Memory Deduplication: The Curse that Keeps on Giving

Transcription

1 Memory Deduplication: The Curse that Keeps on Giving Breaking ASLR Cross-process leak Cross-VM leak Side-channel Covert-channel Erik Bosman, Ben Gras, Kaveh Razavi Antonio Barresi

2 Who we are Erik PhD candidate at Antonio Co-founder of Research on building reliable and secure computing systems. Interested in software and systems security topics.

3 Acknowledgments Cristiano Giuffrida Herbert Bos Bart Preneel Mathias Payer Thomas R. Gross

4 Our message today

5 Lord of the Rings: The Fellowship of the Ring, 2001, New Line Cinema

6 Outline

7 > Memory deduplication Outline

8 > Memory deduplication > Side-channel Outline

9

10 CAIN

11 CAIN Cross-VM leak, break ASLR Memory deduplication

12 Dedup Est Machina

13 Dedup Est Machina Intra-process read + write (Browser + JS) Memory deduplication + Rowhammer

14 Flip- Feng Shui

15 Flip- Feng Shui Cross-VM leak + write, system compromise Memory deduplication + Rowhammer

16 Outline > Memory deduplication > Side-channel > CAIN attack (2015) > Dedup Est Machina (2016) > Flip-Feng Shui (2016)

17 Outline > Memory deduplication > Side-channel > CAIN attack (2015) > Dedup Est Machina (2016) > Flip-Feng Shui (2016) > Conclusion

18 Memory deduplication

19 Memory deduplication A method of reducing memory usage.

20 Memory deduplication A method of reducing memory usage. Used in virtualization environments,

21 Memory deduplication A method of reducing memory usage. Used in virtualization environments, (was) also enabled by default on Windows 8.1 and 10.

22 Memory deduplication In virtualized environments it allows to reclaim memory and supports overcommitment of memory.

23 Memory deduplication In virtualized environments it allows to reclaim memory and supports overcommitment of memory. = run more VMs

24 Now we can sell even more VMs $$$ Austin Powers: International Man of Mistery, 1997, New Line Cinema

25 Memory deduplication physical memory virtual machine A virtual machine B

26 Memory deduplication physical memory virtual machine A virtual machine B

27 Memory deduplication physical memory virtual machine A virtual machine B

28 Memory deduplication physical memory virtual machine A virtual machine B

29 Memory deduplication physical memory virtual machine A virtual machine B

30 Memory deduplication physical memory virtual machine A * * * * * * * * * * * * * * * * * * virtual machine B * * * * * * * * *

31 Kernel Same-page Merging (KSM) > Enabled by default for KVM (Ubuntu Server) > Out-of-band Content Based Page Sharing (CBPS)

32 Kernel Same-page Merging (KSM) > Enabled by default for KVM (Ubuntu Server) > Out-of-band Content Based Page Sharing (CBPS) /sys/kernel/mm/ksm/run 1 or 0 /sys/kernel/mm/ksm/sleep_millisecs e.g., 200 ms /sys/kernel/mm/ksm/pages_to_scan e.g., /sleep_millisecs * pages_to_scan = pages per second e.g., (1000/200ms) * 100 = 500 pages/sec

33 Memory deduplication: The Problem Deduplicated memory does not need to have the same security domain. (unlike fork(), file-backed memory) An attacker can use deduplication as a side-channel.

34 Deduplication side-channel attack normal write

35 Deduplication side-channel attack normal write write

36 Deduplication side-channel attack normal write write copy on write (due to deduplication) *

37 Deduplication side-channel attack normal write write copy on write (due to deduplication) * trap

38 Deduplication side-channel attack normal write write copy on write (due to deduplication) * copy trap whole page

39 Deduplication side-channel attack normal write write copy on write (due to deduplication) * copy update trap whole page page tables

40 Deduplication side-channel attack normal write write copy on write (due to deduplication) * trap copy whole page update page tables resume process

41 Deduplication side-channel attack normal write write copy on write (due to deduplication) * copy update trap whole page resume process write page tables

42 Deduplication side-channel attack A 1-bit side channel which is able to leak data across security boundaries

43 Deduplication side-channel attack A 1-bit side channel which is able to leak data across security boundaries > Cross-VM

44 Deduplication side-channel attack A 1-bit side channel which is able to leak data across security boundaries > Cross-VM > Cross-process

45 Deduplication side-channel attack A 1-bit side channel which is able to leak data across security boundaries > Cross-VM > Cross-process > Intra-process, leak process data from JavaScript

