RIDL - ieee-security.org · 5/20/2019 RIDL: Rogue In-flight Data Load...
163
5/20/2019 RIDL: Rogue In-flight Data Load file:///D:/slides/slides.html?print-pdf 1/163 * RIDL RIDL ROGUE IN-FLIGHT DATA LOAD ROGUE IN-FLIGHT DATA LOAD Stephan van Schaik - Alyssa Milburn Sebastian Österlund - Pietro Frigo - Giorgi Maisuradze* Kaveh Razavi - Herbert Bos - Cristiano Guiffrida 1
Transcript of RIDL - ieee-security.org · 5/20/2019 RIDL: Rogue In-flight Data Load...
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 1/163
*
RIDLRIDLROGUE IN-FLIGHT DATA LOADROGUE IN-FLIGHT DATA LOAD
Stephan van Schaik - Alyssa Milburn
Sebastian Österlund - Pietro Frigo - Giorgi Maisuradze*
Kaveh Razavi - Herbert Bos - Cristiano Guiffrida
1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 2/163 2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 3/163
What can we still do as an attacker?
3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 4/163 4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 5/163
Meet Rogue In-flight Data Load or RIDL
A new class of speculative execution attacks
that knows no boundaries
5
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 6/163
Privilege levels are just a social construct
6
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 7/163
SECURITY DOMAINSSECURITY DOMAINS
We can leak between hardware threads!
7.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 8/163
SECURITY DOMAINSSECURITY DOMAINS
But can we leak across other security domains?
7.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 9/163
SECURITY DOMAINSSECURITY DOMAINS
Yes, we can!
7.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 10/163
SECURITY DOMAINSSECURITY DOMAINS
We leak from the kernel …
7.4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 11/163
SECURITY DOMAINSSECURITY DOMAINS
... across VMs …
7.5
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 12/163
SECURITY DOMAINSSECURITY DOMAINS
... from the hypervisor …
7.6
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 13/163
SECURITY DOMAINSSECURITY DOMAINS
... and from SGX enclaves!
7.7
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 14/163
We leak across all security domains!
7.8
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 15/163
SECURITY DOMAINSSECURITY DOMAINSCan we leak in the web browser?
7.9
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 16/163
SECURITY DOMAINSSECURITY DOMAINSYes, we can!
7.10
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 17/163
SECURITY DOMAINSSECURITY DOMAINSYes, we can!
We reproduced RIDL in Mozilla Firefox
7.10
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 18/163
SECURITY DOMAINSSECURITY DOMAINSYes, we can!
We reproduced RIDL in Mozilla Firefox
⇒ No need for special instructions
7.10
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 19/163
We leak across security domains, and in the browser!
7.11
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 20/163
Memory addresses are a social construct too
8
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 21/163
PREVIOUS ATTACKSPREVIOUS ATTACKS
Previous attacks show we can speculatively leak fromaddresses
9.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 22/163
PREVIOUS ATTACKSPREVIOUS ATTACKS
Our mitigation efforts focus on isolating/maskingaddresses
9.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 23/163
Spectre: access out-of-bound addresses
Meltdown: leak kernel data from virtual addresses
Foreshadow: leak from physical address
10.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 24/163
Spectre: mask array index to limit address range
Meltdown: unmap kernel addresses fromuserspace
Foreshadow: invalidate physical address
10.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 25/163
Example
10.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 26/163
MELTDOWNMELTDOWN
Problem: leak kernel data from virtual addresses
11.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 27/163
MELTDOWNMELTDOWN
Solution: unmap kernel addresses
11.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 28/163
PREVIOUS ATTACKSPREVIOUS ATTACKS
11.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 29/163
PREVIOUS ATTACKSPREVIOUS ATTACKSPrevious attacks exploit addressing
11.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 30/163
PREVIOUS ATTACKSPREVIOUS ATTACKSPrevious attacks exploit addressing
Mitigation by isolating/masking addresses
11.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 31/163
RIDLRIDLRIDL does not depend on addressing:
12
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 32/163
RIDLRIDLRIDL does not depend on addressing:
⇒ Bypass all address-based security checks
12
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 33/163
RIDLRIDLRIDL does not depend on addressing:
⇒ Bypass all address-based security checks
⇒ Makes RIDL hard to mitigate
12
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 34/163
What CPUs does RIDL affect?
