Transient Execution Attacks

Size: px

Start display at page:

Download "Transient Execution Attacks"

Walter French
5 years ago
Views:

1 Transient Execution Attacks Daniel Gruss September 12, 2018 Graz University of Technology 1 Daniel Gruss Graz University of Technology

2 Timeline Meltdown/Spectre (1) : Daniel has an implementation for KASLR-break with prefetch 2 Daniel Gruss Graz University of Technology

3 Timeline Meltdown/Spectre (1) : Daniel has an implementation for KASLR-break with prefetch : Anders blogs about it + we decide to write a paper together (first paragraph on KAISER in that paper) 2 Daniel Gruss Graz University of Technology

4 Timeline Meltdown/Spectre (1) : Daniel has an implementation for KASLR-break with prefetch : Anders blogs about it + we decide to write a paper together (first paragraph on KAISER in that paper) : Richard starts working on KAISER patch 2 Daniel Gruss Graz University of Technology

5 Timeline Meltdown/Spectre (1) : Daniel has an implementation for KASLR-break with prefetch : Anders blogs about it + we decide to write a paper together (first paragraph on KAISER in that paper) : Richard starts working on KAISER patch : Anders + Daniel meet for the first time at RuhrSec Daniel Gruss Graz University of Technology

6 Timeline Meltdown/Spectre (1) : Daniel has an implementation for KASLR-break with prefetch : Anders blogs about it + we decide to write a paper together (first paragraph on KAISER in that paper) : Richard starts working on KAISER patch : Anders + Daniel meet for the first time at RuhrSec : Anders + Daniel share a room at BH USA 2 Daniel Gruss Graz University of Technology

7 Timeline Meltdown/Spectre (1) : Daniel has an implementation for KASLR-break with prefetch : Anders blogs about it + we decide to write a paper together (first paragraph on KAISER in that paper) : Richard starts working on KAISER patch : Anders + Daniel meet for the first time at RuhrSec : Anders + Daniel share a room at BH USA discuss whether there might be something like Meltdown 2 Daniel Gruss Graz University of Technology

8 Timeline Meltdown/Spectre (1) : Daniel has an implementation for KASLR-break with prefetch : Anders blogs about it + we decide to write a paper together (first paragraph on KAISER in that paper) : Richard starts working on KAISER patch : Anders + Daniel meet for the first time at RuhrSec : Anders + Daniel share a room at BH USA discuss whether there might be something like Meltdown conclude that a bug of that dimension would have been found long ago 2 Daniel Gruss Graz University of Technology

9 Timeline Meltdown/Spectre (2) : Anders meets Graz team at CCS Daniel Gruss Graz University of Technology

10 Timeline Meltdown/Spectre (2) : Anders meets Graz team at CCS : Anders + Michael discuss speculative execution and reading kernel memory when sharing a room at BH EU 3 Daniel Gruss Graz University of Technology

11 Timeline Meltdown/Spectre (2) : Anders meets Graz team at CCS : Anders + Michael discuss speculative execution and reading kernel memory when sharing a room at BH EU Early 2017: Paul Kocher + Mike Hamburg start thinking about Speculative Execution 3 Daniel Gruss Graz University of Technology

12 Timeline Meltdown/Spectre (2) : Anders meets Graz team at CCS : Anders + Michael discuss speculative execution and reading kernel memory when sharing a room at BH EU Early 2017: Paul Kocher + Mike Hamburg start thinking about Speculative Execution : Anders tells Halvar Flake about this idea and Halvar encourages him to continue investigating it 3 Daniel Gruss Graz University of Technology

13 Timeline Meltdown/Spectre (2) : Anders meets Graz team at CCS : Anders + Michael discuss speculative execution and reading kernel memory when sharing a room at BH EU Early 2017: Paul Kocher + Mike Hamburg start thinking about Speculative Execution : Anders tells Halvar Flake about this idea and Halvar encourages him to continue investigating it : Anders has a first speculative execution PoC working (no full exploit yet) 3 Daniel Gruss Graz University of Technology

14 Timeline Meltdown/Spectre (2) : Anders meets Graz team at CCS : Anders + Michael discuss speculative execution and reading kernel memory when sharing a room at BH EU Early 2017: Paul Kocher + Mike Hamburg start thinking about Speculative Execution : Anders tells Halvar Flake about this idea and Halvar encourages him to continue investigating it : Anders has a first speculative execution PoC working (no full exploit yet) : KAISER paper was accepted at ESSoS 3 Daniel Gruss Graz University of Technology

15 Timeline Meltdown/Spectre (2) : Anders visits Graz. He later ( ) blogged about this meeting: 4 Daniel Gruss Graz University of Technology

16 Timeline Meltdown/Spectre (2) : Anders visits Graz. He later ( ) blogged about this meeting: tried to pitch my idea, because with the workload I had I knew it would be difficult for me to realize alone. Unfortunately, I wasn t the only one fully booked out and Daniel, Michael and myself were super skeptical at that time, despite the slight encouragement I d had at Troopers. So we decided to finish the stuff we were already doing first 4 Daniel Gruss Graz University of Technology

17 Timeline Meltdown/Spectre (2) : Anders visits Graz. He later ( ) blogged about this meeting: tried to pitch my idea, because with the workload I had I knew it would be difficult for me to realize alone. Unfortunately, I wasn t the only one fully booked out and Daniel, Michael and myself were super skeptical at that time, despite the slight encouragement I d had at Troopers. So we decided to finish the stuff we were already doing first : Posted KAISER patch to the Linux Kernel Mailing List (LKML) 4 Daniel Gruss Graz University of Technology

