This document discusses how abusing CPU hot-add weaknesses could allow escalating privileges in server datacenters. It describes how CPU hot-add works, allowing addition of new CPUs to a running system without shutting down. Two memory regions important for hot-add are identified as assets to protect: 0x38000 holding SMI code, and 0x0e2000 holding SIPI vectors. An attack corrupting 0x38000 to inject malicious SMI code and escalate to SMM privileges is demonstrated. Mitigation using hardware protection of memory regions from DMA is discussed.
Matt Oh, Microsoft
We are seeing new technique used everyday by malware. But, it is very hard to find any impressive techniques used in the wild. Recently there was huge buzz about Detrahere malware which used internally known issues with certificate signing in Windows 10 kernel driver. Even though the certificate check bypass technique itself is very interesting, also I found that the tactics used by the malware is more impressive. Even though the malware is mainly focused on Ad-hijacking functionality through Netfilter driver installation, but it also has rootkit ability through file system driver hooking. This feels like old days coming back with various new arsenals. The rootkit detects kernel debugging settings and will destroy the system when it finds one. The unpacking process can be very challenging job, too as it uses kernel driver image hollowing technique (something similar to process hollowing) to deobfuscate itself and run unpacked code. Our patchguard doesn't seem like triggering on this action, because all the sections are pre-allocated with execute permission already.
Through this talk, I want to present various techniques used by this malware focusing on the kernel level obfuscation and anti-analysis tactics. This will give us new insights on how new Windows rootkit malware might look like in the future and how detecting them from security systems and detonation systems can be a challenge.
Luke Jennings, Countercept
Attackers have been avoiding disk and staying memory resident for over a decade and this has traditionally proven an Achilles heels for security products and the teams that operate them. The boom in both EDR products and memory forensics toolkits in more recent years have helped defenders to fight back but attackers are already adapting their approaches.
This talk will cover both classic and modern techniques for injecting code into legitimate processes on Microsoft Windows systems, as well as several techniques for detecting them. This will include both system tracing methods, good for proactive detection, as well as memory analysis techniques that have the added benefit of allow detection of pre-existing compromises in real-world incident response scenarios, with a brief case study example. As part of this, practical examples will be given showing how Microsoft’s ATP and Sysmon help in this area as well as other techniques. Finally, the future of this area will be considered, including how the .NET runtime already complicates detection techniques in this area and how this will likely become increasingly challenging as more attackers discover and exploit this.
By the end of the talk, the audience should understand the importance of code injection in the context of memory-resident implants, the key techniques for performing it and detecting it and the challenges of achieving this in the real-world at enterprise scale.
Matt Oh, Microsoft
We are seeing new technique used everyday by malware. But, it is very hard to find any impressive techniques used in the wild. Recently there was huge buzz about Detrahere malware which used internally known issues with certificate signing in Windows 10 kernel driver. Even though the certificate check bypass technique itself is very interesting, also I found that the tactics used by the malware is more impressive. Even though the malware is mainly focused on Ad-hijacking functionality through Netfilter driver installation, but it also has rootkit ability through file system driver hooking. This feels like old days coming back with various new arsenals. The rootkit detects kernel debugging settings and will destroy the system when it finds one. The unpacking process can be very challenging job, too as it uses kernel driver image hollowing technique (something similar to process hollowing) to deobfuscate itself and run unpacked code. Our patchguard doesn't seem like triggering on this action, because all the sections are pre-allocated with execute permission already.
Through this talk, I want to present various techniques used by this malware focusing on the kernel level obfuscation and anti-analysis tactics. This will give us new insights on how new Windows rootkit malware might look like in the future and how detecting them from security systems and detonation systems can be a challenge.
Luke Jennings, Countercept
Attackers have been avoiding disk and staying memory resident for over a decade and this has traditionally proven an Achilles heels for security products and the teams that operate them. The boom in both EDR products and memory forensics toolkits in more recent years have helped defenders to fight back but attackers are already adapting their approaches.
This talk will cover both classic and modern techniques for injecting code into legitimate processes on Microsoft Windows systems, as well as several techniques for detecting them. This will include both system tracing methods, good for proactive detection, as well as memory analysis techniques that have the added benefit of allow detection of pre-existing compromises in real-world incident response scenarios, with a brief case study example. As part of this, practical examples will be given showing how Microsoft’s ATP and Sysmon help in this area as well as other techniques. Finally, the future of this area will be considered, including how the .NET runtime already complicates detection techniques in this area and how this will likely become increasingly challenging as more attackers discover and exploit this.
