ABSTRACT
Speculative execution is an optimization technique that has been part of CPUs for over a decade. It predicts the outcome and target of branch instructions to avoid stalling the execution pipeline. However, until recently, the security implications of speculative code execution have not been studied. In this paper, we investigate a special type of branch predictor that is responsible for predicting return addresses. To the best of our knowledge, we are the first to study return address predictors and their consequences for the security of modern software. In our work, we show how return stack buffers (RSBs), the core unit of return address predictors, can be used to trigger misspeculations. Based on this knowledge, we propose two new attack variants using RSBs that give attackers similar capabilities as the documented Spectre attacks. We show how local attackers can gain arbitrary speculative code execution across processes, e.g., to leak passwords another user enters on a shared system. Our evaluation showed that the recent Spectre countermeasures deployed in operating systems can also cover such RSB-based cross-process attacks. Yet we then demonstrate that attackers can trigger misspeculation in JIT environments in order to leak arbitrary memory content of browser processes. Reading outside the sandboxed memory region with JIT-compiled code is still possible with 80% accuracy on average.
Supplemental Material
- Onur Aciiccmez. 2007. Yet another microarchitectural attack: exploiting I-cache Proceedings of the 2007 ACM workshop on Computer security architecture. ACM, 11--18. Google ScholarDigital Library
- Onur Acıiccmez, Billy Bob Brumley, and Philipp Grabher. 2010. New results on instruction cache attacks. In Conference on Cryptographic Hardware and Embedded Systems (CHES), Vol. Vol. 2010. Springer, 110--124. Google ScholarDigital Library
- Onur Aciiccmez and Werner Schindler. 2008. A vulnerability in RSA implementations due to instruction cache analysis and its demonstration on OpenSSL. In CT-RSA, Vol. Vol. 8. Springer, 256--273. