Defense against the AnC Attack on BOOM Rui Hou, Xiaoxin Li, Wei Song, Dan Meng

Transcription

1 Defense against the AnC Attack on BOOM Rui Hou, Xiaoxin Li, Wei Song, Dan Meng 单击此处编辑母版标题样式

2 Outline Security vulnerabilities due to resource sharing AnC attack Solution RCL PTE-isolation

3 Security vulnerabilities due to resource sharing Resource sharing is a classic optimization in architecture design Register file On-chip cache SMT Unfortunately, it might cause side-channel information leakage attacks on crypto attacks on SGX and TrustZone attacks on ASLR

4 PTE & Normal data co-location

5 ASLR Cache (AnC) Attack ASLR is Widely deployed to mitigate code reuse attack Choose a different location for code and data every time a process is run. Increasing the exploits difficulty Usually exploits need to know the location of certain data in memory. Exploit writers need to find a bug which leaks addresses without crashing the program. AnC Goal: Breaking ASLR through cache side channel attack Typical attack scenario Running malicious JavaScript in victim s browser by luring the victim into visiting a malicious website Escaping the JavaScript sandbox via a memory corruption vulnerability(e.g. Vtable injection attack via use-after-free ) Since there is no pointer concept in javascript, AnC is used to get the VA of targeted malicious code piece

6 Results: tested Affected m icroarchitectures systems C PU Model Microarchite ctu re Year Intel Xeon E v5 Skylake 2015 Intel Core i7-6700k Skylake 2015 Intel Celeron N2840 Silvermont 2014 Intel Xeon E v2 Ivy Bridge EP 2013 Intel Atom C2750 Silvermont 2013 Intel Core i7-4500u Haswell 2013 Intel Core i7-3632qm Ivy Bridge 2012 Intel Core i7-2620qm Sandy Bridge 2011 Intel Core i5 M480 Westmere 2010 Intel Core i7 920 Nehalem 2008 AMD FX Core Piledriver 2012 AMD FX Core Piledriver 2012 AMD FX Core Bulldozer 2011 AMD Athlon II 640 X4 K AMD E-350 Bobcat 2010 AMD Phenom Core K Allwinner A64 ARM Cortex A Samsung Exynos 5800 ARM Cortex A Samsung Exynos 5800 ARM Cortex A Nvidia Tegra K1 CD580M-A1 ARM Cortex A Nvidia Tegra K1 CD570M-A1 ARM Cortex A15; LPAE

7 High-level introduction of AnC attack By monitoring the PTW access trace through cache side channel attack, the attacker gets three pieces of information to infer the whole VPN : the cache indexes of the four related PTEs the offset of each PTE inside its cache line and the mapping between PT offsets and PT levels. Combine with the page offset, the attacker get the VA.

8 How to get cache indexes? Use typical EVICT+Time side-channel attack to get cache index of PTE The attacker traverses the LLC via accessing a big array In each iteration, the attacker: Access the targeted object or variable (to fetch the related PTEs into caches) Flush TLB, forcing page table walk for the later access of the target Evict PTE cacheline from cache (Evict) Access the target again, measure its access time (Time) The longest access indicates the pte location in the cache, thus get the corresponding cache index of one PTE.

9 How to get the rest information? 2 remaining pieces information the offset of each PTE inside its cache line the mapping between PT offsets and PT levels Solution Sliding Also use Evict+Time Check More details from the AnC paper 2? 7? 32? 56? ??? ??? ??? ?????? Level 4 Level 3 Level 2 Level 1

10 Insights & our idea Two key HW features enables AnC attack: A direct mapping between addresses and cache indexes. It is easy to guess the portion of address once its cache location is known. Idea: Remapping the cache layout Uniformed caches that stores both data and page table entries. The attacker can use the data under her control to evict the PTE from cache. Idea: Hardware isolation between the PTE and data Both are software transparent

11 Experiment Platform Boom SOC 7/3/

12 Original cache layout page A Cacheline index corresponds to part of the page offset. So the index is predictable, the attacker can use the data under her control to evict any specific cacheline. Cacheline index = page offset [11:6] page B PTE offset == {Cacheline index, Cacheline offset}

13 Remapping the cache layout??? page A After remapping, the cache location is not predictable. The attacker cannot evict the cacheline effectively and deduce the?????? page offset from cache location information.??? Cacheline index = page offset [11:6] ^ PA [20:15] page B PTE offset =/= {Cacheline index, Cacheline offset}

14 RCL implementation baseline cache RCL cache

15 RCL evaluation (a) Execution time overhead compared with the baseline. On average, (b) the Cache execution miss per kilo instructions time increases (MPKI). by 1.0%.

16 Naïve: Uncache Make the PTE un-cacheable PTE isolation Significant performance overhead Enhancement: Uncache-PTC Caching the PTE in dedicated cache (modify the page walk cache to cache all level PTE including the leaf PTE)

17 PTE isolation evaluation The average performance overhead is 39.60% for fully uncache scheme and significantly decreases to 7.3% for the modified PWC scheme. Performance overhead of Isolation schemes

18 Thank You