Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Spectre et Meltdown, 15 min pour tout comprendre @DevoxxFR

Spectre et Meltdown, 15 min pour tout comprendre @DevoxxFR

Impossible de l’avoir manqué en ce début d’année 2018, 2 failles de sécurité majeures affectant l’ensemble des CPU ont été découvertes.
Au cours de ce Quickie, je présenterais leur principe, leur origines et les différentes contre-mesures proposées à l’heure actuelle.
Nous aborderons également les exploits possibles et leur impact, ainsi que les attaques de type side-channels, actuellement très en vogue dans le milieu académique et qui ont permis la découverte de Spectre et Meltdown par 4 équipes de recherche, presque simultanément à travers le monde.

Alexis DUQUE

April 19, 2018
Tweet

More Decks by Alexis DUQUE

Other Decks in Technology

Transcript

  1. #DevoxxFR Spectre et Meltdown : 15 min pour tout comprendre

    Alexis DUQUE @alexis0duque
  2. #DevoxxFR ALEXIS DUQUE Embedded Software engineer & R&D leader at

    Rtone PhD Student at CITI Lab, INSA de Lyon @alexis0duque alexisduque [email protected] alexisduque.me https://goo.gl/oNUWu6 About Me 2
  3. None
  4. None
  5. None
  6. None
  7. #DevoxxFR Who? Werner Haas & Thomas Prescher Daniel Gruss, Moritz

    Lipp, Michael Schwarz & Stefan Mangard Daniel Genkin Jann Horn Yuval Yaro Paul Kohcher
  8. #DevoxxFR SPECTRE Variant 1 (CVE-2017-5753) Bounds Check Bypass • Primarily

    affects interpreters/JITs SPECTRE Variant 2 (CVE-2017-5715) Branch Target Injection • Primarily affects kernels/hypervisors MELTDOWN (CVE-2017-5754) Rogue Data Cache Load • Affects kernels and equivalent software Attacks Overviews
  9. #DevoxxFR What is a Side Channel?

  10. None
  11. #DevoxxFR Memory Access Timing L2 LLC Slice 0 L1 Core

    0 L1 Core 1 L2 LLC Slice 1 Core 2 L2 LLC Slice 2 L1 Core 3 L2 LLC Slice 3 L1 Ring Bus RAM
  12. #DevoxxFR Memory Mapping Virtual Memory Process 2 Virtual Memory Process

    1 Physical Memory
  13. #DevoxxFR Kernel Isolation Memory Userspace Applications OS Kernelspace Syscall

  14. #DevoxxFR Out-of-Order Execution, Speculative Execution And Branch Prediction if (foo_array[index1]

    ^ foo_array[index2] == 0) { result = bar_array[100]; } else { result = bar_array[200]; } int index1, index2; char foo_array[FOO_SIZE]; char bar_array[BAR_SIZE]; char result; …… Out-of-Order
  15. #DevoxxFR Conditional Branch: CPU select 1 of 2 choices depending

    on the value of a condition (A > D) Indirect branch: CPU reads a value that tells it where to fetch the next instruction Conditional & Indirect Branch Redirect execution to whatever address at memory location 0x10000c5f0. In this case, it will call the initterm function.
  16. #DevoxxFR Meltdown 16

  17. #DevoxxFR TU Graz result Privilege-checks for memory access are performed

    asynchronously Dependent instructions can execute before execution is aborted! Race condition in the privilege check Straightforward attack: leak cached data Meltdown / Variant 3
  18. #DevoxxFR …. char secret_data = *(char *) 0xffffffff81a000e0; //<- Kernel

    Address char* probe_array = new char[256 * 4096] // ... Make sure probe_array is not cached … char kernel_memory = *(char*)(kernel_address); char secret_data = kernel_memory * 4096; char dummy = probe_array[secret_data * 4096]; // ... catch page fault // ... determine which of 256 slots in probe_array is cached // with flush+reload side channel attack Spectre 1 Meltdown
  19. #DevoxxFR Meltdown Mitigation 19

  20. None
  21. #DevoxxFR Memory Mapping V.Mem. Process 1 (Kernel) V.Mem. Process 1

    (User) Physical Memory System Call
  22. #DevoxxFR Userspace Kernelspace Applications Operating System Memory Userspace Kernelspace Applications

    Kernel View User View Context switch
  23. #DevoxxFR Spectre

  24. #DevoxxFR char* data = "textKEY"; if (index < 4) index

    = 0; LUT[data[index]4096]] 0 Prediction
  25. #DevoxxFR char* data = "textKEY"; if (index < 4) LUT[data[index]4096]]

    0 Prediction Execute index = 0;
  26. #DevoxxFR char* data = "textKEY"; if (index < 4) LUT[data[index]4096]]

    0 Prediction index = 1;
  27. #DevoxxFR char* data = "textKEY"; if (index < 4) LUT[data[index]4096]]

    0 Prediction Speculate index = 1;
  28. #DevoxxFR char* data = "textKEY"; if (index < 4) LUT[data[index]4096]]

    0 Prediction index = 1;
  29. #DevoxxFR char* data = "textKEY"; if (index < 4) LUT[data[index]4096]]

    0 Prediction index = 2;
  30. #DevoxxFR char* data = "textKEY"; if (index < 4) Speculate

    LUT[data[index]4096]] 0 Prediction index = 2;
  31. #DevoxxFR char* data = "textKEY"; if (index < 4) LUT[data[index]4096]]

    0 Prediction index = 2;
  32. #DevoxxFR char* data = "textKEY"; if (index < 4) LUT[data[index]4096]]

    0 Prediction index = 3;
  33. #DevoxxFR char* data = "textKEY"; if (index < 4) Speculate

    LUT[data[index]4096]] 0 Prediction index = 3;
  34. #DevoxxFR char* data = "textKEY"; if (index < 4) LUT[data[index]4096]]

