Manuel Wiesinger in Bucharest, Romania on November 8-9th 2018 at DefCamp #9. The videos and other presentations can be found on https://def.camp/archive

2. CPU Vulnerabilities
Where are we now?
Manuel Wiesinger
mwiesinger@sba-research.at

3. What happened so far?
2018
Spectre
V1,V2,V3
(M
eltdow
n)
Jan.

4. What happened so far?
2018
Spectre
V1,V2,V3
(M
eltdow
n)
Jan.
Firstreportsofexperim
entalexploitation
Feb.

5. What happened so far?
2018
Spectre
V1,V2,V3
(M
eltdow
n)
Jan.
Firstreportsofexperim
entalexploitation
Feb.
BranchScope
M
ar.
Spectre
V3a,Spectre
V4
M
ay
LazyFP,SGX
Spectre
Jun.
Spectre1.1,Spectre1.2,NetSpectre,ret2spec,SpectreRSB
Jul.
L1TFSGX,L1TFOS/SM
M
,L1TFVM
M
,Labeled
Aug.

6. What happened so far?
2018
Spectre
V1,V2,V3
(M
eltdow
n)
Jan.
Firstreportsofexperim
entalexploitation
Feb.
BranchScope
M
ar.
Spectre
V3a,Spectre
V4
M
ay
LazyFP,SGX
Spectre
Jun.
Spectre1.1,Spectre1.2,NetSpectre,ret2spec,SpectreRSB
Jul.
L1TFSGX,L1TFOS/SM
M
,L1TFVM
M
,Labeled
Aug.
Yetanotherone!
Oct.
2

7. Impact
• Allows data extraction from arbitrary local memory (!)
3

8. Impact
• Allows data extraction from arbitrary local memory (!)
• Exploitable from JavaScript environments (websites!!)
3

9. Impact
• Allows data extraction from arbitrary local memory (!)
• Exploitable from JavaScript environments (websites!!)
• Via the network (!!!)
3

10. Impact
• Allows data extraction from arbitrary local memory (!)
• Exploitable from JavaScript environments (websites!!)
• Via the network (!!!)
3

11. Who can feel safe?
• Nobody using computers built after 1995.
◦ Any CPU manufacturer
◦ Any operating system
◦ Any Device type
• Don’t trust the memory!
4

12. How can we fix CPU
vulnerabilities ?

13. Can software fix this?Do we need to throw all our computers away?
5

14. 6

15. Attack Limitations
• Difficult — conventional attacks typically easier
7

16. Attack Limitations
• Difficult — conventional attacks typically easier
• Via the network
◦ Works only under laboratory conditions
◦ Slow (15 bit / hour)
7

17. Attack Limitations
• Difficult — conventional attacks typically easier
• Via the network
◦ Works only under laboratory conditions
◦ Slow (15 bit / hour) — Still: extract a 256 bit key in ∼ 17 hours
7

18. Attack Limitations
• Difficult — conventional attacks typically easier
• Via the network
◦ Works only under laboratory conditions
◦ Slow (15 bit / hour) — Still: extract a 256 bit key in ∼ 17 hours
• Mitigations on the way
◦ Partly already deployed via microcode and OS upgrades
7

19. Fixes for CPU-Vulnerabilities
Name CVE Aliases CVSS Impact Fix available
Spectre V1 2017-5753 Bounds Check Bypass 5.6 Memory Microcode/Browser/OS
Spectre V2 2017-5715 5.6 Memory Microcode/Compiler ?
Spectre V3 2017-5754 Meltdown 5.6 Kernel memory OS
Spectre V3a 2018-3640 Spectre V3a (RSRE) 5.6 Register data Microcode?
Spectre V4 2018-3639 Speculative Store Bypass (SSB) 5.5 Memory OS
Spectre V5 N/A ret2spec 5.5 Memory Browser?
SpectreRSB N/A N/A Memory OS
Lazy FP 2018-3665 5.6 Registers OS
Spectre1.1 2018-3693 5.6 Kernel memory OS
Spectre1.2 N/A N/A Kerslidesmory OS
L1TF: SGX 2018-3615 Foreshadow (SGX) 6.4 SGX enclaves Microcode
L1TF: OS/SMM 2018-3620 Foreshadow-NG (OS) 5.6 Kernel memory Microcode
L1TF: VMM 2018-3646 Foreshadow-NG (VMM) 5.6 Kernel memory Microcode
BranchScope 2018-9056 5.6 VM memory Microcode?
SGXPectre N/A N/A SGX enclaves Microcode?
NetSpectre N/A N/A Remote memory OS?
TLBleed N/A N/A Microcode?
8

20. We do not know what
else is out there!
9

21. How do CPU
vulnerabilities work?

22. Two Basic Terms
• Side-channel
◦ Passive
◦ E.g Timing analysis, or even acoustic analysis
10

23. Two Basic Terms
• Side-channel
◦ Passive
◦ E.g Timing analysis, or even acoustic analysis
• Covered Channel
◦ Active
◦ E.g. Trojan Horse
10

