Meltdown and Spectre - understanding and mitigating the threats (Part Deux)

Similar documents
Meltdown and Spectre - understanding and mitigating the threats

Meltdown and Spectre Mitigation. By Sathish Damodaran

Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick

Spectre and Meltdown. Clifford Wolf q/talk

Spectre and Meltdown: Data leaks during speculative execution

Meltdown or "Holy Crap: How did we do this to ourselves" Meltdown exploits side effects of out-of-order execution to read arbitrary kernelmemory

Disclaimer. This talk vastly over-simplifies things. See notes for full details and resources.

Disclaimer. This talk vastly over-simplifies things. See notes for full details and resources.

White Paper. How the Meltdown and Spectre bugs work and what you can do to prevent a performance plummet. Contents

Spectre Returns! Speculation Attacks Using Return Stack Buffer

Intel Analysis of Speculative Execution Side Channels

Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR

Micro-architectural Attacks. Chester Rebeiro IIT Madras

Side Channel Analysis Security issue ANALYST CONSULTATION JANUARY

White Paper SOFTWARE TECHNIQUES FOR MANAGING SPECULATION ON AMD PROCESSORS

Version:1.1. Overview of speculation-based cache timing side-channels

Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors

The Story of Meltdown and Spectre. Jann Horn & Daniel Gruss May 17, 2018

Securing High-performance RISC-V Processors from Time Speculation Christopher Celio, Jose Renau Esperanto Technologies {christopher.

arxiv: v1 [cs.cr] 3 Jan 2018

Meltdown and Spectre: Complexity and the death of security

To accelerate our learnings, we brought in an expert in CPU side channel attacks. Anders Fogh

Micro-Architectural Attacks and Countermeasures

Hardware Enclave Attacks CS261

arxiv: v2 [cs.cr] 16 Jun 2018

Virtualization security

Security Advisory Relating to the Speculative Execution Vulnerabilities with some microprocessors

Hypervisor security. Evgeny Yakovlev, DEFCON NN, 2017

Version:2.1. Overview of speculation-based cache timing side-channels

Intel Software Guard Extensions (SGX) SW Development Guidance for Potential Bounds Check Bypass (CVE ) Side Channel Exploits.

CS 161 Computer Security

CS 161 Computer Security

Software-based Microarchitectural Attacks

Exploiting Branch Target Injection. Jann Horn, Google Project Zero

Meltdown, Spectre, and Security Boundaries in LEON/GRLIB. Technical note Doc. No GRLIB-TN-0014 Issue 1.1

Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX. Yeongjin Jang, Sangho Lee, and Taesoo Kim Georgia Institute of Technology

Black Hat Webcast Series. C/C++ AppSec in 2014

Pangu 9 Internals. Tielei Wang and Hao Xu

Secure Containers with EPT Isolation

Back To The Future: A Radical Insecure Design of KVM on ARM

Chapter 8: Memory-Management Strategies

CSCI 1800 Cybersecurity and International Relations. Computer Hardware & Software John E. Savage Brown University

Chapter 7: Main Memory. Operating System Concepts Essentials 8 th Edition

Security-Aware Processor Architecture Design. CS 6501 Fall 2018 Ashish Venkat

CHAPTER 8 - MEMORY MANAGEMENT STRATEGIES

CHAPTER 8: MEMORY MANAGEMENT. By I-Chen Lin Textbook: Operating System Concepts 9th Ed.

ECE 471 Embedded Systems Lecture 22

Providing a Rapid Response to Meltdown and Spectre for Hybrid IT. Industry: Computer Security and Operations Date: February 2018

Chapter 8: Main Memory

Chapter 8: Main Memory. Operating System Concepts 9 th Edition

Security Architecture

Retpoline: A Branch Target Injection Mitigation

Who am I? Moritz Lipp PhD Graz University of

Memory management. Last modified: Adaptation of Silberschatz, Galvin, Gagne slides for the textbook Applied Operating Systems Concepts

It was a dark and stormy night. Seriously. There was a rain storm in Wisconsin, and the line noise dialing into the Unix machines was bad enough to

CSE 120 Principles of Operating Systems

Meltdown and Spectre: Complexity and the death of security

Chapter 8: Main Memory

CS307: Operating Systems

On the Meltdown & Spectre Design Flaws

CSE 127 Computer Security

Chapter 5 C. Virtual machines

CSC 5930/9010 Cloud S & P: Virtualization

Chapter 8: Memory- Management Strategies. Operating System Concepts 9 th Edition

Chapter 8: Memory- Management Strategies

Facebook API Breach. Jake Williams Rendition Infosec

RISCV with Sanctum Enclaves. Victor Costan, Ilia Lebedev, Srini Devadas

SPECULOSE: Analyzing the Security Implications of Speculative Execution in CPUs

Monitoring Hypervisor Integrity at Runtime. Student: Cuong Pham PIs: Prof. Zbigniew Kalbarczyk, Prof. Ravi K. Iyer ACC Meeting, Oct 2015

CS 161 Computer Security

Performance is awesome!