46 Exploitation of the side-channel

47 Exploitation of the side-channel attacker memory victim memory

48 Exploitation of the side-channel secret page attacker memory victim memory

49 Exploitation of the side-channel guess page? secret page attacker memory victim memory

50 Exploitation of the side-channel guess page secret page attacker memory victim memory

51 Exploitation of the side-channel wait(t) secret page attacker memory victim memory

52 Exploitation of the side-channel? write secret page attacker memory victim memory

53 Exploitation of the side-channel write time > threshold secret page attacker memory victim memory

54 Exploitation of the side-channel write time > threshold secret page attacker memory victim memory

55 Exploitation of the side-channel write time threshold secret page attacker memory victim memory

56 Exploitation of the side-channel write time threshold secret page attacker memory victim memory

57 Exploitation of the side-channel write time threshold secret page attacker memory victim memory

58 CAIN Dedup Est Machina Flip- Feng Shui

59 CAIN: Cross-VM Address Space Layout Introspection Deduplication (software side-channel)

60 CAIN: Cross-VM Address Space Layout Introspection Deduplication (software side-channel) Cross-VM leak / ASLR bypass CVE / VU# (

61 CAIN

62 CAIN > Page contents to leak ASLR? Secret page?

63 CAIN > Page contents to leak ASLR? Secret page? > How long to wait?

64 CAIN > Page contents to leak ASLR? Secret page? > How long to wait? > How to detect a merged page? Noise?

65 Suitable pages to break ASLR Suitable page to break ASLR Page aligned > Mostly static > Read-only in victim VM > Known to exist

66 Suitable pages to break ASLR 0x7f9ffaa0000 Page aligned Known offset within the page Contains base address of an executable image

67 Suitable pages to break ASLR 0x7f9ffaabeef Page aligned 0x7f9ffaa0000 0x7f9ffaa0123 Known offsets within the page Contains values derived from the base address of an executable image

68 Suitable page under Windows

69 Guessing the right address > Well you still have to guess

70 Guessing the right address > Well you still have to guess > 2 19 base addresses for Windows x64

71 Guessing the right address > Well you still have to guess > 2 19 base addresses for Windows x64 > guesses

72 Guessing the right address > Well you still have to guess > 2 19 base addresses for Windows x64 > guesses > One guess requires 1 page of memory

73 Based on

74 Guessing the right address > Attacker VM has much more memory

75 Guessing the right address > Attacker VM has much more memory > Fill up memory with all guesses

76 Guessing the right address > Attacker VM has much more memory > Fill up memory with all guesses > 2 19 * 1 page of 4 KB = 2 GB

77 Brute-force all addresses <Page with RBA guess> 0x7f9ffa x7f9ffa x7f9ffa x7f9ffaa0000 0x7f9ffab0000 0x7f9ffac0000 0x7f9ffad

78 Brute-force all addresses <Page with RBA guess> 0x7f9ffa x7f9ffa x7f9ffa x7f9ffaa0000 0x7f9ffab0000 0x7f9ffac0000 0x7f9ffad detect_shared_pages() 0x7f9ffaa0000

79 Wait for how long?

80 Wait for how long? > Depends on the memory deduplication implementation

81 Wait for how long? > Depends on the memory deduplication implementation > Varies depending on amount of memory used

82 Wait for how long? > Depends on the memory deduplication implementation > Varies depending on amount of memory used > Attacker trade-off > Waiting too little obstructs the attack > Waiting too long increases attack time

83 Adaptive sleep-time detection > Try to automatically detect sleep time

84 Adaptive sleep-time detection > Try to automatically detect sleep time

85 Adaptive sleep-time detection > Try to automatically detect sleep time > After buffer creation, wait e.g. t = 10min

86 Adaptive sleep-time detection > Try to automatically detect sleep time > After buffer creation, wait e.g. t = 10min > Detect how many pages were merged

87 Adaptive sleep-time detection > Try to automatically detect sleep time > After buffer creation, wait e.g. t = 10min > Detect how many pages were merged > If detection rate > threshold (e.g. 90%)

88 Adaptive sleep-time detection > Try to automatically detect sleep time > After buffer creation, wait e.g. t = 10min > Detect how many pages were merged > If detection rate > threshold (e.g. 90%) > Use t

89 Adaptive sleep-time detection > Try to automatically detect sleep time > After buffer creation, wait e.g. t = 10min > Detect how many pages were merged > If detection rate > threshold (e.g. 90%) > Use t > Else, increase t and try again