18 Timeline Meltdown/Spectre (3) May 2017: Jann Horn discovers Spectre 5 Daniel Gruss Graz University of Technology

19 Timeline Meltdown/Spectre (3) May 2017: Jann Horn discovers Spectre : Jann Horn reports Spectre to Intel 5 Daniel Gruss Graz University of Technology

20 Timeline Meltdown/Spectre (3) May 2017: Jann Horn discovers Spectre : Jann Horn reports Spectre to Intel : Jann Horn finds Meltdown + reports it to Intel 5 Daniel Gruss Graz University of Technology

21 Timeline Meltdown/Spectre (3) May 2017: Jann Horn discovers Spectre : Jann Horn reports Spectre to Intel : Jann Horn finds Meltdown + reports it to Intel : Graz team meets Anders at DIMVA / ESSoS Daniel Gruss Graz University of Technology

22 Timeline Meltdown/Spectre (4) : Anders blogs about negative result 6 Daniel Gruss Graz University of Technology

23 Timeline Meltdown/Spectre (4) : Anders blogs about negative result Fall 2017: Anders works with Microsoft(?) 6 Daniel Gruss Graz University of Technology

24 Timeline Meltdown/Spectre (4) : Anders blogs about negative result Fall 2017: Anders works with Microsoft(?) : Paul (+ Mike?) + Yuval + Genkin + Stefan sit at the same table and discuss speculative execution 6 Daniel Gruss Graz University of Technology

25 Timeline Meltdown/Spectre (4) : Anders blogs about negative result Fall 2017: Anders works with Microsoft(?) : Paul (+ Mike?) + Yuval + Genkin + Stefan sit at the same table and discuss speculative execution : Contacted by Intel asking to sign-off the patch 6 Daniel Gruss Graz University of Technology

26 Timeline Meltdown/Spectre (5) : Yearly student project announcements on our homepage... one of the projects Out-of-order-execution-based Channels 7 Daniel Gruss Graz University of Technology

27 Timeline Meltdown/Spectre (5) : Yearly student project announcements on our homepage... one of the projects Out-of-order-execution-based Channels : We discovered Meltdown (leaking data from L3) 7 Daniel Gruss Graz University of Technology

28 Timeline Meltdown/Spectre (5) : Yearly student project announcements on our homepage... one of the projects Out-of-order-execution-based Channels : We discovered Meltdown (leaking data from L3) : Bug report with Meltdown code sent to Intel 7 Daniel Gruss Graz University of Technology

29 Timeline Meltdown/Spectre (5) : Yearly student project announcements on our homepage... one of the projects Out-of-order-execution-based Channels : We discovered Meltdown (leaking data from L3) : Bug report with Meltdown code sent to Intel : First call with Intel 7 Daniel Gruss Graz University of Technology

30 Timeline Meltdown/Spectre (6) : First call with Paul + team 8 Daniel Gruss Graz University of Technology

31 Timeline Meltdown/Spectre (6) : First call with Paul + team We re surprised and confused that they found something different than we did (Spectre) 8 Daniel Gruss Graz University of Technology

32 Timeline Meltdown/Spectre (6) : First call with Paul + team We re surprised and confused that they found something different than we did (Spectre) They were surprised and confused about Meltdown 8 Daniel Gruss Graz University of Technology

33 Timeline Meltdown/Spectre (6) : First call with Paul + team We re surprised and confused that they found something different than we did (Spectre) They were surprised and confused about Meltdown : First call with Thomas + Werner 8 Daniel Gruss Graz University of Technology

34 Timeline Meltdown/Spectre (6) : First call with Paul + team We re surprised and confused that they found something different than we did (Spectre) They were surprised and confused about Meltdown : First call with Thomas + Werner We re surprised they found something different and confused what it is they found 8 Daniel Gruss Graz University of Technology

35 Timeline Meltdown/Spectre (7) : First call with Jann Horn 9 Daniel Gruss Graz University of Technology

36 Timeline Meltdown/Spectre (7) : First call with Jann Horn : Tom Lendacky (AMD) publicly states AMD microarchitecture does not allow memory references, including speculative references, that access higher privileged data when running in a lesser privileged mode 9 Daniel Gruss Graz University of Technology

37 Timeline Meltdown/Spectre (8) : The Register writes about Kernel-memory-leaking Intel processor design flaw 10 Daniel Gruss Graz University of Technology

38 Timeline Meltdown/Spectre (8) : The Register writes about Kernel-memory-leaking Intel processor design flaw posts on Twitter that he can leak a secret bit from speculative execution 10 Daniel Gruss Graz University of Technology

39 Timeline Meltdown/Spectre (8) : The Register writes about Kernel-memory-leaking Intel processor design flaw posts on Twitter that he can leak a secret bit from speculative execution posts code on Github 10 Daniel Gruss Graz University of Technology

40 Timeline Meltdown/Spectre (8) : The Register writes about Kernel-memory-leaking Intel processor design flaw posts on Twitter that he can leak a secret bit from speculative execution posts code on Github :18: We tell Intel that given code is public, the embargo probably won t hold and ask them to consider an earlier publication 10 Daniel Gruss Graz University of Technology

41 Timeline Meltdown/Spectre (8) : The Register writes about Kernel-memory-leaking Intel processor design flaw posts on Twitter that he can leak a secret bit from speculative execution posts code on Github :18: We tell Intel that given code is public, the embargo probably won t hold and ask them to consider an earlier publication posts on Twitter that he can read kernel memory 10 Daniel Gruss Graz University of Technology

42 Timeline Meltdown/Spectre (9) :28: Erik Bosman posts PoC video on Twitter 11 Daniel Gruss Graz University of Technology