    0 Prediction index = 3;
  35. #DevoxxFR char* data = "textKEY"; if (index < 4) LUT[data[index]4096]]

    0 Prediction index = 4;
  36. #DevoxxFR char* data = "textKEY"; if (index < 4) Speculate

    LUT[data[index]4096]] 0 Prediction index = 4;
  37. #DevoxxFR char* data = "textKEY"; if (index < 4) LUT[data[index]4096]]

    0 Prediction Execute index = 4;
  38. #DevoxxFR char* data = "textKEY"; if (index < 4) LUT[data[index]4096]]

    0 Prediction index = 5;
  39. #DevoxxFR char* data = "textKEY"; if (index < 4) Speculate

    LUT[data[index]4096]] 0 Prediction index = 5;
  40. #DevoxxFR char* data = "textKEY"; if (index < 4) Execute

    LUT[data[index]4096]] 0 Prediction index = 5;
  41. #DevoxxFR 1 if (index < data.length) { 2 index =

    data[index | 0]; 3 index = (((index * TABLE1_STRIDE)|0) & (TABLE1_BYTES-1))|0; 4 localJunk ^= probeTable[index|0]|0; 5 } Spectre 1 4096B = page size Teach JIT that index is in bounds for data[] so it can omit bounds check in next line. Want length uncached for attack passes index will be in-bounds on training passes, and out-of-bounds on attack passes Do the out-of-bounds read on attack passes! This AND keeps the JIT from adding unwanted bounds checks on the next line Leak out-of-bounds read result into cache state! Need to use the result so the operations aren’t optimized JS optimizer trick (make result an int.) Spectre Variante 1
  42. #DevoxxFR Branch predictor state is stored in a Branch Target

    Buffer (BTB) Indexed and tagged by (on Intel Haswell) • partial virtual address • recent branch history fingerprint Branch prediction is expected to sometimes be wrong Spectre 2
  43. #DevoxxFR LUT[data[index]4096]] 0 Prediction hotDrink* h = coffee; h->prepare() infuseTea()

  44. #DevoxxFR Speculate LUT[data[index]4096]] 0 Prediction hotDrink* h = coffee; h->prepare()

    infuseTea()
  45. #DevoxxFR LUT[data[index]4096]] 0 Prediction hotDrink* h = coffee; h->prepare() infuseTea()

    Execute
  46. #DevoxxFR LUT[data[index]4096]] 0 Prediction hotDrink* h = coffee; h->prepare() brewCoffee()

  47. #DevoxxFR LUT[data[index]4096]] 0 Prediction hotDrink* h = coffee; h->prepare() Speculate

    brewCoffee()
  48. #DevoxxFR hotDrink* h = coffee; h->prepare() LUT[data[index]4096]] 0 Prediction brewCoffee()

  49. #DevoxxFR hotDrink* h = tea; h->prepare() LUT[data[index]4096]] 0 Prediction brewCoffee()

  50. #DevoxxFR Speculate LUT[data[index]4096]] 0 Prediction hotDrink* h = tea; h->prepare()

    brewCoffee()
  51. #DevoxxFR LUT[data[index]4096]] 0 Prediction hotDrink* h = tea; h->prepare() brewCoffee()

  52. #DevoxxFR Execute LUT[data[index]4096]] 0 Prediction hotDrink* h = tea; h->prepare()

    brewCoffee()
  53. #DevoxxFR Conclusion

  54. #DevoxxFR Am I Vulnerable ? https://github.com/speed47/spectre-meltdown-checker https://support.microsoft.com/en-us/help/4073119/protect-against- speculative-execution-side-channel-vulnerabilities-in

  55. #DevoxxFR Available Updates Linux, macOS: Meltdown (x64 only), Spectre variant

    1&2 to some degree Windows: Meltdown (x64 only), Spectre variant 1, Spectre variant 2 partially (1/31/18: mitigate Spectre variant 2 for devices with Intel Skylake, Kaby Lake, and Coffee Lake processors ) https://blog.barkly.com/meltdown-spectre-patches-list- windows-update-help
  56. #DevoxxFR Workaround: insert instructions stopping speculation • insert after every

    bounds check • x86: LFENCE, ARM: CSDB • Available on all Intel CPUs, retrotted to existing: ARMv7 and ARMv8 Spectre 1 Mitigations
  57. #DevoxxFR Intel released microcode updates • Indirect Branch Restricted Speculation

    (IBRS) • Indirect Branch Predictor Barrier (IBPB): A compiler extension (software): Retpoline • Always predict to enter an endless loop instead of the correct (or wrong) target function! • Performance? ARM provides hardened Linux kernel Spectre 2 Mitigations
  58. #DevoxxFR Some Thoughts Covert channels in CPUs are useful for

    more than transferring secrets between isolated processes Not all security issues are correctness issues Increasing complexity introduced by Intel to improve performance breaks security assumptions Spectre2 is coming ...
  59. #DevoxxFR References Prior research Y. Yarom, K. Falker, "FLUSH+RELOAD: a

    High Resolution, Low Noise, L3 Cache Side-Channel Attack" D. Evtyushkin, D. Ponomarev, N. Abu-Ghazaleh, "Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR" F. Wilhelm, "PoC for breaking hypervisor ASLR using branch target buffer collisions" Papers, Blogposts on Meltdown & Spectre Spectre: https://spectreattack.com/spectre.pdf Meltdown: https://meltdownattack.com/meltdown.pdf https://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/
  60. #DevoxxFR Merci / Thanks you