Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom...
Transcript of Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom...
![Page 1: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/1.jpg)
Memory Defenses The Elevation from Obscurity to Headlines
Rajeev BalasubramonianSchool of Computing, University of Utah
![Page 2: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/2.jpg)
Image sources: pinterest, gizmodo
2
![Page 3: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/3.jpg)
Spectre Overview
if (x < array1_size) y = array2[ array1[x] ];
Victim Code
x is controlled by attacker
array1[ ] is the secret
Access pattern of array2[ ] betrays the secret
Thanks to bpred, x can be anything
3
![Page 4: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/4.jpg)
What Did We Learn?
Speculation
Specific Code
No side channel defenses
+
+
4
![Page 5: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/5.jpg)
The Wake Up Call
Say Yes to Side Channel Defenses
5
![Page 6: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/6.jpg)
Overview
• Memory timing channels• The Fixed Service memory controller [MICRO 2015]
• Memory access patterns• Near-data ORAM [HPCA 2018]
• Memory integrity• Improving SGX with VAULT [ASPLOS 2018]
6
![Page 7: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/7.jpg)
Memory Timing Channels
7
VM 1CORE 1
VM 2CORE 2
MC
Two VMs sharing a processor and memory channel
Attacker
Victim
![Page 8: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/8.jpg)
Possible Attacks
8
VM 1CORE 1
VM 2CORE 2
MC
Attack 1: Bits in a key influence memory accessesAttack 2: A victim can betray secrets through memory activityAttack 3: A covert channel attack
![Page 9: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/9.jpg)
Covert Channel Attack
9
VM 1CORE 1
VM 2CORE 2
MC
A covert channel
Electronic health records3rd party document reader
Conspirator
![Page 10: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/10.jpg)
Fixed Service Memory Controller
10
VM-1 has its data in Rank-1VM-2 has its data in Rank-2…
VM-8 has its data in Rank-8
Time (in cycles)
VM-1 begins memory accessVM-2 begins memory access
VM-8 begins memory accessVM-1 begins memory access…
0 7 49 56
![Page 11: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/11.jpg)
Fixed Service Details
• Deterministic schedule• No resource contention• Dummy accesses if nothing pending• Lower bandwidth, higher latency• Why 7? DRAM timing parameters, worst-case• Rank partitioning: 7 cycle gap• Bank partitioning: 15 cycle gap• No partitioning: 43 cycle gap
11
![Page 12: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/12.jpg)
Overcoming Worst-Case
• In one batch of requests, schedule all reads, followed by all writes (worst-case encountered once per batch)
• Impose constraints on banks that can be accessed – triple bank alternation
12
0 1 2 3 4 5 6 7
15
0 1 2 3 4 5 6 7 0
3x15 = 45 > 43
Red: Bank-id mod 3 = 0Blue: Bank-id mod 3 = 1
Green: Bank-id mod 3 = 2
![Page 13: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/13.jpg)
Results
13
Increased OS complexity
RANK PARTITIONINGNO PARTITIONING BANK PARTITIONING
PER
FOR
MAN
CE
NON-SECUREBASELINE
1.0
0.74
0.48
0.43
0.20
0.40
FS
FS: RD/WR-REORDER
FS: TRIPLE ALTERNATION
TP
TP
![Page 14: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/14.jpg)
Overview
• Memory timing channels• The Fixed Service memory controller [MICRO 2015]
• Memory access patterns• Near-data ORAM [HPCA 2018]
• Memory integrity• Improving SGX with VAULT [ASPLOS 2018]
14
![Page 15: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/15.jpg)
Oblivious RAM
• Assumes that addresses are exposed
• PHANTOM [CCS’13]: Memory bandwidth overhead of …
15
Image sources: vice.com
![Page 16: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/16.jpg)
Oblivious RAM
• Assumes that addresses are exposed
• PHANTOM [CCS’13]: Memory bandwidth overhead of …2560x (about 280x today)
16
Image sources: vice.com
![Page 17: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/17.jpg)
Path-ORAM
17Stash
![Page 18: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/18.jpg)
A Distributed ORAM
18
Authenticated buffer chip
MC
All buses are exposed
Buffer chip and processor communication is encrypted
Processor ORAM operations shift from Processor to SDIMM.
ORAM traffic pattern shifts from the memory bus to on-
SDIMM “private” buses.
