Meltdown & Spectre attacks

MeltdownMeltdown
andand
SpectreSpectre
attacksattacks
Marian MarinovMarian Marinov
mm@siteground.commm@siteground.com
Chief System ArchitectChief System Architect
Head of the DevOps departmentHead of the DevOps department

Some attacks firstSome attacks first
➢ Timing attacks
➢ Side channel attacks

MeltdownMeltdown
➢ Exploiting the out-of-order execution
1. you need code like this(where i is 200000):
if (array[i] < 200) a = i+b;
else a = array[i];
2. speculative execution will cause the CPU to
execute both the if and the else blocks
3. clear the CPU cache (clflush() will do the job)
4. execute your tool and read all the cache
5. Bytes that are fetched into the cache will be
faster to read then bytes that are NOT

MeltdownMeltdown
➢ Because of out-of-order execution
1. The memory pointed by array[i] will be
fetched by the CPU into the L3 cache
2. but because array[i] points to memory
address outside the processes region, it will die
with SIGSEGV
3. Now the parent, can examine all the memory of
the child and it does so by timing every read from
memory
4. Data that is in the cache is faster to read :)

SpectreSpectre
➢ Variant 1
➢ Variant 2

SpectreSpectre
➢ Variant 1
➢ Exploiting Conditional Branches
➢ Variant 2

SpectreSpectre
➢ Variant 1
➢ Exploiting Conditional Branches
➢ Variant 2
➢ Pre-training the branch predictor

Spectre Variant 1Spectre Variant 1
struct array { u_long length; u_char data[]; };
struct array *arr1 = ...; // small array
struct array *arr2 = ...; // array of size 0x400
// >0x400 (OUT OF BOUNDS!)
u_long u = untrusted_offset_from caller;
if (u < arr1->length) {
u_char val = arr1->data[u];
u_long i2 = ((val&1)*0x100)+0x200;
if (index2 < arr2->length) {
unsigned char val2 = arr2->data[i2];
}
}

Spectre Variant 2Spectre Variant 2
➢ Simply train the branch predictor to mispredict a
condition
➢ Then read the memory and time the reads.

Spectre attacksSpectre attacks
➢ Both Spectre vulnerabilities require that the
attacking code is running on the same core or
hyper-thread on that core in order to be exploited

History branch predictionHistory branch prediction
➢ 1991 Two-level adaptive training branch
prediction
➢ 1998 Research on Neural Branch Predictors
➢ 2001 Dynamic branch prediction with
perceptrons
➢ 2016 Perceptron learning for reuse prediction

History Cache attacksHistory Cache attacks
➢ 2005 Cache missing for fun and profit
➢ 2013 Practical Timing Side Channel Attacks
➢ 2014 Just a Little Bit
➢ 2014 Flush+Reload
➢ 2015 Cache Template Attacks
➢ 2015 Last-Level Cache Side-Channel Attacks
are Practical
➢ 2016 Prefetch Side-Channel Attacks
➢ 2016 Flush+Flush
➢ 2016 Breaking KASLR with TSX
➢ 2017 Practical Cache Attacks on the MMU

Now, some backgroundNow, some background
CPUCPU
ArchitectureArchitecture
Intel Core i7

PCI Express
interconnects
CPUCPU
Intel Core i7

PCI Express
interconnects
CPUCPU
L2 & L1 cache
Intel Core i7

Shared L3 Cache (LLC)
Synchronization
L1
Instruction
cache
Branch Predict.Isnt. Fetch
Pipeline(s)
Instruction decoder
Dispatch Integer
Cluster
2FPU
W.C. Cache
L1
Instruction
cache
L1
data
cache
Integer
Cluster
1
L1
data
cache
L2 Data Cache
shared
Core
Iface
Single Core
L1
Instruction
cache
Branch Predict.Isnt. Fetch
Pipeline(s)
Instruction decoder
Dispatch Integer
Cluster
2FPU
W.C. Cache
L1
Instruction
cache
L1
data
cache
Integer
Cluster
1
L1
data
cache
L2 Data Cache
shared
Core
Iface
Single Core
L1
Instruction
cache
Ins
L1
Instruction
cache
Integer
Cluster
1
L1
data
cache
Core
Iface
AMD Bulldozer block diagram

Floating Point
L1 D-Cache D-TLB
Schedulers
Integer
μop queues
Decoder
Trace Cache
Rename/Alloc
μop ROMBTB
BTB and I-TLB
BusL2CacheandControl

Floating Point
L1 D-Cache D-TLB
Schedulers
Integer
μop queues
Decoder
Trace Cache
Rename/Alloc
μop ROMBTB
BTB and I-TLB
Thread 1: floating point

Floating Point
L1 D-Cache D-TLB
Schedulers
Integer
μop queues
Decoder
Trace Cache
Rename/Alloc
μop ROMBTB
BTB and I-TLB
Thread 1: integer

Floating Point
L1 D-Cache D-TLB
Schedulers
Integer
μop queues
Decoder
Trace Cache
Rename/Alloc
μop ROMBTB
BTB and I-TLB
Thread 1: integer Thread 2: floating point

Meltdown mitigationMeltdown mitigation
➢ Protection
➢ Kernel Page Table Isolation
kernel space
user space
All memory

Meltdown Meltdown mitigationmitigation
➢ Protection
➢ Kernel Page Table Isolation
kernel space
user space
All memory

Spectre MitigationsSpectre Mitigations
➢ Retpoline
Variant 1Variant 1

Spectre Spectre MitigationsMitigations
➢ Indirect Branch Restricted Speculation (IBRS)
➢ Single Thread Indirect Branch Predictors
(STIBP)
➢ Indirect Branch Predictor Barrier (IBPB)
Variant 2Variant 2

➢ disable branch prediction
(STIBP)
Variant 2Variant 2

(STIBP)
➢ isolate the predictions to hyper-thread
Variant 2Variant 2

(STIBP)
➢ isolate the predictions to hyper-thread
➢ prevent user space predictions to leak to
kernel space (on every context switch)
Variant 2Variant 2

Expect more exploitsExpect more exploits
➢ SIMD - Single Instruction Multiple Data
➢ MIMD - Multiple Instructions Multiple Data
➢ Larger Registers with larger branch predictors
➢ SSE*, AVX, AVX256, AVX512

LinksLinks
https://spectreattack.com/
https://www.techarp.com/articles/meltdown-spectr
e-cpu-flaws/
https://github.com/IAIK/meltdown/
https://github.com/marcan/speculation-bugs/blo
b/master/README.md#bti-linuxqemu-ibrs-patches
https://googleprojectzero.blogspot.bg/2018/01/rea
ding-privileged-memory-with-side.html

Meltdown & Spectre attacks

More Related Content

What's hot

Similar to Meltdown & Spectre attacks

More from Marian Marinov

Recently uploaded

Meltdown & Spectre attacks