90 Detect merged pages Non-shared Merged Non-shared

91 Detect merged pages t Non-shared Merged Non-shared 29

92 Detect merged pages t t Non-shared Merged Non-shared

93 Detect merged pages Measure write time with rdtsc (Read Time Stamp Counter) t t t Non-shared Merged Non-shared

94 Detect merged pages Measure write time with rdtsc (Read Time Stamp Counter) t t t Non-shared Merged Non-shared t 2 > 2 * (t 1 +t 3 )/2 t 1,3 < M = 1000 t 1 < t 3, (t 3 -t 1 ) < t 3 /3

95 Detect merged pages Measure write time with rdtsc (Read Time Stamp Counter) t t t Non-shared Merged Non-shared t 2 > 2 * (t 1 +t 3 )/2 t 1,3 < M = 1000 t 1 < t 3, (t 3 -t 1 ) < t 3 /3

96 Handling noise > Be conservative and perform multiple rounds

97 Handling noise > Be conservative and perform multiple rounds > Probability that same guess is affected by noise in different rounds is low

98 Windows x64 ASLR > High Entropy ASLR > 33 bits for stacks > 24 bits for heaps > 17 bits for executables > 19 bits for DLLS System-wide at boot-time for certain images

99 Attacking a single Windows VM

100 Attacking multiple Windows VM sleep_millisecs = 20

101

102

103 Speed improvements > Many ways to increase speed of attack

104 Speed improvements > Many ways to increase speed of attack > Allocate more random pages in-between

105 Speed improvements > Many ways to increase speed of attack > Allocate more random pages in-between > Use more than one guess page (redundancy)

106 Speed improvements > Many ways to increase speed of attack > Allocate more random pages in-between > Use more than one guess page (redundancy) > Different guess pages for same secret e.g. relocated code pages

107 Big limitation > No control over victim memory layout

108 Big limitation > No control over victim memory layout > Some control would help a lot

109 Big limitation > No control over victim memory layout > Some control would help a lot > No write primitive

110 Big limitation > No control over victim memory layout > Some control would help a lot > No write primitive > Rowhammer

111 memdedup for Windows > MS enabled memory deduplication for Windows

112 memdedup for Windows > MS enabled memory deduplication for Windows

113 CAIN Dedup Est Machina Flip- Feng Shui

114 Dedup est Machina Deduplication (software side-channel)

115 Dedup est Machina Deduplication (software side-channel) + Rowhammer (hardware bug)

116 Dedup est Machina Deduplication (software side-channel) + Rowhammer (hardware bug) Exploit MS Edge without software bugs (from JavaScript)

117 Outline: Deduplication - leak heap & code addresses JavaScript Array NaN

118 Outline: Deduplication - leak heap & code addresses JavaScript Array chakra.dll NaN

119 Outline: Deduplication - leak heap & code addresses - create a fake object

120 Outline: Deduplication - leak heap & code addresses - create a fake object Rowhammer - create reference to our fake object

121 Outline: Deduplication - leak heap & code addresses - create a fake object Rowhammer - create reference to our fake object

122 Leaking existing pages is slow and the gained information is limited. What if we can manipulate the contents of the victim's memory to leak secrets hand-picked by the attacker.

123 Challenge 1: The secret we want to leak does not span an entire page.

124 Turning a secret into a page secret

125 Turning a secret into a page known data secret secret page

126 Challenge 2: The secret we want to leak has too much entropy to leak all at once.

127 Primitive #1: alignment probing known data secret secret page

128 Primitive #1: alignment probing known data secret secret page

129 Primitive #2: partial reuse known data secret secret page

130 Primitive #2: partial reuse known data secret secret page

131 Outline: Deduplication - leak heap & code addresses chakra.dll

132 JIT function epilogue (MS Edge) secret mov RCX,0x1c20 mov RAX, [code address] jmp RAX trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap... known data

133 JIT function epilogue (MS Edge) page mov RCX,0x1c20 mov RAX, [code address] jmp RAX trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap

134 JIT function epilogue (MS Edge) page mov RCX,0x1c20 mov RAX, [code address] jmp RAX trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap trap