13
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 35/163
We bought Intel and AMD CPUs from almost everygeneration since 2008
14.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 36/163
... and sent the invoices to Herbert
14.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 37/16314.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 38/163
RIDL works on all mainstream Intel CPUs since 2008
15.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 39/16315.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 40/16316.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 41/163
Intel announces Coffee Lake Refresh
16.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 42/163
In-silicon mitigations against Meltdown andForeshadow
16.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 43/163
Let’s buy the Intel Core i9-9900K!
16.4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 44/163
... and send another invoice to Herbert
16.5
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 45/163
We got it the day a�er we submitted the paper
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 46/163
===
RIDL works regardless of these in-silicon mitigations
16.6
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 47/16316.7
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 48/163
AMDAMDWe also tried to reproduce it on AMD
17.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 49/163
AMDAMDWe also tried to reproduce it on AMD
RIDL does not affect AMD
17.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 50/16317.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 51/16318
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 52/163
But where are we actually leaking from?
19
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 53/163
LEAKY SOURCESLEAKY SOURCES
20.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 54/163
LEAKY SOURCESLEAKY SOURCES
Previous attacks had it easy, they leak from caches
20.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 55/163
LEAKY SOURCESLEAKY SOURCES
Caches are well documented and well understood.
20.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 56/163
LEAKY SOURCESLEAKY SOURCES
But RIDL does not leak from caches!
20.4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 57/163
LEAKY SOURCESLEAKY SOURCES
But what else is there to leak from?
20.5
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 58/163
LEAKY SOURCESLEAKY SOURCES
There are other internal CPU buffers
20.6
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 59/163
LEAKY SOURCESLEAKY SOURCES
Line Fill Buffers, Store Buffers and Load Ports
20.7
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 60/163
LEAKY SOURCESLEAKY SOURCES
But there is more!
20.8
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 61/163
LEAKY SOURCESLEAKY SOURCES
Uncached Memory
20.9
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 62/163
We can leak from various internal CPU buffers!
20.10
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 63/163
RIDL is a class of speculative execution attacks
also known as Micro-architectural Data Sampling
20.11
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 64/163
Let’s focus on one particular instance:
Line Fill Buffers
21.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 65/163
MANUALSMANUALS
We first read the manuals
Some references to internal CPU buffers
But no further explanation
Where would you even start?
21.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 66/163
That’s why we started reading patents instead!
22.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 67/163
We read a lot of patents, and survived!
22.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 68/163
So today I can tell you a bit more about them
23.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 69/163
But wait, what are these
Line Fill Buffers?
23.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 70/163
They were never mentioned during
my Computer Architecture courses
but maybe I didn’t pay attention
23.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 71/163
LINE FILL BUFFERS?LINE FILL BUFFERS?
Central buffer between execution units, L1d and L2 toimprove memory throughput
23.4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 72/163
LINE FILL BUFFERS?LINE FILL BUFFERS?
Central buffer between execution units, L1d and L2 toimprove memory throughput
23.5
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 73/163
LINE FILL BUFFERS?LINE FILL BUFFERS?
Central buffer between execution units, L1d and L2 toimprove memory throughput
23.6
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 74/163
LINE FILL BUFFERS?LINE FILL BUFFERS?
Central buffer between execution units, L1d and L2 toimprove memory throughput
23.7
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 75/163
LINE FILL BUFFERS?LINE FILL BUFFERS?Multiple roles:
Asynchronous memory requests
Load squashing
Write combining
Uncached memory
23.8
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 76/163
LINE FILL BUFFERS?LINE FILL BUFFERS?Multiple roles:
Asynchronous memory requests
Load squashing
Write combining
Uncached memory
23.9
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 77/163
LINE FILL BUFFERS?LINE FILL BUFFERS?CPU design: what to do on a cache miss?
24.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 78/163
LINE FILL BUFFERS?LINE FILL BUFFERS?CPU design: what to do on a cache miss?