24. CPU-Caches
CPU
CPU-Cache
← data →
command →
address →
11

25. Hyper-Threading
CPU

26. Hyper-Threading
CPU
Process 1
0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90
0x90 0x90 0x90

27. Hyper-Threading
CPU
Process 1
0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90
0x90 0x90 0x90
Process 2
0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE
0xAE 0xAE 0xAE

28. Hyper-Threading
CPU
Process 1
0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90
0x90 0x90 0x90
Process 2
0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE
0xAE 0xAE 0xAE

29. Hyper-Threading
CPU
Process 1
0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90 0x90
0x90 0x90 0x90
Process 2
0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE
0xAE 0xAE 0xAE
12

30. Speculative Execution
CPU

31. Speculative Execution
CPU
Process 1
0x90 0x90 0x90 0x90 0x90
0x90 0x90 0x90

32. Speculative Execution
CPU
Process 1
0x90 0x90 0x90 0x90 0x90
0x90 0x90 0x90
Process 2
0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE
0xAE 0xAE 0xAE

33. Speculative Execution
CPU
Process 1
0x90 0x90 0x90 0x90 0x90
0x90 0x90 0x90
Process 2
0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE
0xAE 0xAE 0xAE
CPU-Cache

34. Speculative Execution
CPU
Process 1
0x90 0x90 0x90 0x90 0x90
0x90 0x90 0x90
Process 2
0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE
0xAE 0xAE 0xAE
CPU-Cache
? ? ? ? ?
”I try to guess, so I’m faster!”

35. Speculative Execution
CPU
Process 1
0x90 0x90 0x90 0x90 0x90
0x90 0x90 0x90
Process 2
0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE
0xAE 0xAE 0xAE
CPU-Cache
? ? ? ? ?
”I try to guess, so I’m faster!”

36. Speculative Execution
CPU
Process 1
0x90 0x90 0x90 0x90 0x90
0x90 0x90 0x90
Process 2
0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE
0xAE 0xAE 0xAE
CPU-Cache
? ? ? ? ?
”I try to guess, so I’m faster!”

37. Speculative Execution
CPU
Process 1
0x90 0x90 0x90 0x90 0x90
0x90 0x90 0x90
Process 2
0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE
0xAE 0xAE 0xAE
CPU-Cache
? ? ? ? ?
”I try to guess, so I’m faster!”

38. Speculative Execution
CPU
Process 1
0x90 0x90 0x90 0x90 0x90
0x90 0x90 0x90
Process 2
0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE 0xAE
0xAE 0xAE 0xAE
CPU-Cache
? ? ? ? ?
”I try to guess, so I’m faster!”
13

39. Hands on! — Meltdown

40. Hands on! — Meltdown
1. Access data D at an illegal address — get’s executed
speculatively
2. Make an address A of the data D — just a shl
3. Load data at address A
4. Program crashes
5. Do some tricks (e.g. fork)
6. Probe access time to A to learn if it is cached
7. Now we know that an address based on D is cached
8. Revert step 2 to get the data
14

41. How can you protect yourself?
15

42. How can you protect yourself?
• As always: Apply Security-Updates!
15

43. How can you protect yourself?
• As always: Apply Security-Updates!
• Don’t trust the memory!
15

44. How can you protect yourself?
• As always: Apply Security-Updates!
• Don’t trust the memory!
◦ Overwrite critical data!
15

45. How can you protect yourself?
• As always: Apply Security-Updates!
• Don’t trust the memory!
◦ Overwrite critical data!
◦ C: explicit_bzero()
15

46. How can you protect yourself?
• As always: Apply Security-Updates!
• Don’t trust the memory!
◦ Overwrite critical data!
◦ C: explicit_bzero()
◦ Java: char[]
15

47. How can you protect yourself?
• As always: Apply Security-Updates!
• Don’t trust the memory!
◦ Overwrite critical data!
◦ C: explicit_bzero()
◦ Java: char[]
◦ Python, Go, and co. (essentially all garbage collecting languages
with immutable strings): No guaranteed solution.
15

48. Questions?
16

49. Backup Slides

50. Meltdown
1 retry:
2 mov al , byte [rcx]
3 shl rax , 0xc
4 jz retry
5 mov rbx , qword [rbx + rax]
17

51. Meltdown
1 retry:
2 mov al , byte [rcx]
3 shl rax , 0xc
4 jz retry
5 mov rbx , qword [rbx + rax]
18

52. Meltdown
1 retry:
2 mov al, byte [rcx]
3 shl rax , 0xc
4 jz retry
5 mov rbx , qword [rbx + rax]
19

53. Meltdown
1 retry:
2 mov al , byte [rcx]
3 shl rax, 0xc
4 jz retry
5 mov rbx , qword [rbx + rax]
20

54. Meltdown
1 retry:
2 mov al , byte [rcx]
3 shl rax , 0xc
4 jz retry
5 mov rbx , qword [rbx + rax]
21

55. Meltdown
1 retry:
2 mov al , byte [rcx]
3 shl rax , 0xc
4 jz retry
5 mov rbx , qword [rbx + rax]
22

56. Meltdown
1 retry:
2 mov al , byte [rcx]
3 shl rax , 0xc
4 jz retry
5 mov rbx, qword [rbx + rax]
23