By the end of the talk, the audience should understand the importance of code injection in the context of memory-resident implants, the key techniques for performing it and detecting it and the challenges of achieving this in the real-world at enterprise scale.
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
In era of cloud computing, security is becoming more and more critical for customers. In existing HW/SW architecture hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel Software Guard Extension (SGX) provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers. Intel SGX makes such protection possible through the use of enclave, which is a protected area in userspace application where the code/data cannot be accessed directly by any software from outside. This presentation intends to give you an introduction of Intel SGX technology, including what it is, how it works, and the existing SW stack to enable SGX for customers, followed by introduction of our work to support SGX virtualization in Xen hypervisor, including the high-level design, current status and future plan.
Long-term Maintenance Model of Embedded Industrial Linux DistributionSZ Lin
To introduce a robust, secure and reliable platform for the industrial environments is a key challenge; moreover, the platform needs to survive for a long time (more than 10+ years). There are many good solutions aiming to meet these requirements, such as LTSI (Long Term Support Initiative) and CIP (Civil Infrastructure Platform). However, it still needs a high amount of maintenance and development costs in handling SoC/ hardware board in-house patch, non-upstream driver and keep source code consistent with different SoC and platform afterwards.
In this presentation, SZ Lin will introduce how to operate long-term maintenance model of embedded industrial Linux distribution. In addition, he will also address the building, deploying and testing architecture and workflow for producing a robust, secure and reliable platform.
Karen Easterbrook, Microsoft
Brian LaMacchia, Microsoft
Quantum computers may be 10 years away, but well-funded adversaries are already preparing for their arrival. Even if they can’t read high-value encrypted traffic today, they are recording and storing for when they can decrypt it in the future. If your secrets need to be protected for more than 10 years, you need to take action now. In this talk, we will explore how sufficiently large quantum computers will catastrophically break all public-key cryptography commonly used today, the overall scope of this threat, and the steps underway to develop and deploy quantum-resistant replacement algorithms and security protocols. We will introduce the code and tools that you can use today to fend off these future advanced threats.
Claudio Scordino - Handling mixed criticality on embedded multi-core systemslinuxlab_conf
This talk illustrates how to use the Jailhouse hypervisor for running Linux alongside an RTOS on modern ARM multi-core SoCs, aiming at building smarter devices for the automotive market.
Recently, the industry has shown a growing interest for executing activities with different levels of criticality on the same multi-core SoC. These could consist, for example, of non-critical activities (e.g., monitoring, logging, human-machine intefaces) together with safety-critical tasks. The rationale behind this interest is the continuous need for reducing the time-to-market as well as the design and hardware costs. This is particularly suitable for the automotive market, where new infotainment functionalities might be coupled with traditional safety-critical tasks (e.g. engine/brake control). In this talk, we will present our experience (grown through the HERCULES EU project) in using the Jailhouse hypervisor for executing the Linux general-purpose OS alongside an automotive RTOS on modern ARM multi-core platforms. Besides providing useful instructions for using Jailhouse, we will illustrate a library designed for easing the communication between the two OSs as well as some mechanism for limiting the interference on shared hardware resources. Finally, a short video of a simple demo will show the effectiveness of the proposed approach.
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
Smart connected devices such as mobile phones, tablets and Digital TVs are required to handle data with strong security and confidentiality requirements. A “Trusted Execution Environment” (TEE) provides an environment for processing data securely, protected from normal platform applications. This talk is intended as an introduction to Trusted Execution, and the open-source Trusted Execution Environment OP-TEE in particular. It introduces the GlobalPlatform TEE Specifications, explains how Trusted Execution is implemented by ARM TrustZone and OP-TEE, and outlines how trusted boot software manages the secure boot of an ARM platform. Finally, it gives some pointers on how to get started with OP-TEE.
Implementing SR-IOv failover for Windows guests during live migrationYan Vugenfirer
Presentation from KVM Forum 2020.
In the past, there were several attempted to enable live migration for VMs that are using SR-IOV NICs. We are going to discuss the recent development based on the SR-IOV failover feature in virtio specification and its implementation for the Windows guests. In this session, Annie Li and Yan Vugenfirer will provide an overview of the failover feature and discuss specifics of the Windows guest implementation.
Alessio Lama - Development and testing of a safety network protocollinuxlab_conf
The progress in the industrial automation, automotive, biomedical and avionic sectors requires the use of safety network protocols that in some cases have to satisfy real time constrains. In this talk we will discuss about facing the major issues of the network, which tools to use to test and analyze the protocol and we will understand the usefulness of integrating PTP and PRP modules in our communication.
