csong/cs255/l/uarch.pdfOut-of-order execution • Idea: don't stall the pipeline, exploit instruction level • Schedule/issue an instruction](https://reader036.fdocuments.us/reader036/viewer/2022081407/5f1e125c36c6c1176854c925/html5/thumbnails/38.jpg)
Performance of defenses
38