43 Timeline Meltdown/Spectre (9) :28: Erik Bosman posts PoC video on Twitter :48: We were allowed to publish 11 Daniel Gruss Graz University of Technology

44 Timeline Meltdown/Spectre (9) :28: Erik Bosman posts PoC video on Twitter :48: We were allowed to publish :27: We publish Meltdown and Spectre 11 Daniel Gruss Graz University of Technology

45 Timeline Meltdown/Spectre (9) :28: Erik Bosman posts PoC video on Twitter :48: We were allowed to publish :27: We publish Meltdown and Spectre : We ask Anders Fogh to join our collaboration 11 Daniel Gruss Graz University of Technology

46 CPU Cache printf("%d", i); printf("%d", i); 12 Daniel Gruss Graz University of Technology

47 CPU Cache printf("%d", i); printf("%d", i); Cache miss 12 Daniel Gruss Graz University of Technology

48 CPU Cache printf("%d", i); printf("%d", i); Cache miss Request 12 Daniel Gruss Graz University of Technology

49 CPU Cache printf("%d", i); printf("%d", i); Cache miss Request Response 12 Daniel Gruss Graz University of Technology

50 CPU Cache printf("%d", i); printf("%d", i); Cache miss i Request Response 12 Daniel Gruss Graz University of Technology

51 CPU Cache printf("%d", i); printf("%d", i); Cache miss Cache hit i Request Response 12 Daniel Gruss Graz University of Technology

52 CPU Cache DRAM access, slow printf("%d", i); printf("%d", i); Cache miss Cache hit i Request Response 12 Daniel Gruss Graz University of Technology

53 CPU Cache DRAM access, slow printf("%d", i); printf("%d", i); Cache miss Cache hit i No DRAM access, much faster Request Response 12 Daniel Gruss Graz University of Technology

54 Flush+Reload ATTACKER Shared Memory VICTIM flush access access 13 Daniel Gruss Graz University of Technology

55 Flush+Reload ATTACKER Shared Memory VICTIM flush access cached Shared Memory cached access 13 Daniel Gruss Graz University of Technology

56 Flush+Reload ATTACKER Shared Memory VICTIM flush access Shared Memory access 13 Daniel Gruss Graz University of Technology

57 Flush+Reload ATTACKER Shared Memory VICTIM flush access access 13 Daniel Gruss Graz University of Technology

58 Flush+Reload ATTACKER Shared Memory VICTIM flush access access 13 Daniel Gruss Graz University of Technology

59 Flush+Reload ATTACKER Shared Memory VICTIM flush access Shared Memory access 13 Daniel Gruss Graz University of Technology

60 Flush+Reload ATTACKER Shared Memory VICTIM flush access Shared Memory access 13 Daniel Gruss Graz University of Technology

61 Flush+Reload ATTACKER Shared Memory VICTIM flush access Shared Memory access fast if victim accessed data, slow otherwise 13 Daniel Gruss Graz University of Technology

62 Memory Access Latency Cache Hits Number of accesses Access time [CPU cycles] 14 Daniel Gruss Graz University of Technology

63 Memory Access Latency Cache Hits Cache Misses Number of accesses Access time [CPU cycles] 14 Daniel Gruss Graz University of Technology

64 Out-of-order Execution int width = 10, height = 5; float diagonal = sqrt ( width * width + height * height ); int area = width * height ; printf (" Area %d x %d = %d\n", width, height, area ); 15 Daniel Gruss Graz University of Technology

65 Out-of-order Execution Dependency int width = 10, height = 5; float diagonal = sqrt ( width * width + height * height ); int area = width * height ; Parallelize printf (" Area %d x %d = %d\n", width, height, area ); 15 Daniel Gruss Graz University of Technology

66 Out-of-Order Execution L1 Instruction Cache ITLB Frontend Branch Predictor µop Cache µops Instruction Fetch & PreDecode Instruction Queue 4-Way Decode µop µop µop µop MUX CDB Execution Engine Reorder buffer µop µop µop µop µop µop µop µop Execution Units Allocation Queue µop µop µop µop Scheduler µop µop µop µop µop µop µop µop ALU, AES,... ALU, FMA,... ALU, Vect,... ALU, Branch Load data Load data Store data AGU Instructions are fetched and decoded in the front-end Memory Subsystem Load Buffer Store Buffer DTLB L1 Data Cache STLB L2 Cache 16 Daniel Gruss Graz University of Technology

67 Out-of-Order Execution L1 Instruction Cache ITLB Frontend Branch Predictor µop Cache µops Instruction Fetch & PreDecode Instruction Queue 4-Way Decode µop µop µop µop MUX CDB Execution Engine Reorder buffer µop µop µop µop µop µop µop µop Execution Units Allocation Queue µop µop µop µop Scheduler µop µop µop µop µop µop µop µop ALU, AES,... ALU, FMA,... ALU, Vect,... ALU, Branch Load data Load data Store data AGU Instructions are fetched and decoded in the front-end dispatched to the backend Memory Subsystem Load Buffer Store Buffer DTLB L1 Data Cache STLB L2 Cache 16 Daniel Gruss Graz University of Technology

68 Out-of-Order Execution L1 Instruction Cache ITLB Frontend Branch Predictor µop Cache µops Instruction Fetch & PreDecode Instruction Queue 4-Way Decode µop µop µop µop MUX CDB Execution Engine Reorder buffer µop µop µop µop µop µop µop µop Execution Units Allocation Queue µop µop µop µop Scheduler µop µop µop µop µop µop µop µop ALU, AES,... ALU, FMA,... ALU, Vect,... ALU, Branch Load data Load data Store data AGU Instructions are fetched and decoded in the front-end dispatched to the backend processed by individual execution units Memory Subsystem Load Buffer Store Buffer DTLB L1 Data Cache STLB L2 Cache 16 Daniel Gruss Graz University of Technology