XPDDS17: Introduction to Intel SGX and SGX Virtualization - Kai Huang, IntelThe Linux Foundation
In era of cloud computing, security is becoming more and more critical for customers. In existing HW/SW architecture hypervisor does not protect tenants against the cloud provider and thus the supplied operating system and hardware. Intel Software Guard Extension (SGX) provides a mechanism that addresses this scenario. It aims at protecting user-level software from attacks from other processes, the operating system, and even physical attackers. Intel SGX makes such protection possible through the use of enclave, which is a protected area in userspace application where the code/data cannot be accessed directly by any software from outside. This presentation intends to give you an introduction of Intel SGX technology, including what it is, how it works, and the existing SW stack to enable SGX for customers, followed by introduction of our work to support SGX virtualization in Xen hypervisor, including the high-level design, current status and future plan.
Long-term Maintenance Model of Embedded Industrial Linux DistributionSZ Lin
To introduce a robust, secure and reliable platform for the industrial environments is a key challenge; moreover, the platform needs to survive for a long time (more than 10+ years). There are many good solutions aiming to meet these requirements, such as LTSI (Long Term Support Initiative) and CIP (Civil Infrastructure Platform). However, it still needs a high amount of maintenance and development costs in handling SoC/ hardware board in-house patch, non-upstream driver and keep source code consistent with different SoC and platform afterwards.
In this presentation, SZ Lin will introduce how to operate long-term maintenance model of embedded industrial Linux distribution. In addition, he will also address the building, deploying and testing architecture and workflow for producing a robust, secure and reliable platform.
Karen Easterbrook, Microsoft
Brian LaMacchia, Microsoft
Quantum computers may be 10 years away, but well-funded adversaries are already preparing for their arrival. Even if they can’t read high-value encrypted traffic today, they are recording and storing for when they can decrypt it in the future. If your secrets need to be protected for more than 10 years, you need to take action now. In this talk, we will explore how sufficiently large quantum computers will catastrophically break all public-key cryptography commonly used today, the overall scope of this threat, and the steps underway to develop and deploy quantum-resistant replacement algorithms and security protocols. We will introduce the code and tools that you can use today to fend off these future advanced threats.
Claudio Scordino - Handling mixed criticality on embedded multi-core systemslinuxlab_conf
This talk illustrates how to use the Jailhouse hypervisor for running Linux alongside an RTOS on modern ARM multi-core SoCs, aiming at building smarter devices for the automotive market.
Recently, the industry has shown a growing interest for executing activities with different levels of criticality on the same multi-core SoC. These could consist, for example, of non-critical activities (e.g., monitoring, logging, human-machine intefaces) together with safety-critical tasks. The rationale behind this interest is the continuous need for reducing the time-to-market as well as the design and hardware costs. This is particularly suitable for the automotive market, where new infotainment functionalities might be coupled with traditional safety-critical tasks (e.g. engine/brake control). In this talk, we will present our experience (grown through the HERCULES EU project) in using the Jailhouse hypervisor for executing the Linux general-purpose OS alongside an automotive RTOS on modern ARM multi-core platforms. Besides providing useful instructions for using Jailhouse, we will illustrate a library designed for easing the communication between the two OSs as well as some mechanism for limiting the interference on shared hardware resources. Finally, a short video of a simple demo will show the effectiveness of the proposed approach.
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
Smart connected devices such as mobile phones, tablets and Digital TVs are required to handle data with strong security and confidentiality requirements. A “Trusted Execution Environment” (TEE) provides an environment for processing data securely, protected from normal platform applications. This talk is intended as an introduction to Trusted Execution, and the open-source Trusted Execution Environment OP-TEE in particular. It introduces the GlobalPlatform TEE Specifications, explains how Trusted Execution is implemented by ARM TrustZone and OP-TEE, and outlines how trusted boot software manages the secure boot of an ARM platform. Finally, it gives some pointers on how to get started with OP-TEE.
Implementing SR-IOv failover for Windows guests during live migrationYan Vugenfirer
Presentation from KVM Forum 2020.
In the past, there were several attempted to enable live migration for VMs that are using SR-IOV NICs. We are going to discuss the recent development based on the SR-IOV failover feature in virtio specification and its implementation for the Windows guests. In this session, Annie Li and Yan Vugenfirer will provide an overview of the failover feature and discuss specifics of the Windows guest implementation.