135 Outline: Deduplication - leak heap & code addresses chakra.dll

136 Outline: Deduplication - leak heap & code addresses JavaScript Array chakra.dll NaN

137 What if leaking a heap pointer in stages is not possible... We need to guess a page containing the complete pointer.

138 Heap pointer entropy in Edge 0x5F

139 Heap pointer entropy in Edge 64G advertised ASLR (24 bit) * redundancy 0x5F

140 Heap pointer entropy in Edge 64G advertised ASLR (24 bit) * redundancy 0x5F T non-deterministic bits * redundancy (+/- 36 bit)

141 Slab allocator for JavaScript objects array object array data

142 Slab allocator for JavaScript objects... 1M VirtualAlloc()

143 Slab allocator for JavaScript objects 1st after VirtualAlloc() call... 1M VirtualAlloc()

144 Slab allocator for JavaScript objects 1st after VirtualAlloc() call Timing side-channel :-D... 1M VirtualAlloc()

145 Heap pointer entropy in Edge 64G advertised ASLR (24 bit) * redundancy 0x5F T non-deterministic bits * redundancy (+/- 36 bit)

146 Heap pointer entropy in Edge 64G advertised ASLR (24 bit) * redundancy 0x5F G entropy after 1MB alignment * redundancy (20 bit)

147 Birthday problem

148 Birthday problem

149 Birthday problem

150 Birthday problem

151 Birthday problem

152 Birthday problem

153 Birthday problem

154 Birthday problem

155 Birthday problem

156 Birthday problem

157 Birthday problem

158 Birthday problem

159 Birthday problem

160 Primitive #3: birthday heapspray physical memory attacker memory victim memory

161 Primitive #3: birthday heapspray physical memory attacker memory victim memory

162 Primitive #3: birthday heapspray physical memory attacker memory victim memory

163 Primitive #3: birthday heapspray physical memory attacker memory victim memory

164 Primitive #3: birthday heapspray physical memory attacker memory victim memory

165 Primitive #3: birthday heapspray physical memory attacker memory victim memory

166 Primitive #3: birthday heapspray physical memory attacker memory victim memory

167 Primitive #3: birthday heapspray physical memory attacker memory victim memory

168 Primitive #3: birthday heapspray physical memory attacker memory victim memory

169 Primitive #3: birthday heapspray physical memory attacker memory victim memory

170 Primitive #3: birthday heapspray physical memory attacker memory * * victim memory

171 Creating Secret Pages 1M Aligned... objects

172 Creating Secret Pages array data... 1M Aligned objects

173 Creating Secret Pages page page page... 1M Aligned objects page

174 Creating Secret Pages page page page... 1M Aligned objects page

175 Creating Secret Pages page secret A secret B... 1M Aligned objects secret C

176 Creating Guess Pages typed array data

177 Creating Guess Pages?????? guessed??? aligned addresses, 128M apart??????... typed array data???

178 Creating Guess Pages??? guess X??? guessed??? aligned addresses, 128M apart??????... guess Y guess Z??? guess Q

179 Birthday heap spray +1M, +1M, +1M, M, +128M, +128M,...

180 Birthday heap spray +1M, +1M, +1M, M, +128M, +128M,... secret pages (allocated addresses)

181 Birthday heap spray +1M, +1M, +1M, M, +128M, +128M,... secret pages (allocated addresses) guess pages (containing guessed addresses)

182 Birthday heap spray +1M, +1M, +1M, M, +128M, +128M,... secret pages (allocated addresses) guess pages (containing guessed addresses)

183 Outline: Deduplication - leak heap & code addresses - create a fake object Rowhammer - create reference to our fake object

184 Fake Uint8Array object array data

185 Pointer pivotting array data

186 Pointer pivotting array header array data JavaScript Array

187 Pointer pivotting array array array array header data header data JavaScript Array JavaScript Array

188 Pointer pivotting array array array array header data header data JavaScript Array JavaScript Array

189 Pointer pivotting array array array array header data header data JavaScript Array JavaScript Array

190 Rowhammer attack banks ranks channels DDR memory

191 Rowhammer attack

192 Rowhammer attack rows

193 Rowhammer attack rows row buffer cache

194 Rowhammer attack rows row buffer cache

195 Rowhammer attack rows row buffer cache

196 Rowhammer attack rows row buffer cache

197 Rowhammer attack rows row buffer cache

198 Rowhammer attack rows row buffer cache

199 Rowhammer attack rows row buffer cache

200 Rowhammer attack rows row buffer cache

201 Pointer pivotting array array array array header data header data JavaScript Array JavaScript Array

202 Pointer pivotting array array array array header data header data JavaScript Array JavaScript Array

203 CAIN Dedup Est Machina Flip- Feng Shui

204 Flip Feng Shui Rowhammer (hardware bug)

205 Flip Feng Shui Rowhammer (hardware bug) + Deduplication (more than a software side-channel)

206 Flip Feng Shui Rowhammer (hardware bug) + Deduplication (more than a software side-channel) Cross-VM compromise

207 Rowhammer bit flips: 1) Unpredictable on which (virtual) page 2) Unpredictable where in the page 3) Repeatable once you've found a flip