69 Building Meltdown char data = *( char *) 0 xffffffff81a000e0 ; printf ("%c\n", data ); 17 Daniel Gruss Graz University of Technology

70 Building Meltdown char data = *( char *) 0 xffffffff81a000e0 ; printf ("%c\n", data ); segfault at ffffffff81a000e0 ip sp ffce4a80610 error 5 in reader 17 Daniel Gruss Graz University of Technology

71 Building Meltdown Adapted code *( volatile char *) 0; array [84 * 4096] = 0; // unreachable 18 Daniel Gruss Graz University of Technology

72 Building Meltdown Flush+Reload over all pages of the array Access time [cycles] Page 19 Daniel Gruss Graz University of Technology

73 Building Meltdown Flush+Reload over all pages of the array Access time [cycles] Page This also works on AMD and ARM! 19 Daniel Gruss Graz University of Technology

74 Building Meltdown Out-of-order instructions leave microarchitectural traces 20 Daniel Gruss Graz University of Technology

75 Building Meltdown Out-of-order instructions leave microarchitectural traces We can see them for example through the cache 20 Daniel Gruss Graz University of Technology

76 Building Meltdown Out-of-order instructions leave microarchitectural traces We can see them for example through the cache Give such instructions a name: transient instructions 20 Daniel Gruss Graz University of Technology

77 Building Meltdown Out-of-order instructions leave microarchitectural traces We can see them for example through the cache Give such instructions a name: transient instructions We can indirectly observe the execution of transient instructions 20 Daniel Gruss Graz University of Technology

78 Building Meltdown Combine the two things char data = *( char *) 0 xffffffff81a000e0 ; array [ data * 4096] = 0; 21 Daniel Gruss Graz University of Technology

79 Building Meltdown Flush+Reload again... Access time [cycles] Page... Meltdown actually works. 22 Daniel Gruss Graz University of Technology

80 Building Meltdown Flush+Reload over all pages of the array Access time [cycles] Page Index of cache hit reveals data 23 Daniel Gruss Graz University of Technology

81 Building Meltdown Flush+Reload over all pages of the array Access time [cycles] Page Index of cache hit reveals data Permission check is in some cases not fast enough 23 Daniel Gruss Graz University of Technology

85 Details: Exception Handling Basic Meltdown code leads to a crash (segfault) 26 Daniel Gruss Graz University of Technology

86 Details: Exception Handling Basic Meltdown code leads to a crash (segfault) How to prevent the crash? 26 Daniel Gruss Graz University of Technology

87 Details: Exception Handling Basic Meltdown code leads to a crash (segfault) How to prevent the crash? Fault Handling Fault Suppression Fault Prevention 26 Daniel Gruss Graz University of Technology

88 Meltdown with Fault Suppression Intel TSX to suppress exceptions instead of signal handler if( xbegin () == XBEGIN_ STARTED ) { char secret = *( char *) 0 xffffffff81a000e0 ; array [ secret * 4096] = 0; xend (); } for ( size_t i = 0; i < 256; i ++) { if ( flush_ and_ reload ( array + i * 4096) == CACHE_ HIT ) { printf ("%c\n", i); } } 27 Daniel Gruss Graz University of Technology

89 Meltdown with Fault Prevention Speculative execution to prevent exceptions int speculate = rand () % 2; size_t address = (0 xffffffff81a000e0 * speculate ) + (( size_t )& zero * (1 - speculate )); if (! speculate ) { char secret = *( char *) address ; array [ secret * 4096] = 0; } for ( size_t i = 0; i < 256; i ++) { if ( flush_ and_ reload ( array + i * 4096) == CACHE_ HIT ) { printf ("%c\n", i); } } 28 Daniel Gruss Graz University of Technology

90 Make it faster Improve the performance with a NULL pointer dereference 29 Daniel Gruss Graz University of Technology

$Make it faster Improve the performance with a NULL pointer dereference if( xbegin () == XBEGIN_ STARTED ) { *( volatile char *) 0;$

91 Make it faster Improve the performance with a NULL pointer dereference if( xbegin () == XBEGIN_ STARTED ) { *( volatile char *) 0; char secret = *( char *) 0 xffffffff81a000e0 ; array [ secret * 4096] = 0; xend (); } 29 Daniel Gruss Graz University of Technology

94 Uncached memory Assumed that one can only read data stored in the L1 with Meltdown 30 Daniel Gruss Graz University of Technology

95 Uncached memory Assumed that one can only read data stored in the L1 with Meltdown Experiment where a thread flushes the value constantly and a thread on a different core reloads the value 30 Daniel Gruss Graz University of Technology

96 Uncached memory Assumed that one can only read data stored in the L1 with Meltdown Experiment where a thread flushes the value constantly and a thread on a different core reloads the value Target data is not in the L1 cache of the attacking core 30 Daniel Gruss Graz University of Technology

97 Uncached memory Assumed that one can only read data stored in the L1 with Meltdown Experiment where a thread flushes the value constantly and a thread on a different core reloads the value Target data is not in the L1 cache of the attacking core We can still leak the data at a lower reading rate 30 Daniel Gruss Graz University of Technology

98 Uncached memory Assumed that one can only read data stored in the L1 with Meltdown Experiment where a thread flushes the value constantly and a thread on a different core reloads the value Target data is not in the L1 cache of the attacking core We can still leak the data at a lower reading rate Meltdown might implicitly cache the data 30 Daniel Gruss Graz University of Technology