Alessio Lama - Development and testing of a safety network protocollinuxlab_conf
The progress in the industrial automation, automotive, biomedical and avionic sectors requires the use of safety network protocols that in some cases have to satisfy real time constrains. In this talk we will discuss about facing the major issues of the network, which tools to use to test and analyze the protocol and we will understand the usefulness of integrating PTP and PRP modules in our communication.
Pivotal Cloud Foundry 2.4: A First LookVMware Tanzu
Join Dan Baskette and Jared Ruckle for a view into Pivotal Cloud Foundry (PCF) 2.4 capabilities with demos and expert Q&A. We’ll review the latest features for Pivotal’s flagship app platform, including the following:
- Native zero downtime push and native zero downtime restarts
- Dynamic egress policies
- Operations Manager updates
- Zero downtime stack updates to cflinuxfs3
- Zero downtime OS updates
- New pathways protected by TLS
- New scanning tools to assist with compliance
Plus much more!
Presenters : Dan Baskette, Director, Technical Marketing, Jared Ruckle, Principal Product Marketing Manager
Pivotal Cloud Foundry 2.5: A First LookVMware Tanzu
Join Dan Baskette and Jared Ruckle for a first look at Pivotal Cloud Foundry (PCF) 2.5 capabilities with demos and expert Q&A. Attend this session and learn how you can:
● Accelerate developer productivity with new capabilities that give you more control over your applications.
● Improve operator efficiency and simplify administration of applications at scale.
● Reduce risk by keeping your your platform in a secure, healthy state.
Plus so much more!
Presenters:
Dan Baskette, Director, Technical Marketing
Jared Ruckle, Director, Product Marketing
Is Hyperconvergence right for you?
(Watch the show before you watch the workshop: https://youtu.be/BVMpcitCQcw)
As business and application needs change, the need for infrastructure to be equally responsive, agile, and scalable has become not just nice to have. It’s now a crucial necessity.
Do you have IT operational challenges?
Are you searching for ways to create a pay-as-you-go model for infrastructure?
Is granular scalability as important as ultimate scalability?
Cisco’s entry into hyperconverged infrastructure is the most advanced, complete, and compelling hyperconverged solution available today. Cisco HyperFlex systems will solve those challenges and set you up for success with easy deployment, management, and growth.
These are the slides. Catch the whole discussion live or in replay at : http://cs.co/9002BlCb4
Comprehensive and Simplified Management for VMware vSphere Environments - now...Hitachi Vantara
Learn how to build out a robust private cloud infrastructure with the assurance that all the underlying server, storage, and network resources are in place and aligned to the appropriate service levels.
See how to achieve predictable reliability based on business needs in a robust, enterprise-class cloud platform – Hitachi Unified Compute Platform Pro for VMware vSphere.
We’ll take you through the latest updates to this industry-leading solution that is deeply integrated with vSphere, including HDS servers and storage, Brocade Fibre Channel, your choice of Cisco or Brocade Ethernet networking. We’ll also talk about software updates that include bare-metal support, improved monitoring and performance tuning, federated management, and non-disruptive firmware upgrades.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
test test test test testtest test testtest test testtest test testtest test ...
CSW2017 Privilege escalation on high-end servers due to implementation gaps in CPU Hot-Add flow
1. Abusing CPU Hot-Add weaknesses to escalate
privileges in Server Datacenters
Cuauhtemoc Chavez-Corona, Jorge Gonzalez-Diaz, Rene
Henriquez-Garcia, Laura Fuentes-Castaneda, Jan Seidl
Intel Corporation
Security Center of Excellence
cuauhtemoc.chavez.corona@intel.com
rene.e.henriquez.garcia@intel.com
March 16, 2017
CanSecWest 2017 Vancouver, Canada 1/24
2. Legal Disclaimer
The comments and statements are from the authors and not
necessarily Intel's
Intel technologies' features and benefits depend on system
configuration and may require enabled hardware, software or
service activation. Learn more at intel.com, or from the OEM
or retailer
No computer system can be absolutely secure
CanSecWest 2017 Vancouver, Canada 2/24
5. Background: Datacenter’s landscape
Mission-critical applications such as e-commerce, ERP, CRM,
BI have low tolerance for downtime
As a response, solutions comprised of robust Hardware +
reliable/serviceable FW/SW are continuously being designed
CanSecWest 2017 Vancouver, Canada 4/24
6. Background: Datacenter’s landscape
Mission-critical applications such as e-commerce, ERP, CRM,
BI have low tolerance for downtime
As a response, solutions comprised of robust Hardware +
reliable/serviceable FW/SW are continuously being designed
Are these new systems being architected such that the attack
surface is not increased? We’ll see..