208 Flip Feng Shui goal: > Find victim pages with known content which allow for exploitation when certain bits are flipped > Land this victim page in a physical memory location where this bit is flippable

209 Deduplication implementation: Windows 10 physical memory attacker memory victim memory

210 Deduplication implementation: Windows 10 physical memory attacker memory victim memory

211 Deduplication implementation: KVM on Linux (KSM) physical memory attacker memory victim memory

212 Deduplication implementation: KVM on Linux (KSM) physical memory attacker memory victim memory

213 Deduplication implementation: KVM on Linux (KSM) physical memory attacker memory victim memory

214 Deduplication implementation: KVM on Linux (KSM) physical memory attacker memory victim memory

215 Deduplication implementation: KVM on Linux (KSM) physical memory attacker memory victim memory

216 Deduplication implementation: KVM on Linux (KSM) physical memory attacker memory victim memory

217 Deduplication implementation: KVM on Linux (KSM) physical memory attacker memory victim memory

218 Deduplication implementation: KVM on Linux (KSM) physical memory attacker memory victim memory

219 Deduplication implementation: KVM on Linux (KSM) physical memory attacker memory victim memory

220 Example 1: OpenSSH Target: ~/.ssh/authorized_keys

221 OpenSSH ~/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC52/Uk84iUm m ic el7e S r+ / D/P W Z6Lj k hlu 8 yv35be EoT wxm9 e G x Jyz V +1s68 tr yzpd 3VQ v wsh i KqDnCg+OtaA o 0 K v C qzc o BQ F B9X a wif J I 5 dsegtcu B uo k U v +TlmAZ+D9 MNNA xjusbbh0shbaih65 i mlauisfr3vzw FE 7 uy6s B 26j 52LhWG5 B R w SkM nmr N2E2f q HaP96J 9 RO F lhuy k w8 jwux Jwl4kJ 8 v Ro1uhX0SV u8z 9 wg rk R 5 b + GQ WJ3P h7 vjomvu/koab Wn NnY KR 8IT B nkp D 0 L r E yakrygefi7g wc ixovqr79by8 l L6yp J4 km5 ey obs B sn C jmg hxqj 8 RR zgu td1 victim@laptop Exponent Modulus (p * q)

222 OpenSSH ~/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC52/Uk84iUm m ic el7e S r+ / D/P W Z6Lj k hlu 8 yv35be EoT wxm9 e G x Jyz V +1s68 tr yzpd 3VQ v wsh i KqDnCg+OtaA o 0 K v C qzc o BQ F B9X a wif J I 5 dsegtcu B uo k U v +TlmAZ+D9 MNNA xjusbbh0shbaih65 i mlauisfr3vzw FE 7 uy6s B 26j 52LhWG5 B R w SkM nmr N2E2f q HaP96J 9 RO F lhuy k w8 jwux Jwl4kJ 8 v Ro1uhX0SV u8z 9 wg rk R 5 b + GQ WJ3P h7 vjomvu/koab Wn NnY KR 8IT B nkp D 0 L r E yakrygefi7g wc ixovqr79by8 l L6yp J4 km5 ey obs B sn C jmg hxqj 8 RR zgu td1 victim@laptop Exponent Modulus (p' * q' * r'...)

223 Example 1: OpenSSH Target: ~/.ssh/authorized_keys > Flip a bit in the RSA modulus > Factorize it > Reconstruct the new private key

224 Example 2: GPG & apt-get Targets: sources.list flip package repository domain name eg. ubuntu.com -> ubunvu.com

225 Example 2: GPG & apt-get Targets: sources.list + GPG keyring corrupt signing key

226 Conclusion

227 Conclusion > Memory deduplication is dangerous

228 Conclusion > Memory deduplication is dangerous > Be aware of the security implications

229 Conclusion > Memory deduplication is dangerous > Be aware of the security implications > Well, or just disable it

230 Erik Antonio

231 Rowhammer (seaborn attack) physical memory sprayed page tables