100 Practical attacks Dumping the entire physical memory takes some time 31 Daniel Gruss Graz University of Technology

101 Practical attacks Dumping the entire physical memory takes some time Not very practical in most scenarios 31 Daniel Gruss Graz University of Technology

102 Practical attacks Dumping the entire physical memory takes some time Not very practical in most scenarios Can we mount more targeted attacks? 31 Daniel Gruss Graz University of Technology

103 VeraCrypt Open-source utility for disk encryption 32 Daniel Gruss Graz University of Technology

104 VeraCrypt Open-source utility for disk encryption Fork of TrueCrypt 32 Daniel Gruss Graz University of Technology

105 VeraCrypt Open-source utility for disk encryption Fork of TrueCrypt Cryptographic keys are stored in RAM 32 Daniel Gruss Graz University of Technology

106 VeraCrypt Open-source utility for disk encryption Fork of TrueCrypt Cryptographic keys are stored in RAM With Meltdown, we can extract the keys from DRAM 32 Daniel Gruss Graz University of Technology

107

108 Take the kernel addresses... Kernel addresses in user space are a problem 34 Daniel Gruss Graz University of Technology

109 Take the kernel addresses... Kernel addresses in user space are a problem Why don t we take the kernel addresses Daniel Gruss Graz University of Technology

110 ...and remove them...and remove them if not needed? 35 Daniel Gruss Graz University of Technology

111 ...and remove them...and remove them if not needed? User accessible check in hardware is not reliable 35 Daniel Gruss Graz University of Technology

112

113 Kernel Address Isolation to have Side channels Efficiently Removed

114 KAISER /ˈkʌɪzə/ 1. [german] Emperor, ruler of an empire 2. largest penguin, emperor penguin Kernel Address Isolation to have Side channels Efficiently Removed

115 KAISER Illustration Without KAISER: Shared address space User memory Kernel memory 0 1 context switch 36 Daniel Gruss Graz University of Technology

116 KAISER Illustration User memory Without KAISER: Shared address space Kernel memory 0 1 context switch User memory With KAISER: User address space Not mapped 0 1 context switch SMAP + SMEP switch addr. space Kernel address space Kernel memory Interrupt dispatcher Daniel Gruss Graz University of Technology

117 KAISER (Stronger Kernel Isolation) Patches 37 Daniel Gruss Graz University of Technology

118 KAISER (Stronger Kernel Isolation) Patches Our patch Adopted in Linux 37 Daniel Gruss Graz University of Technology

119 KAISER (Stronger Kernel Isolation) Patches Our patch Adopted in Linux Adopted in Windows 37 Daniel Gruss Graz University of Technology

120 KAISER (Stronger Kernel Isolation) Patches Our patch Adopted in Linux Adopted in Windows Adopted in OSX/iOS 37 Daniel Gruss Graz University of Technology

121 KAISER (Stronger Kernel Isolation) Patches Our patch Adopted in Linux Adopted in Windows Adopted in OSX/iOS now in every computer 37 Daniel Gruss Graz University of Technology

122 Foreshadow / Foreshadow-NG 1 [Van+18; Wei+18] 1 Jo Van Bulck et al. Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution. In: USENIX Security Symposium Daniel Gruss Graz University of Technology

123 L1TF/Foreshadow Demo

124 Mitigating L1TF/Foreshadow Either: 40 Daniel Gruss Graz University of Technology

125 Mitigating L1TF/Foreshadow Either: hyperthreading: only schedule mutually trusting threads on same physical core 40 Daniel Gruss Graz University of Technology

126 Mitigating L1TF/Foreshadow Either: hyperthreading: only schedule mutually trusting threads on same physical core context switch: flush L1 when switching to guest 40 Daniel Gruss Graz University of Technology

127 Mitigating L1TF/Foreshadow Either: Or: hyperthreading: only schedule mutually trusting threads on same physical core context switch: flush L1 when switching to guest 40 Daniel Gruss Graz University of Technology

128 Mitigating L1TF/Foreshadow Either: Or: hyperthreading: only schedule mutually trusting threads on same physical core context switch: flush L1 when switching to guest disable EPTs 40 Daniel Gruss Graz University of Technology

129

130

131 Spectre (variant 1) index = 0; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

132 Spectre (variant 1) index = 0; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

133 Spectre (variant 1) index = 0; char* data = "textkey"; if (index < 4) Speculate els en e th Prediction LUT[data[index] * 4096] 42 0 Daniel Gruss Graz University of Technology

134 Spectre (variant 1) index = 0; char* data = "textkey"; if (index < 4) Execute els en th e Prediction LUT[data[index] * 4096] 42 0 Daniel Gruss Graz University of Technology

135 Spectre (variant 1) index = 1; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

136 Spectre (variant 1) index = 1; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

137 Spectre (variant 1) index = 1; char* data = "textkey"; if (index < 4) Speculate els en e th Prediction LUT[data[index] * 4096] 42 0 Daniel Gruss Graz University of Technology

138 Spectre (variant 1) index = 1; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

139 Spectre (variant 1) index = 2; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

140 Spectre (variant 1) index = 2; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

141 Spectre (variant 1) index = 2; char* data = "textkey"; if (index < 4) Speculate els en e th Prediction LUT[data[index] * 4096] 42 0 Daniel Gruss Graz University of Technology

142 Spectre (variant 1) index = 2; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

143 Spectre (variant 1) index = 3; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

144 Spectre (variant 1) index = 3; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

145 Spectre (variant 1) index = 3; char* data = "textkey"; if (index < 4) Speculate els en e th Prediction LUT[data[index] * 4096] 42 0 Daniel Gruss Graz University of Technology