CanSecWest 2017 Vancouver, Canada 4/24
7. Background: Attacks coming from DMA entry point
Understanding DMA Malware ,Patrick Stewin and Iurii
Bystrov, Proceedings of the 9th International Conference on
Detection of Intrusions and Malware, and Vulnerability
Assessment,2013
CanSecWest 2017 Vancouver, Canada 5/24
8. Background: Attacks coming from DMA entry point
Understanding DMA Malware ,Patrick Stewin and Iurii
Bystrov, Proceedings of the 9th International Conference on
Detection of Intrusions and Malware, and Vulnerability
Assessment,2013
Direct Memory Attack the KERNEL, ULF FRISK, DEFCON
24 August 4-7 2016
CanSecWest 2017 Vancouver, Canada 5/24
9. Definition: RAS features
Reliability
Can be defined as the characteristic that ensures the system will
provide correct outputs, and any corrupted data will be detected
and repaired.
Availability
Means that the system will be operating during the planned
time, avoiding unexpected crashes.
Serviceability
Refers to the simplicity and speed of maintenance and repara-
tion.
CanSecWest 2017 Vancouver, Canada 6/24
10. Definition: CPU Hot Add
CPU Hot Add (aka CPU on-lining) is a RAS feature that
allows customers to increase computing power in a Server by
adding a new socket to the already running system at Intel R
QPI
interface without the necessity of shutting down the machine.
CanSecWest 2017 Vancouver, Canada 7/24
11. Definition: CPU Hot Add
CPU Hot Add (aka CPU on-lining) is a RAS feature that
allows customers to increase computing power in a Server by
adding a new socket to the already running system at Intel R
QPI
interface without the necessity of shutting down the machine.
In a multi-CPU system comprised of n processors, one can
therefore choose to boot with m CPUs where m < n
CanSecWest 2017 Vancouver, Canada 7/24
12. Definition: CPU Hot Add
CPU Hot Add (aka CPU on-lining) is a RAS feature that
allows customers to increase computing power in a Server by
adding a new socket to the already running system at Intel R
QPI
interface without the necessity of shutting down the machine.
In a multi-CPU system comprised of n processors, one can
therefore choose to boot with m CPUs where m < n
This allows the possibility to increase the computing power
later if required by bringing up new CPUs to the already
running system
CanSecWest 2017 Vancouver, Canada 7/24
13. Definition: CPU Hot Add
CPU On-lining requires coordinated support from the complete
application stack to ensure correctness while adding a new CPU.
Hardware. Internal logic in the CPU to drain transactions and
prevent originators from sending new ones.
Firmware. BIOS and SMM routines to trigger, handle and
coordinate CPU on-lining.
Operating System. Currently several OS’s support this feature.
CanSecWest 2017 Vancouver, Canada 8/24
14. High level overview of Hot Add flow
MotherBoard
CPU2
ON
ON
ON
CPU3
CPU1 CPU4
OFF
CanSecWest 2017 Vancouver, Canada 9/24
15. High level overview of Hot Add flow
Active CPUs enter in
quiesce mode
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
BOOT
CanSecWest 2017 Vancouver, Canada 9/24
16. High level overview of Hot Add flow
Active CPUs enter in
quiesce mode
HotAdd CPU boot process
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
BOOT
CanSecWest 2017 Vancouver, Canada 9/24
17. High level overview of Hot Add flow
Active CPUs enter in
quiesce mode
HotAdd CPU boot process
BSP initialization
Memory config
etc.
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
BOOT
CanSecWest 2017 Vancouver, Canada 9/24
18. High level overview of Hot Add flow
Active CPUs enter in
quiesce mode
HotAdd CPU boot process
BSP initialization
Memory config
etc.
Interesting!
1. Boot flow is very
sensitive
CanSecWest 2017 Vancouver, Canada 9/24
19. High level overview of Hot Add flow
Active CPUs enter in
quiesce mode
HotAdd CPU boot process
BSP initialization
Memory config
etc.
Interesting!
1. Boot flow is very
sensitive
2. Quiesced CPUs need
reconfiguration
CanSecWest 2017 Vancouver, Canada 9/24
20. High level overview of Hot Add flow
Active CPUs enter in
quiesce mode
HotAdd CPU boot process
BSP initialization
Memory config
etc.
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
ON
CanSecWest 2017 Vancouver, Canada 9/24
21. High level overview of Hot Add flow
Active CPUs enter in
quiesce mode
HotAdd CPU boot process
BSP initialization
Memory config
etc.
