New Models for Understanding and Reasoning about Speculative Execution Attacks (original) (raw)
Related papers
Spectre Attacks: Exploiting Speculative Execution
Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access to the victim's memory and registers, and can perform operations with measurable side effects. Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim's process. More broadly, the paper shows that speculative execution implementations violate the security assumptions underpinning numerous software security mechanisms, including operating system process separation, static analysis, containerization, just-in-time (JIT) compilation, and countermeasures to cache timing/side-channel attacks. These attacks represent a serious threat to actual systems, since vulnerable speculative execution capabilities are found in microprocessors from Intel, AMD, and ARM that are used in billions of devices. While makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs as well as updates to instruction set architectures (ISAs) to give hardware architects and software developers a common understanding as to what computation state CPU implementations are (and are not) permitted to leak. * After reporting the results here, we were informed that our work partly overlaps the results of independent work done at Google's Project Zero.
Speculose: Analyzing the Security Implications of Speculative Execution in CPUs
Cornell University - arXiv, 2018
Whenever modern CPUs encounter a conditional branch for which the condition cannot be evaluated yet, they predict the likely branch target and speculatively execute code. Such pipelining is key to optimizing runtime performance and is incorporated in CPUs for more than 15 years. In this paper, to the best of our knowledge, we are the first to study the inner workings and the security implications of such speculative execution. We revisit the assumption that speculatively executed code leaves no traces in case it is not committed. We reveal several measurable side effects that allow adversaries to enumerate mapped memory pages and to read arbitrary memory-all using only speculated code that was never fully executed. To demonstrate the practicality of such attacks, we show how a user-space adversary can probe for kernel pages to reliably break kernel-level ASLR in Linux in under three seconds and reduce the Windows 10 KASLR entropy by 18 bits in less than a second. Disclaimer: This work on speculative execution was conducted independently from other research groups and was submitted to IEEE S&P '17 in October 2017. Any techniques and experiments presented in this paper predate the public disclosure of attacks that became known as Meltdown [25] and Spectre [22] and that were released begin-January 2018. This observation, however, leads us to discover a severe side channel that allows one to distinguish between mapped
SoK: Hardware Defenses Against Speculative Execution Attacks
2021 International Symposium on Secure and Private Execution Environment Design (SEED), 2021
Speculative execution attacks leverage the speculative and out-of-order execution features in modern computer processors to access secret data or execute code that should not be executed. Secret information can then be leaked through a covert channel. While software patches can be installed for mitigation on existing hardware, these solutions can incur big performance overhead. Hardware mitigation is being studied extensively by the computer architecture community. It has the benefit of preserving software compatibility and the potential for much smaller performance overhead than software solutions. This paper presents a systematization of the hardware defenses against speculative execution attacks that have been proposed. We show that speculative execution attacks consist of 6 critical attack steps. We propose defense strategies, each of which prevents a critical attack step from happening, thus preventing the attack from succeeding. We then summarize 20 hardware defenses and overhead-reducing features that have been proposed. We show that each defense proposed can be classified under one of our defense strategies, which also explains why it can thwart the attack from succeeding. We discuss the scope of the defenses, their performance overhead, and the security-performance trade-offs that can be made.
Isolating Speculative Data to Prevent Transient Execution Attacks
IEEE Computer Architecture Letters, 2019
Hardware security has recently re-surfaced as a first-order concern to the confidentiality protections of computing systems. Meltdown and Spectre introduced a new class of exploits which leverage transient state as an attack surface and have revealed fundamental security vulnerabilities of speculative execution in high-performance processors. These attacks derive benefit from the fact that, during speculative execution, programs may execute instructions outside their legal control flows. This insight is then utilized for gaining access to restricted data and exfiltrating it by means of a covert channel. This study presents a microarchitectural mitigation technique for shielding transient state from covert channels during speculative execution. Unlike prior work that has focused on closing individual covert channels used to leak sensitive information, this approach prevents the use of speculative data by downstream instructions until doing so is determined to be safe. This eliminates transient execution attacks at a cost of 18% average performance degradation.
DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors
2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), 2018
Software side channel attacks have become a serious concern with the recent rash of attacks on speculative processor architectures. Most attacks that have been demonstrated exploit the cache tag state as their exfiltration channel. While many existing defense mechanisms that can be implemented solely in software have been proposed, these mechanisms appear to patch specific attacks, and can be circumvented. In this paper, we propose minimal modifications to hardware to defend against a broad class of attacks, including those based on speculation, with the goal of eliminating the entire attack surface associated with the cache state covert channel. We propose DAWG, Dynamically Allocated Way Guard, a generic mechanism for secure way partitioning of set associative structures including memory caches. DAWG endows a set associative structure with a notion of protection domains to provide strong isolation. When applied to a cache, unlike existing quality of service mechanisms such as Intel's Cache Allocation Technology (CAT), DAWG fully isolates hits, misses, and metadata updates across protection domains. We describe how DAWG can be implemented on a processor with minimal modifications to modern operating systems. We describe a noninterference property that is orthogonal to speculative execution and therefore argue that existing attacks such as Spectre Variant 1 and 2 will not work on a system equipped with DAWG. Finally, we evaluate the performance impact of DAWG on the cache subsystem.