146 Spectre (variant 1) index = 3; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

147 Spectre (variant 1) index = 4; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

148 Spectre (variant 1) index = 4; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

149 Spectre (variant 1) index = 4; char* data = "textkey"; if (index < 4) Speculate els en e th Prediction LUT[data[index] * 4096] 42 0 Daniel Gruss Graz University of Technology

150 Spectre (variant 1) index = 4; char* data = "textkey"; if (index < 4) Execute els en e th Prediction LUT[data[index] * 4096] 42 0 Daniel Gruss Graz University of Technology

151 Spectre (variant 1) index = 5; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

152 Spectre (variant 1) index = 5; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

153 Spectre (variant 1) index = 5; char* data = "textkey"; if (index < 4) Speculate els en e th Prediction LUT[data[index] * 4096] 42 0 Daniel Gruss Graz University of Technology

154 Spectre (variant 1) index = 5; char* data = "textkey"; if (index < 4) Execute els en e th Prediction LUT[data[index] * 4096] 42 0 Daniel Gruss Graz University of Technology

155 Spectre (variant 1) index = 6; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

156 Spectre (variant 1) index = 6; char* data = "textkey"; if (index < 4) then Prediction else LUT[data[index] * 4096] 0 42 Daniel Gruss Graz University of Technology

157 Spectre (variant 1) index = 6; char* data = "textkey"; if (index < 4) Speculate els en e th Prediction LUT[data[index] * 4096] 42 0 Daniel Gruss Graz University of Technology

158 Spectre (variant 1) index = 6; char* data = "textkey"; if (index < 4) Execute els en e th Prediction LUT[data[index] * 4096] 42 0 Daniel Gruss Graz University of Technology

159 Spectre (variant 4) index = 0; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

160 Spectre (variant 4) index = 0; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

161 Spectre (variant 4) index = 0; index = index & 0x3; // sanitization char* data = "textkey"; c LUT[data[index] * 4096] 43 Speculate ig er id s on no re Prediction LUT[data[index] * 4096] Daniel Gruss Graz University of Technology

162 Spectre (variant 4) index = 0; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

163 Spectre (variant 4) index = 1; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

164 Spectre (variant 4) index = 1; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

165 Spectre (variant 4) index = 1; index = index & 0x3; // sanitization char* data = "textkey"; c LUT[data[index] * 4096] 43 Speculate ig er id s on no re Prediction LUT[data[index] * 4096] Daniel Gruss Graz University of Technology

166 Spectre (variant 4) index = 1; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

167 Spectre (variant 4) index = 2; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

168 Spectre (variant 4) index = 2; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

169 Spectre (variant 4) index = 2; index = index & 0x3; // sanitization char* data = "textkey"; c LUT[data[index] * 4096] 43 Speculate ig er id s on no re Prediction LUT[data[index] * 4096] Daniel Gruss Graz University of Technology

170 Spectre (variant 4) index = 2; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

171 Spectre (variant 4) index = 3; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

172 Spectre (variant 4) index = 3; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

173 Spectre (variant 4) index = 3; index = index & 0x3; // sanitization char* data = "textkey"; c LUT[data[index] * 4096] 43 Speculate ig er id s on no re Prediction LUT[data[index] * 4096] Daniel Gruss Graz University of Technology

174 Spectre (variant 4) index = 3; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

175 Spectre (variant 4) index = 4; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

176 Spectre (variant 4) index = 4; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

177 Spectre (variant 4) index = 4; index = index & 0x3; // sanitization char* data = "textkey"; c LUT[data[index] * 4096] 43 Speculate ig er id s on no re Prediction LUT[data[index] * 4096] Daniel Gruss Graz University of Technology

178 Spectre (variant 4) index = 4; index = index & 0x3; // sanitization char* data = "textkey"; Execute x de n i = 0 LUT[data[index] * 4096] 43 ig no re Prediction LUT[data[index] * 4096] Daniel Gruss Graz University of Technology

179 Spectre (variant 4) index = 5; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

180 Spectre (variant 4) index = 5; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

181 Spectre (variant 4) index = 5; index = index & 0x3; // sanitization char* data = "textkey"; c LUT[data[index] * 4096] 43 Speculate ig er id s on no re Prediction LUT[data[index] * 4096] Daniel Gruss Graz University of Technology

182 Spectre (variant 4) index = 5; index = index & 0x3; // sanitization char* data = "textkey"; Execute x de n i = 1 LUT[data[index] * 4096] 43 ig no re Prediction LUT[data[index] * 4096] Daniel Gruss Graz University of Technology

183 Spectre (variant 4) index = 6; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

184 Spectre (variant 4) index = 6; index = index & 0x3; // sanitization char* data = "textkey"; consider Prediction ignore LUT[data[index] * 4096] LUT[data[index] * 4096] 43 Daniel Gruss Graz University of Technology

185 Spectre (variant 4) index = 6; index = index & 0x3; // sanitization char* data = "textkey"; c LUT[data[index] * 4096] 43 Speculate ig er id s on no re Prediction LUT[data[index] * 4096] Daniel Gruss Graz University of Technology

186 Spectre (variant 4) index = 6; index = index & 0x3; // sanitization char* data = "textkey"; Execute x de n i = 2 LUT[data[index] * 4096] 43 ig no re Prediction LUT[data[index] * 4096] Daniel Gruss Graz University of Technology

187 Spectre (variant 1.1) Speculative Buffer Overflows Speculatively write to memory locations Many more gadgets than previously anticipated Very interesting for sandboxes Causes some protection mechanisms to fail 44 Daniel Gruss Graz University of Technology

188 Spectre (variant 1.2) Speculative Buffer Overflows Speculatively write to memory locations which are not writable Actually a variant of Meltdown A permission bit is ignored during out-of-order execution But no scenario where it makes sense without speculative execution? 45 Daniel Gruss Graz University of Technology