Release quiesced CPUs
MotherBoard
ON
ON
CPU3
ON
CPU1
CPU2
ON
CPU4
CanSecWest 2017 Vancouver, Canada 9/24
22. Brief overview of Boot Flow
The Boot Strap
Processor (BSP) is
chosen
BSP Fetch Code
from the Flash
Minimum System
Configuration
Memory
Initialization.
Memory
Reference Code
(MRC)
BIOS Shadowing
PAM (Programmable
Attribute Maps) registers
are used to make a copy
of BIOS code into memory
SMI initialization
BSP sends the SIPI
indication trough the Local
Advance Programmable
Controller
Advanced Configuration
Other platform & devices
init; dispatch drivers
(network, I/O, etc.);
Produce Boot and
Runtime Services
Boot Manager (Select
Boot Device) EFI Shell/
Apps; OS Boot Loader(s)
Boot
Flow
END
CanSecWest 2017 Vancouver, Canada 10/24
23. Security Claims from CPU Hot Add definition
One fundamental Security Objective related to CPU Hot Add is
that any new CPU to be introduced in the running system must
execute a trusted path to ensure its security won't be subverted by
any attacker already present in the system
CanSecWest 2017 Vancouver, Canada 11/24
24. Security Claims from CPU Hot Add definition
One fundamental Security Objective related to CPU Hot Add is
that any new CPU to be introduced in the running system must
execute a trusted path to ensure its security won't be subverted by
any attacker already present in the system
By attackers we mean
Any rogue code already running in system’s CPUs
DMA agents whose internal FW has been compromised
CanSecWest 2017 Vancouver, Canada 11/24
25. Assets
There are two interesting regions to be protected in order to ensure
security claim presented previously
CanSecWest 2017 Vancouver, Canada 12/24
26. Assets
There are two interesting regions to be protected in order to ensure
security claim presented previously
0x38000: Holds the code to be executed in the first SMI by
the newly-added CPU in order to perform SMBASE relocation.
CanSecWest 2017 Vancouver, Canada 12/24
27. Assets
There are two interesting regions to be protected in order to ensure
security claim presented previously
0x38000: Holds the code to be executed in the first SMI by
the newly-added CPU in order to perform SMBASE relocation.
0xe2000: Holds SIPI initialization vector code vital for the
newly-added CPU and its integration into the running system.
CanSecWest 2017 Vancouver, Canada 12/24
28. Why do we care about those assets?
SMM has superior privileges as it can change different settings
which cannot be modified by OS
CanSecWest 2017 Vancouver, Canada 13/24
29. Why do we care about those assets?
SMM has superior privileges as it can change different settings
which cannot be modified by OS
In Servers, it is usually referred to as ring -2 whereas OS is
being considered as ring 0
CanSecWest 2017 Vancouver, Canada 13/24
30. Why do we care about those assets?
SMM has superior privileges as it can change different settings
which cannot be modified by OS
In Servers, it is usually referred to as ring -2 whereas OS is
being considered as ring 0
Corrupting Startup Inter-Process Interrupt vector code is also
interesting for an attacker as it could potentially be used to
misconfigure initial configuration of the newly-added CPU
CanSecWest 2017 Vancouver, Canada 13/24
31. 0x38000 attack: Escalate to SMM privileges in a Server
MotherBoard
CPU2
ON
ON
ON
CPU3
CPU1 CPU4
OFF
DRAM
0x3FFFF
0x30000
CanSecWest 2017 Vancouver, Canada 14/24
32. 0x38000 attack: Escalate to SMM privileges in a Server
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
BOOT
DRAM
0x3FFFF
0x30000
CanSecWest 2017 Vancouver, Canada 14/24
33. 0x38000 attack: Escalate to SMM privileges in a Server
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
BOOT
DRAM
0x3FFFF
0x30000
0x38000
CanSecWest 2017 Vancouver, Canada 14/24
34. 0x38000 attack: Escalate to SMM privileges in a Server
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
BOOT
DRAM
0x3FFFF
0x30000
0x38000
CanSecWest 2017 Vancouver, Canada 14/24
35. 0x38000 attack: Escalate to SMM privileges in a Server
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
BOOT
DRAM
0x3FFFF
0x30000
0x38000
0000000000000011111111111111
0000000000
00000
1111111111
11111
CanSecWest 2017 Vancouver, Canada 14/24
36. 0x38000 attack: Escalate to SMM privileges in a Server
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