LINUX Virtualization. Running other code under LINUX

Unit 2 : Computer and Operating System Structure

Operating System Security

16 Sharing Main Memory Segmentation and Paging

COMPUTER ARCHITECTURE. Virtualization and Memory Hierarchy

24-vm.txt Mon Nov 21 22:13: Notes on Virtual Machines , Fall 2011 Carnegie Mellon University Randal E. Bryant.

Virtual Memory. Patterson & Hennessey Chapter 5 ELEC 5200/6200 1

Vulnerability Analysis I:

Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI)

WEB SECURITY: XSS & CSRF

T Jarkko Turkulainen, F-Secure Corporation

Play with FILE Structure Yet Another Binary Exploitation Technique. Abstract

Inline Reference Monitoring Techniques

Virtualization. Virtualization

Operating Systems 4/27/2015

Is Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection

Privilege Escalation

Virtual machines (e.g., VMware)

ForeScout CounterACT. Security Policy Templates. Configuration Guide. Version

Background. Contiguous Memory Allocation

Predicting Program Phases and Defending against Side-Channel Attacks using Hardware Performance Counters

Intel s Virtualization Extensions (VT-x) So you want to build a hypervisor?

From bottom to top: Exploiting hardware side channels in web browsers

Chapter 8: Memory- Management Strategies. Operating System Concepts 9 th Edition

Virtualization and memory hierarchy

Efficient Software Based Fault Isolation. Software Extensibility

ECE 571 Advanced Microprocessor-Based Design Lecture 12

Meltdown for Dummies. The road to hell is full of good intentions

Virtual Memory II CSE 351 Spring

Transcription:

Meltdown and Spectre - understanding and mitigating the threats (Part Deux) Gratuitous vulnerability logos Jake Williams @MalwareJake SANS / Rendition Infosec sans.org / rsec.us @SANSInstitute / @RenditionSec

Agenda What is Meltdown? What is Spectre? Exploitation scenarios How are these vulnerabilities alike (and different) Exploit mitigations (there s more to this than patch ) Closing thoughts

Meltdown The coolest thing to happen to processor geeks since forever.

Meltdown the basics Meltdown allows attackers to read arbitrary physical memory (including kernel memory) from an unprivileged user process Meltdown uses out of order instruction execution to leak data via a processor covert channel (cache lines) Meltdown was patched (in Linux) with KAISER/KPTI

Kernel ASLR (Address Space Layout Randomization) Linux implements kernel ASLR by default since 4.12 The 64-bit address space is huge, you wouldn t want to dump the whole thing 16EB theoretical limit, but 256TB practical limit Randomization is limited to 40 bits, meaning that locating kernel offsets is relatively easy

Kernel ASLR (Address Space Layout Randomization) Windows ASLR isn t much different in that not all of the kernel is randomized Because of the way the Windows memory manager is implemented, it is unlikely that the entirety of physical memory is mapped into a single process Verdict: On an unpatched Windows system, most (but not all) kernel memory can be read from Windows

Page Tables (User and Kernel) Page tables contain the mappings between virtual memory (used by the process) and physical memory (used by the memory manager) For performance reasons, most modern OS s map kernel addresses into user space processes Under normal circumstances, the kernel memory can t be read from user space, an exception is triggered

Meltdown attack Kernel memory Unprivileged Process Virtual memory Secret data Step 1: A user process reads a byte of arbitrary kernel memory. This should cause an exception (and eventually will), but will leak data to a side channel before the exception handler is invoked due to out of order instruction execution. CPU Cache User space array Clear the elements of the user space array from the CPU cache. User memory

Meltdown attack (2) Kernel memory Unprivileged Process Virtual memory Secret data Step 2: The value of the secret data is used to populate data in an array that is readable in user space memory. The position of the array access depends on the secret value. CPU Cache User memory User space array Due to out of order instruction processing, this user space array briefly contains the secret (by design), but the operation is flushed before it can be read. Array offset secret