189 Spectre (variant 2) Animal* a = bird; a->move() fly() swim() swim() Prediction LUT[data[index] * 4096] 0 46 Daniel Gruss Graz University of Technology

190 Spectre (variant 2) Animal* a = bird; a->move() () fly swim() Speculate sw im () Prediction LUT[data[index] * 4096] 46 0 Daniel Gruss Graz University of Technology

191 Spectre (variant 2) Animal* a = bird; a->move() fly() swim() swim() Prediction LUT[data[index] * 4096] 0 46 Daniel Gruss Graz University of Technology

192 Spectre (variant 2) Animal* a = bird; a->move() Execute fl ) y( swim() sw im () Prediction LUT[data[index] * 4096] 46 0 Daniel Gruss Graz University of Technology

193 Spectre (variant 2) Animal* a = bird; a->move() fly() fly() swim() Prediction LUT[data[index] * 4096] 0 46 Daniel Gruss Graz University of Technology

194 Spectre (variant 2) Animal* a = bird; a->move() Speculate fl ) y( fly() sw im () Prediction LUT[data[index] * 4096] 46 0 Daniel Gruss Graz University of Technology

195 Spectre (variant 2) Animal* a = bird; a->move() fly() fly() swim() Prediction LUT[data[index] * 4096] 0 46 Daniel Gruss Graz University of Technology

196 Spectre (variant 2) Animal* a = fish; a->move() fly() fly() swim() Prediction LUT[data[index] * 4096] 0 46 Daniel Gruss Graz University of Technology

197 Spectre (variant 2) Animal* a = fish; a->move() Speculate fl ) y( fly() sw im () Prediction LUT[data[index] * 4096] 46 0 Daniel Gruss Graz University of Technology

198 Spectre (variant 2) Animal* a = fish; a->move() fly() fly() swim() Prediction LUT[data[index] * 4096] 0 46 Daniel Gruss Graz University of Technology

199 Spectre (variant 2) Animal* a = fish; a->move() () fly fly() sw i Execute m () Prediction LUT[data[index] * 4096] 46 0 Daniel Gruss Graz University of Technology

200 Spectre (variant 2) Animal* a = fish; a->move() fly() swim() swim() Prediction LUT[data[index] * 4096] 0 46 Daniel Gruss Graz University of Technology

201 Spectre (variant 5) SpectreRSB Similar to Spectre variant 2: Redirect an indirect branch (a return in this case) Fill buffer with wrong values 47 Daniel Gruss Graz University of Technology

202 Mitigating Spectre Trivial approach: disable speculative execution 48 Daniel Gruss Graz University of Technology

203 Mitigating Spectre Trivial approach: disable speculative execution No wrong speculation if there is no speculation 48 Daniel Gruss Graz University of Technology

204 Mitigating Spectre Trivial approach: disable speculative execution No wrong speculation if there is no speculation Problem: massive performance hit! 48 Daniel Gruss Graz University of Technology

205 Mitigating Spectre Trivial approach: disable speculative execution No wrong speculation if there is no speculation Problem: massive performance hit! Also: How to disable it? 48 Daniel Gruss Graz University of Technology

206 Mitigating Spectre Trivial approach: disable speculative execution No wrong speculation if there is no speculation Problem: massive performance hit! Also: How to disable it? Speculative execution is deeply integrated into CPU 48 Daniel Gruss Graz University of Technology

207 Spectre Variant 1 Mitigations 49 Daniel Gruss Graz University of Technology

208 Spectre Variant 1 Mitigations Workaround: insert instructions stopping speculation 49 Daniel Gruss Graz University of Technology

209 Spectre Variant 1 Mitigations Workaround: insert instructions stopping speculation insert after every bounds check 49 Daniel Gruss Graz University of Technology

210 Spectre Variant 1 Mitigations Workaround: insert instructions stopping speculation insert after every bounds check x86: LFENCE, ARM: CSDB 49 Daniel Gruss Graz University of Technology

211 Spectre Variant 1 Mitigations Workaround: insert instructions stopping speculation insert after every bounds check x86: LFENCE, ARM: CSDB Available on all Intel CPUs, retrofitted to existing ARMv7 and ARMv8 49 Daniel Gruss Graz University of Technology

212 Spectre Variant 1 Mitigations 50 Daniel Gruss Graz University of Technology

213 Spectre Variant 1 Mitigations Speculation barrier requires compiler supported 50 Daniel Gruss Graz University of Technology

214 Spectre Variant 1 Mitigations Speculation barrier requires compiler supported Already implemented in GCC, LLVM, and MSVC 50 Daniel Gruss Graz University of Technology

215 Spectre Variant 1 Mitigations Speculation barrier requires compiler supported Already implemented in GCC, LLVM, and MSVC Can be automated (MSVC) not really reliable 50 Daniel Gruss Graz University of Technology

216 Spectre Variant 1 Mitigations Speculation barrier requires compiler supported Already implemented in GCC, LLVM, and MSVC Can be automated (MSVC) not really reliable Explicit use by programmer: builtin load no speculate 50 Daniel Gruss Graz University of Technology

217 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): 51 Daniel Gruss Graz University of Technology

218 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): Do not speculate based on anything before entering IBRS mode 51 Daniel Gruss Graz University of Technology

219 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): Do not speculate based on anything before entering IBRS mode lesser privileged code cannot influence predictions 51 Daniel Gruss Graz University of Technology

220 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): Do not speculate based on anything before entering IBRS mode lesser privileged code cannot influence predictions Indirect Branch Predictor Barrier (IBPB): 51 Daniel Gruss Graz University of Technology