BOOT
DRAM
0x3FFFF
0x30000
0x38000
Malicious SMI Handler
0000000000000011111111111111
0000000000
00000
1111111111
11111
CanSecWest 2017 Vancouver, Canada 14/24
37. 0x38000 attack: Escalate to SMM privileges in a Server
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
ON
DRAM
0x3FFFF
0x30000
0x38000
Malicious SMI Handler
0000000000000011111111111111
0000000000
00000
1111111111
11111
CanSecWest 2017 Vancouver, Canada 14/24
38. 0x38000 attack: Escalate to SMM privileges in a Server
MotherBoard
ON
ON
CPU3
ON
CPU1
CPU2
ON
CPU4
DRAM
0x3FFFF
0x30000
0x38000
Malicious SMI Handler
0000000000000011111111111111
0000000000
00000
1111111111
11111
CanSecWest 2017 Vancouver, Canada 14/24
39. 0x38000 attack: Lab Setup
Hardware
Intel Platform/Motherboard supporting CPU Hot-Add
Intel Xeon E7-8800 V2 family processor
PP3380-AB PCIe 2 x1 - USB3380-AB Evaluation board
Attacker’s laptop with Windows 10 64bit Operating System
CanSecWest 2017 Vancouver, Canada 15/24
40. 0x38000 attack: Lab Setup
Hardware
Intel Platform/Motherboard supporting CPU Hot-Add
Intel Xeon E7-8800 V2 family processor
PP3380-AB PCIe 2 x1 - USB3380-AB Evaluation board
Attacker’s laptop with Windows 10 64bit Operating System
Firmware
BMC Firwmare supporting CPU Hot-Add flow
System FW (aka BIOS) supporting CPU Hot-Add Flow
CanSecWest 2017 Vancouver, Canada 15/24
41. 0x38000 attack: Lab Setup
Hardware
Intel Platform/Motherboard supporting CPU Hot-Add
Intel Xeon E7-8800 V2 family processor
PP3380-AB PCIe 2 x1 - USB3380-AB Evaluation board
Attacker’s laptop with Windows 10 64bit Operating System
Firmware
BMC Firwmare supporting CPU Hot-Add flow
System FW (aka BIOS) supporting CPU Hot-Add Flow
Software
PCILeech solution and a batch script to automate data writes
to memory
Operating System supporting CPU Hot-Add (i.e. Windows
2008/2012 Server)
CanSecWest 2017 Vancouver, Canada 15/24
42. PCILeech Configuration
Place jumper on J3 at PP3380-AB board and start platform
Run PCILeechFlash Installer.exe
Wait a while (1 min or so)
Shutdown the platform
Remove jumper on J3 at PP3380-AB board and start platform
Use our simple batch script to write 0x38000 region to inject
arbitrary code
CanSecWest 2017 Vancouver, Canada 16/24
43. Time to watch the DEMO
CanSecWest 2017 Vancouver, Canada 17/24
44. Mitigating 0x38000 attack
The attack just described is possible because DMA engines
were still able to inject malicious code in 0x38000 region
(despite Hardware effectively prevents code injection from
existing cores in the system)
CanSecWest 2017 Vancouver, Canada 18/24
45. Mitigating 0x38000 attack
The attack just described is possible because DMA engines
were still able to inject malicious code in 0x38000 region
(despite Hardware effectively prevents code injection from
existing cores in the system)
To mitigate this, BIOS leverages existing HW protection
mechanism in Intel CPUs against rogue DMA engines:
GENPROTRANGE register programming
CanSecWest 2017 Vancouver, Canada 18/24
46. Mitigating 0x38000 attack
The attack just described is possible because DMA engines
were still able to inject malicious code in 0x38000 region
(despite Hardware effectively prevents code injection from
existing cores in the system)
To mitigate this, BIOS leverages existing HW protection
mechanism in Intel CPUs against rogue DMA engines:
GENPROTRANGE register programming
This mitigation is already in place as part of BIOS reference
code delivered to OEMs
CanSecWest 2017 Vancouver, Canada 18/24
47. 0xe2000 attack part I: Take control of the system by
inserting rogue code
Corruption of SIPI initialization vector
DMA malicious writes could be attempted to attack 0xe2000
if not properly protected
CanSecWest 2017 Vancouver, Canada 19/24
48. 0xe2000 attack part I: Take control of the system by
inserting rogue code
Corruption of SIPI initialization vector
DMA malicious writes could be attempted to attack 0xe2000
if not properly protected
However, rogue code already present in other CPUs could try
to corrupt the vector either before CPU on-lining flow gets
triggered or in between SMIs
CanSecWest 2017 Vancouver, Canada 19/24
49. 0xe2000 attack part I: Take control of the system by
inserting rogue code
Corruption of SIPI initialization vector
DMA malicious writes could be attempted to attack 0xe2000
if not properly protected