Send out memory request
24.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 79/163
LINE FILL BUFFERS?LINE FILL BUFFERS?CPU design: what to do on a cache miss?
Send out memory request
Wait for completion
24.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 80/163
LINE FILL BUFFERS?LINE FILL BUFFERS?CPU design: what to do on a cache miss?
Send out memory request
Wait for completion
Blocks other loads/stores
24.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 81/163
LINE FILL BUFFERS?LINE FILL BUFFERS?Solution: keep track of address in LFB
24.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 82/163
LINE FILL BUFFERS?LINE FILL BUFFERS?Solution: keep track of address in LFB
Send out memory request
24.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 83/163
LINE FILL BUFFERS?LINE FILL BUFFERS?Solution: keep track of address in LFB
Send out memory request
Allocate LFB entry
24.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 84/163
LINE FILL BUFFERS?LINE FILL BUFFERS?Solution: keep track of address in LFB
Send out memory request
Allocate LFB entry
Store address in LFB
24.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 85/163
LINE FILL BUFFERS?LINE FILL BUFFERS?Solution: keep track of address in LFB
Send out memory request
Allocate LFB entry
Store address in LFB
Serve other loads/stores
24.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 86/163
LINE FILL BUFFERS?LINE FILL BUFFERS?Solution: keep track of address in LFB
Send out memory request
Allocate LFB entry
Store address in LFB
Serve other loads/stores
Pending request eventually completes
24.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 87/163
LINE FILL BUFFERS?LINE FILL BUFFERS?Solution: keep track of address in LFB
Send out memory request
Allocate LFB entry
Store address in LFB
Serve other loads/stores
Pending request eventually completes
24.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 88/163
LINE FILL BUFFERS?LINE FILL BUFFERS?Allocate LFB entry
May contain data from previous load
RIDL exploits this
24.4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 89/163
EXPERIMENTSEXPERIMENTS
Experiments in the paper
25.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 90/163
EXPERIMENTSEXPERIMENTS
Experiments in the paper
25.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 91/163
EXPERIMENTSEXPERIMENTS
Experiments in the paper
25.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 92/163
EXPERIMENTSEXPERIMENTS
Conclusion: our primary RIDL instance leaks from LineFill Buffers
25.4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 93/163
How do we mount a RIDL attack?
26.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 94/163
THREAT MODELTHREAT MODEL
Victim VM in the cloud
26.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 95/163
THREAT MODELTHREAT MODEL
We get a VM on the same server
26.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 96/163
THREAT MODELTHREAT MODEL
We make sure it is co-located
26.4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 97/163
THREAT MODELTHREAT MODEL
Victim VM runs an SSH server
26.5
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 98/163
CHALLENGESCHALLENGES
27.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 99/163
IN-FLIGHT DATAIN-FLIGHT DATA
How do we get data in flight?
27.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 100/163
IN-FLIGHT DATAIN-FLIGHT DATA
We run an SSH client…
27.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 101/163
IN-FLIGHT DATAIN-FLIGHT DATA
... that keeps connecting to the SSH server
27.4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 102/163
IN-FLIGHT DATAIN-FLIGHT DATA
The SSH server loads /etc/shadow through LFB
27.5
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 103/163
IN-FLIGHT DATAIN-FLIGHT DATA
The contents from /etc/shadow are in flight
27.6
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 104/163
CHALLENGESCHALLENGES
28.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 105/163
LEAKINGLEAKING
Now that the data is in flight, we want to leak it
28.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 106/163
LEAKINGLEAKING
We run our RIDL program on our server…
28.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 107/163
LEAKINGLEAKING
...which leaks the data from the LFB
28.4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 108/163
What does this program look like?
29.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 109/16329.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 110/16329.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 111/16329.4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 112/16329.5
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 113/16329.6
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 114/16329.7
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 115/16329.8
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 116/16329.9
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 117/16329.10
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 118/16329.11
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 119/16329.12
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 120/16329.13
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 121/16329.14
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 122/16329.15
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 123/163
CHALLENGESCHALLENGES
30
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 124/163
RIDL is like drinking from a fire hose
31.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 125/163
You just get whatever data is in flight!