221 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): Do not speculate based on anything before entering IBRS mode lesser privileged code cannot influence predictions Indirect Branch Predictor Barrier (IBPB): Flush branch-target buffer 51 Daniel Gruss Graz University of Technology

222 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): Do not speculate based on anything before entering IBRS mode lesser privileged code cannot influence predictions Indirect Branch Predictor Barrier (IBPB): Flush branch-target buffer Single Thread Indirect Branch Predictors (STIBP): 51 Daniel Gruss Graz University of Technology

223 Spectre Variant 2 Mitigations (Microcode/MSRs) Intel released microcode updates Indirect Branch Restricted Speculation (IBRS): Do not speculate based on anything before entering IBRS mode lesser privileged code cannot influence predictions Indirect Branch Predictor Barrier (IBPB): Flush branch-target buffer Single Thread Indirect Branch Predictors (STIBP): Isolates branch prediction state between two hyperthreads 51 Daniel Gruss Graz University of Technology

224 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) 52 Daniel Gruss Graz University of Technology

225 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) push < call_target > call 1f 2: lfence ; speculation barrier jmp 2b ; endless loop 1: lea 8(% rsp ), % rsp ; restore stack pointer ret ; the actual call to < call_target > always predict to enter an endless loop 52 Daniel Gruss Graz University of Technology

226 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) push < call_target > call 1f 2: lfence ; speculation barrier jmp 2b ; endless loop 1: lea 8(% rsp ), % rsp ; restore stack pointer ret ; the actual call to < call_target > always predict to enter an endless loop instead of the correct (or wrong) target function 52 Daniel Gruss Graz University of Technology

227 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) push < call_target > call 1f 2: lfence ; speculation barrier jmp 2b ; endless loop 1: lea 8(% rsp ), % rsp ; restore stack pointer ret ; the actual call to < call_target > always predict to enter an endless loop instead of the correct (or wrong) target function performance? 52 Daniel Gruss Graz University of Technology

228 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) push < call_target > call 1f 2: lfence ; speculation barrier jmp 2b ; endless loop 1: lea 8(% rsp ), % rsp ; restore stack pointer ret ; the actual call to < call_target > always predict to enter an endless loop instead of the correct (or wrong) target function performance? ret may fall-back to the BTB for prediction 52 Daniel Gruss Graz University of Technology

229 Spectre Variant 2 Mitigations (Software) Retpoline (compiler extension) push < call_target > call 1f 2: lfence ; speculation barrier jmp 2b ; endless loop 1: lea 8(% rsp ), % rsp ; restore stack pointer ret ; the actual call to < call_target > always predict to enter an endless loop instead of the correct (or wrong) target function performance? ret may fall-back to the BTB for prediction microcode patches to prevent that 52 Daniel Gruss Graz University of Technology

230 Spectre Variant 4 Mitigations (Microcode/MSRs) Intel released microcode updates 53 Daniel Gruss Graz University of Technology

231 Spectre Variant 4 Mitigations (Microcode/MSRs) Intel released microcode updates Disable store-to-load-forward speculation Performance impact of 2 8% 53 Daniel Gruss Graz University of Technology

232 Spectre Variant 5 Mitigations (Software) Already implicitly patched on some architectures RSB stuffing (part of retpoline) 54 Daniel Gruss Graz University of Technology

233 What does not work Prevent access to high-resolution timer 55 Daniel Gruss Graz University of Technology

234 What does not work Prevent access to high-resolution timer Own timer using timing thread 55 Daniel Gruss Graz University of Technology

235 What does not work Prevent access to high-resolution timer Own timer using timing thread Flush instruction only privileged 55 Daniel Gruss Graz University of Technology

236 What does not work Prevent access to high-resolution timer Own timer using timing thread Flush instruction only privileged Cache eviction through memory accesses 55 Daniel Gruss Graz University of Technology

237 What does not work Prevent access to high-resolution timer Own timer using timing thread Flush instruction only privileged Cache eviction through memory accesses Just move secrets into secure world 55 Daniel Gruss Graz University of Technology

238 What does not work Prevent access to high-resolution timer Own timer using timing thread Flush instruction only privileged Cache eviction through memory accesses Just move secrets into secure world Spectre works on secure enclaves 55 Daniel Gruss Graz University of Technology

239 Meltdown vs. Spectre Meltdown attacks Spectre attacks 56 Daniel Gruss Graz University of Technology

240 Meltdown vs. Spectre Meltdown attacks Meltdown, LazyFP (v3.1), Foreshadow, Foreshadow-NG,... Spectre attacks v1, v1.1, v2, v4, SpectreRSB (v5) 56 Daniel Gruss Graz University of Technology

241 Meltdown vs. Spectre Meltdown attacks Meltdown, LazyFP (v3.1), Foreshadow, Foreshadow-NG,... Out-of-Order Execution Spectre attacks v1, v1.1, v2, v4, SpectreRSB (v5) Speculative Execution Out-of-Order Execution 56 Daniel Gruss Graz University of Technology

242 Meltdown vs. Spectre Meltdown attacks Meltdown, LazyFP (v3.1), Foreshadow, Foreshadow-NG,... Out-of-Order Execution no prediction required Spectre attacks v1, v1.1, v2, v4, SpectreRSB (v5) Speculative Execution Out-of-Order Execution fundamentally rely on prediction 56 Daniel Gruss Graz University of Technology

Software-based Microarchitectural Attacks

SCIENCE PASSION TECHNOLOGY Software-based Microarchitectural Attacks Daniel Gruss April 19, 2018 Graz University of Technology 1 Daniel Gruss Graz University of Technology Whoami Daniel Gruss Post-Doc