However, rogue code already present in other CPUs could try
to corrupt the vector either before CPU on-lining flow gets
triggered or in between SMIs
Mitigation: Secure Integrity check before attempting SIPI
vector code execution
CanSecWest 2017 Vancouver, Canada 19/24
50. Depiction of 0xe2000 attack part I
MotherBoard
CPU2
ON
ON
ON
CPU3
CPU1 CPU4
OFF
DRAM
0xE2000
CanSecWest 2017 Vancouver, Canada 20/24
51. Depiction of 0xe2000 attack part I
MotherBoard
CPU2
ON
ON
ON
CPU3
CPU1 CPU4
OFF
DRAM
0xE2000
Malicious Vector
CanSecWest 2017 Vancouver, Canada 20/24
52. Depiction of 0xe2000 attack part I
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
BOOT
DRAM
0xE2000
Malicious Vector
CanSecWest 2017 Vancouver, Canada 20/24
53. Depiction of 0xe2000 attack part I
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
BOOT
x
DRAM
0xE2000
Malicious Vector
CanSecWest 2017 Vancouver, Canada 20/24
54. Depiction of 0xe2000 attack part I
MotherBoard
ONON
CPU1
CPU3CPU2
ON
CPU4
ON
x
DRAM
0xE2000
Malicious Vector
CanSecWest 2017 Vancouver, Canada 20/24
55. Depiction of 0xe2000 attack part I
MotherBoard
ON
ON
CPU3
ON
CPU1
CPU2
ON
CPU4 x
DRAM
0xE2000
Malicious Vector
CanSecWest 2017 Vancouver, Canada 20/24
56. 0xe2000 attack part II: Confusion due to name collision
Integrity verification of 0xe2000 region was meant to be achieved
through a cryptographically strong hash function
CanSecWest 2017 Vancouver, Canada 21/24
57. 0xe2000 attack part II: Confusion due to name collision
Integrity verification of 0xe2000 region was meant to be achieved
through a cryptographically strong hash function
It turns out sometimes one can refer to the output of a
cryptographic hash function as a checksum
CanSecWest 2017 Vancouver, Canada 21/24
58. 0xe2000 attack part II: Confusion due to name collision
Integrity verification of 0xe2000 region was meant to be achieved
through a cryptographically strong hash function
It turns out sometimes one can refer to the output of a
cryptographic hash function as a checksum
In fact, this confusion led to erroneously implement an
integrity verification mechanism in the form of a weak
checksum (from a security standpoint)
CanSecWest 2017 Vancouver, Canada 21/24
59. 0xe2000 attack part II: Confusion due to name collision
Integrity verification of 0xe2000 region was meant to be achieved
through a cryptographically strong hash function
It turns out sometimes one can refer to the output of a
cryptographic hash function as a checksum
In fact, this confusion led to erroneously implement an
integrity verification mechanism in the form of a weak
checksum (from a security standpoint)
Such mechanism can easily be bypassed by crafting a special
rogue code through some tweaks to arithmetically map it to
the expected checksum
CanSecWest 2017 Vancouver, Canada 21/24
60. Mitigating 0xe2000 attack
Instead of verifying code vector’s integrity, always shadow a
fresh copy into 0xe2000 region before its execution
This mitigation is already in place as well by Intel into the
BIOS reference code
CanSecWest 2017 Vancouver, Canada 22/24
61. Conclusions
Datacenter products and their features deserve a thorough
security analysis despite old assumptions of being isolated
behind building walls
CanSecWest 2017 Vancouver, Canada 23/24
62. Conclusions
Datacenter products and their features deserve a thorough
security analysis despite old assumptions of being isolated
behind building walls
DMA remains as an interesting entry point since it might
enable remote exploitation of security weaknesses; also, it
turns out this entry point might be overlooked while
architecturing new technologies
CanSecWest 2017 Vancouver, Canada 23/24
63. Conclusions
Datacenter products and their features deserve a thorough
security analysis despite old assumptions of being isolated
behind building walls
DMA remains as an interesting entry point since it might
enable remote exploitation of security weaknesses; also, it
turns out this entry point might be overlooked while
architecturing new technologies
Implementation-wise, it is critical to ensure developers
correctly understand the exact security mechanism that
mitigates a corresponding threat; failure in this regard could
lead to mistakenly break overall system’s security
CanSecWest 2017 Vancouver, Canada 23/24