31.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 126/163
FILTERING DATAFILTERING DATAHow can we filter data?
32.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 127/163
FILTERING DATAFILTERING DATAHow can we filter data?
We want to leak from /etc/shadow
32.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 128/163
FILTERING DATAFILTERING DATAHow can we filter data?
We want to leak from /etc/shadow
First line /etc/shadow is for root
32.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 129/163
FILTERING DATAFILTERING DATAHow can we filter data?
We want to leak from /etc/shadow
First line /etc/shadow is for root
Starts with "root:"
32.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 130/163
FILTERING DATAFILTERING DATAHow can we filter data?
We want to leak from /etc/shadow
First line /etc/shadow is for root
Starts with "root:"
Use prefix matching:
Match ⇒ we learn a new byte
No Match ⇒ discard
32.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 131/163
FILTERINGFILTERING
32.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 132/163
FILTERINGFILTERING
32.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 133/163
FILTERINGFILTERING
32.4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 134/163
FILTERINGFILTERING
32.5
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 135/163
FILTERINGFILTERING
32.6
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 136/163
FILTERINGFILTERING
32.7
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 137/163
FILTERINGFILTERING
32.8
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 138/163
FILTERINGFILTERING
32.9
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 139/163
FILTERINGFILTERING
32.10
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 140/163
CHALLENGESCHALLENGES
33
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 141/163
MORE EXAMPLESMORE EXAMPLESMore examples in the paper:
34
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 142/163
MORE EXAMPLESMORE EXAMPLESMore examples in the paper:
Leaking internal CPU data (e.g. page tables)
34
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 143/163
MORE EXAMPLESMORE EXAMPLESMore examples in the paper:
Leaking internal CPU data (e.g. page tables)
Arbitrary kernel read
34
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 144/163
MORE EXAMPLESMORE EXAMPLESMore examples in the paper:
Leaking internal CPU data (e.g. page tables)
Arbitrary kernel read
Leaking in the browser
34
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 145/163
MITIGATIONMITIGATIONSame-thread:
verw overwrite all buffers
Special Assembly snippets
Cross-thread:
Complex scheduling and synchronization
35.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 146/163
MITIGATIONMITIGATIONSame-thread:
verw overwrite all buffers
Special Assembly snippets
Cross-thread:
Complex scheduling and synchronization
Disable Intel Hyper-Threading®
35.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 147/163
Disclosure process
36.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 148/16336.2
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 149/16336.3
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 150/16336.4
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 151/16336.5
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 152/16336.6
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 153/16336.7
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 154/16336.8
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 155/16336.9
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 156/163
MDS TOOLMDS TOOLWe wrote a tool to verify your system:
37
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 157/163
CONCLUSIONCONCLUSION
38.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 158/163
CONCLUSIONCONCLUSIONSpectre and Meltdown, just one mistake?
38.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 159/163
CONCLUSIONCONCLUSIONSpectre and Meltdown, just one mistake?
New class of speculative execution attacks
38.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 160/163
CONCLUSIONCONCLUSIONSpectre and Meltdown, just one mistake?
New class of speculative execution attacks
Many more buffers other than caches to leak from
38.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 161/163
CONCLUSIONCONCLUSIONSpectre and Meltdown, just one mistake?
New class of speculative execution attacks
Many more buffers other than caches to leak from
Does not rely on addresses ⇒ hard to mitigate
38.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 162/163
CONCLUSIONCONCLUSIONSpectre and Meltdown, just one mistake?
New class of speculative execution attacks
Many more buffers other than caches to leak from
Does not rely on addresses ⇒ hard to mitigate
Across security domains, and in the browser
38.1
5/20/2019 RIDL: Rogue In-flight Data Load
file:///D:/slides/slides.html?print-pdf 163/163
CONCLUSIONCONCLUSIONSpectre and Meltdown, just one mistake?
New class of speculative execution attacks
Many more buffers other than caches to leak from
Does not rely on addresses ⇒ hard to mitigate
Across security domains, and in the browser
@themadstephan @vu5ec
https://mdsattacks.com
38.2