![Page 19: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/19.jpg)
The Independent ORAM Protocol
19
MCProcessor
1. Each SDIMM handles a subtree of the ORAM tree.
2. Only traffic on shared memory channel: CPU requests and leaf-id re-assignments.
3. As much parallelism as the number of SDIMMs.
![Page 20: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/20.jpg)
The Split ORAM Protocol
20
MCProcessor
1. Each SDIMM handles a subset of every node.
2. Only metadata is sent to the processor.
3. The processor tells the SDIMMs how to shuffle data.
4. Lower latency per ORAM request, but lower parallelism as well.
![Page 21: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/21.jpg)
ORAM Results Summary
• Can combine the Independent and Split protocols to find the best balance of latency and parallelism
• Bandwidth demands are reduced from 280x 35xExecution time overheads from 5.2x 2.7x
• Reduces memory energy by 2.5x
21
![Page 22: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/22.jpg)
Overview
• Memory timing channels• The Fixed Service memory controller [MICRO 2015]
• Memory access patterns• Near-data ORAM [HPCA 2018]
• Memory integrity• Improving SGX with VAULT [ASPLOS 2018]
22
![Page 23: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/23.jpg)
Intel SGX Basics
23
Enclave 1
Intel SGX
Enclave N…
Memory
EPC 96MBNon-EPC Sen
Non-EPC NSen
1. Enclave data is protected from malicious OS/operator.
2. A per-block integrity tree protects EPC.
3. A per-page integrity tree protects non-EPC Sen.
4. This keeps overheads (bwand capacity) of integrity tree low.
5. Entails frequent paging between EPC and non-EPC.
![Page 24: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/24.jpg)
Intel SGX Basics
24
Enclave 1
Intel SGX
Enclave N…
Memory
EPC 96MBNon-EPC Sen
Non-EPC NSen
1. Enclave data is protected from malicious OS/operator.
2. A per-block integrity tree protects EPC.
3. A per-page integrity tree protects non-EPC Sen.
4. This keeps overheads (bwand capacity) of integrity tree low.
5. Entails frequent paging between EPC and non-EPC.
VAULT: Unify EPC and non-EPC to reduce paging. New integrity tree for low bw. Better metadata for capacity.
![Page 25: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/25.jpg)
SGX Overheads
25
![Page 26: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/26.jpg)
Bonsai Merkle Tree
26
Hash Hash Hash
Hash Hash Hash
512 bits64 bits
…Leaf hashes
Intermediate Hashes
Data Block
64+512 bits
…
Data Block……512 bits for
64 counters
MAC MAC
Arity=64
Arity=8
7b …64b
Shared global
counterLocal
counter
7b
…Root block in processor
……
![Page 27: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/27.jpg)
VAULT
27
1. Small linkage counters high arity, compact/shallow tree, better cacheability.
2. Variable counter width to manage overflow.
3. Reduces bandwidth overhead for integrity verification.
![Page 28: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/28.jpg)
VAULT+SMC
28
1. MAC storage and bwoverheads are high.
2. Sharing a MAC among 4 blocks reduces storage, but incr bw.
3. A block is compressed and the MAC is embedded in the block reduces bwand storage.
![Page 29: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/29.jpg)
Integrity Results Summary
• 3.7x performance improvement over SGX – primarily because of lower paging overheads
• A large effective EPC is palatable – 4.7% storage overhead and a more scalable tree (34% better than the SGX tree)
29
VAULT+SMC
![Page 30: Memory Defenses - alchem.usc.edualchem.usc.edu/ceng-seminar/slides/2018/rajeev-feb09.pdffrom malicious OS/operator. 2. A per-block integrity tree protects EPC. 3. A per-page integrity](https://reader034.fdocuments.net/reader034/viewer/2022052012/60293451df2d537b743fa14f/html5/thumbnails/30.jpg)
Big Finish
• Memory defenses were purely academic pursuits• Integrity trees now a part of Intel SGX: overheads of 2x – 40x• VAULT improves integrity overhead to 1.5x – 2.5x• FS eliminates timing channels with overhead of 2x• SDIMM improves ORAM overhead to 2.7x• An array of memory defenses is now commercially viable
… and strategic given latent vulnerabilities
30
Acks: Ali Shafiee, Meysam Taassori, Akhila Gundu, Manju Shevgoor, Mohit Tiwari, Feifei Li, NSF, Intel.