On the Spectre and Meltdown Processor Security Vulnerabilities
IEEE Micro, 2019
This paper first reviews the Spectre and Meltdown processor security vulnerabilities that were revealed during January-October 2018 and that allow the extraction of protected information from billions of processors in large and small systems. It then discusses short-term mitigation actions and speculates on the longer term implications to computer software and hardware. This paper expands from a keynote/ panel by the authors at IEEE Hot Chips 2018. & SECURITY AND PRIVACY are more important than ever. Substantial personal, business, and governmental information is stored online. Systems are interconnected across the world. State actors and cybercriminals are using increasingly sophisticated methods. The attack surface is constantly growing due to ever more complex software, complex hardware, executing untrusted downloaded code, and cloud cotenancy. While many attacks continue to focus on software vulnerabilities, the increased targeting of hardware vulnerabilities-such as Spectre variants 1,2 (including Meltdown 3) described hereinare of great concern because they can be widely available (e.g., across operating systems) and because hardware may take months, or even years, to replace or patch, even after a fix is found. Moreover, Spectre variants cast concern regarding the half-century-old industry definition of computer hardware correctness. Further, strategic industry goals, including accelerators and vector instructions, necessary for scaling performance, are likely to provide new exploitable scope.
Mitigating Risk of Spectre and Meltdown Vulnerabilities
Speculative execution (Spectre) and Meltdown is a chip attempting to predict the future in order to improve the system performance which involves multiple logical branches, it will start working out the math for all those branches before the program even has to decide between them. Normally, it works together with caching which is to speed up the memory access by filled with the data that will need some and often the output of the speculative execution is stored here. The speculative execution and caching in the operating system improve the overall system and operating system performance through the prediction of data or resources to be used and cache memory is for quick access of data or resources. The problem arises where this function could allow potential attackers to get access to data they should not have access by exploiting the Spectre attacks and Meltdown. Spectre attacks and meltdown open up the possibilities for dangerous attacks which involved the breach of security and confidentiality of the user. Various techniques and patches have been introduced to mitigating the Spectre attack and meltdown. In this paper, we present the view various variants of attack from the speculative execution with its mitigation techniques.
Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract
2020
Today’s kernels pay a performance penalty for mitigations— such as KPTI, retpoline, return stack stuffing, speculation barriers—to protect against transient execution side-channel attacks such as Meltdown [21] and Spectre [16]. To address this performance penalty, this paper articulates the unmapped speculation contract, an observation that memory that isn’t mapped in a page table cannot be leaked through transient execution. To demonstrate the value of this contract, the paper presents WARD, a new kernel design that maintains a separate kernel page table for every process. This page table contains mappings for kernel memory that is safe to expose to that process. Because a process doesn’t map data of other processes, this design allows for many system calls to execute without any mitigation overhead. When a process needs access to sensitive data, WARD switches to a kernel page table that provides access to all of memory and executes with all mitigations. An evaluation of the WARD d...
Electronics
Spectre and Meltdown attacks in modern microprocessors represent a new class of attacks that have been difficult to deal with. They underline vulnerabilities in hardware design that have been going unnoticed for years. This shows the weakness of the state-of-the-art verification process and design practices. These attacks are OS-independent, and they do not exploit any software vulnerabilities. Moreover, they violate all security assumptions ensured by standard security procedures, (e.g., address space isolation), and, as a result, every security mechanism built upon these guarantees. These vulnerabilities allow the attacker to retrieve leaked data without accessing the secret directly. Indeed, they make use of covert channels, which are mechanisms of hidden communication that convey sensitive information without any visible information flow between the malicious party and the victim. The root cause of this type of side-channel attacks lies within the speculative and out-of-order ex...
From STEM to SEAD: Speculative Execution for Automated Defense
Most computer defense systems crash the process that they protect as part of their response to an attack. Although recent research explores the feasibility of selfhealing to automatically recover from an attack, selfhealing faces some obstacles before it can protect legacy applications and COTS (Commercial Off-The-Shelf) software. Besides the practical issue of not modifying source code, self-healing must know both when to engage and how to guide a repair.