Meltdown attack (3) Kernel memory Unprivileged Process Virtual memory Step 3: An exception is triggered that discards the out of order instructions. The secret cannot be read from the user space array Secret data CPU Cache User memory User space array Secret data is never available in the user accessible array since the exception discards the results of the out of order instruction computations. Array offset secret

Meltdown attack (4) Kernel memory Unprivileged Process Virtual memory Secret data Step 4: The unprivileged process iterates through array elements. The cached element will be returned much faster, revealing the contents of the secret byte read. * The array is really 4KB elements CPU Cache User memory User space array for (x=0; x <=255; x++) { return min(time(read array[x])) } Array offset secret 0x0 slow 0x1 slow 0x2 slow 0x31 fast! (cache hit)

Kernel Page Table Isolation Kernel page table isolation (aka KPTI, aka the KAISER patch) removes the mapping of kernel memory in user space processes Because the kernel memory is no longer mapped, it cannot be read by Meltdown This incurs a non-negligible performance impact

Kernel Page Table Isolation (2) Technically, some kernel memory (e.g. interrupt handlers) must be mapped into user space processes Future research will involve determining if leaking these small remnants of kernel memory can be used to dump other offsets in kernel memory The patch does not address the core vulnerability, it simply prevents practical exploitation

Why was there a rumor this was Intel only? Modern intel CPUs implement TSX, allowing for hardware transactional memory operations e.g. Grouping instructions for all or nothing execution This allows the Meltdown attack to be performed without software exception handling routines

Are ARM and AMD processors impacted? Meltdown exploitation is theoretically possible on both ARM and AMD, but the authors note that no practical exploitation was achieved They note that this may be due to the need for optimization of their code experiments confirm out of order execution is definitely occurring

Spectre Forget what I said about Meltdown, this might be cooler

Spectre the basics Spectre abuses branch prediction and speculative execution to leak data from via a cache covert channel Two versions of Spectre: Leak from the current process Leak from a remote process Spectre is being patched but will require compiler changes and recompiling existing code

Speculative Execution Modern processors perform speculative execution They execute instructions in parallel that are likely to be executed after a branch in code (e.g. if/else) Of course these instructions may never really be executed, so a sort of CPU snapshot is taken at the branch so execution can be rolled back if needed

Branch Prediction How does the CPU know which side of a branch ( if/else ) to speculatively execute? Branch prediction algorithms are trained based on current execution The CPU learns which branch will be executed from previous executions of the same code

Spectre attack Kernel memory Unprivileged Process Virtual memory Spectre allows code executing in the victim process to access data it should not have access to (e.g. outside of a JavaScript sandbox). Kernel secret data Attacker controlled code X Spectre can also allow cross process Branch target injection by training the branch prediction algorithm to mis-predict the target of a branch. This is almost certainly not remotely exploitable and is more difficult to target than Meltdown. User secret data User memory

Spectre attack (2) Kernel memory User memory Unprivileged Process Virtual memory Kernel secret data Attacker controlled code User secret data X Spectre may be exploited in applications that allow users to run some code in a sandbox. Spectre will allow the attacker to escape the sandbox and leak data from elsewhere in the process. This is most useful in a browser where one tab may contain attacker code while another tab contains sensitive information that should not be accessible to the attacker. Isolating each tab in its own process would mitigate this type of attack.

Exploit Scenarios How are attackers most likely to use Spectre and Meltdown?

Meltdown attacks At this time we believe there are two primary uses for Meltdown: 1. Privilege Escalation 2. Container/Paravirtualization Hypervisor Escape

Meltdown - Privilege Escalation On any unpatched system if an attacker can execute a process they can dump all (or most) physical memory With physical memory, attackers could identify password hashes, execute a mimikatz style attack on Windows, or find private keys Sure, KASLR is also bypassed (but who really cares)

Meltdown Container Escape Meltdown may target kernel addresses that are shared between the container and host kernel in many paravirtualization instances (e.g. Xen) and kernel sandboxes (e.g. Docker) It is possible that attacker may leak data from the outside the container, leading to a hypervisor escape

Spectre Exploit Scenarios The primary exploit scenario we see for Spectre is JavaScript execution in the browser being used to read outside of the browser sandbox There are two probable uses for this: 1. Leaking secret data from browser memory outside the JavaScript sandbox 2. Leaking addresses of user space modules to bypass ASLR (facilitating remote code execution)

Spectre Leaking Browser Memory Using JavaScript (perhaps in an advertisement), Spectre attacks could be used to leak browser cache or other saved data that pertains to other sites I m particularly worried about session keys for active session (this completely bypasses MFA) Tests indicate that the number of operations required for Spectre may be infeasible in JavaScript unless a user stays on a page for a LONG time

Spectre Leaking Module Addresses A large number of browser vulnerabilities are not practically exploitable because of user space ASLR ASLR and DEP have substantially limited browser exploitation Spectre can be used to determine the address of a module in memory and bypass ASLR (ushering in the new age of practical browser exploitation)

Spectre Targeting Specific External Programs This will likely require some knowledge of the remote program being attacked to cause a collision in the branch target buffer (BTB) Recall that for performance reasons, the entire address of the branch is not stored in the BTB The attacker has to study the victim program to understand the targets and construct an attack program to exploit it

Meltdown vs Spectre Cage match! Two vulnerabilities enter, All your data leaves

Meltdown vs. Spectre Meltdown Spectre Allows kernel memory read Yes Sometimes Was patched with KAISER/KPTI Yes No Leaks arbitrary user memory Yes Yes Could be executed remotely In special cases Definitely Most likely to impact Kernel integrity Browser memory Practical attacks against Intel Intel, AMD, ARM

Spectre and Meltdown Mitigations This is more than (just) patching

This probably won t be the last hardware bug Expect to see variations on these attacks for some time to come Multiple different researchers independently found these vulns while they were under embargo Architect your networks expecting more vulns of this type to be discovered

Patch but patch carefully In Linux, KPTI has an obvious performance impact Processor microcode patches may have additional impact

Antivirus vendors have to set a registry key The patch will have no effect on Windows unless antivirus vendors set a registry key to confirm they are compatible with the patch Symantec was causing BSOD s immediately after release Kevin Beaumont (@GossiTheDog) has compiled a list of antivirus patch statuses http://rsec.us/meltdownpatchcompat

Consider systems that won t be patched If you maintain multi-user environments on servers that won t be patched, consider whether you need to rearchitect those environments Windows Server 2003 x86 Solaris Old versions of OSX Multiple workloads with different security levels on the same physical machine are particularly worrisome

What about cloud? Most cloud providers run multiple customer s data on the same physical machine (by design) This fundamentally violates the don t run workloads with different security requirements model In light of Meltdown/Spectre (and likely future processor vulnerabilities) you should re-evaluate your architecture assumptions

Browser memory isolation On Chrome, you can enable site isolation I can t think of a good reason not to do this http://rsec.us/chromesiteisolation Thanks for @HackerFantastic for this recommendation This causes Chrome to load each site into its own process so even if same-origin policy is bypassed you can t steal data from another site This isn t 100% safe, cache data is probably still in memory

Potential Spectre Fix Intel has outlined several fixes for these problems, including Spectre, but these will require changes to code (recompilation to avoid cross process Spectre exploitation) Intel introduced the retpoline which will be familiar to any exploit developer a PUSH/RET avoids training the branch predictor, but accomplishes the same indirect jump

Other useful links Verifying Meltdown/Spectre protections on Windows http://rsec.us/verifywindowsmeltdown Detecting Spectre exploitation with performance counters http://rsec.us/spectreperformancecounters Checking browser vulnerability for Spectre http://rsec.us/spectrevulnerablecheck Meltdown/Spectre Enterprise Action Plan http://rsec.us/meltdownactionplan Walkthrough of Variants 1-3 (and 3a) http://rsec.us/spectrewalkthrough

Closing thoughts A few thoughts as we close out the webcast

Closing thoughts Attacks that impact microarchitecture of CPUs have been known for more than a decade Most were thought to be only exploitable in very limited cases, many involving physical access Spectre and Meltdown attacks make it clear that CPU architecture decisions need to be rethought

Closing thoughts (2) In the long term, you should expect to see more attacks on CPU microarchitecture This particularly will impact multi-tenant environments Spectre and Meltdown offer true wakeup calls for those running critical workloads in shared environments (e.g. the cloud)

The End - Meltdown vs. Spectre Thanks for attending! Please let us know if this webcast helped you get a handle on these vulnerabilities. Meltdown Spectre Allows kernel memory read Yes Sometimes Was patched with KAISER/KPTI Yes No Leaks arbitrary user memory Yes Yes Could be executed remotely In special cases Definitely Most likely to impact Kernel integrity Browser memory Practical attacks against Intel Intel, AMD, ARM

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback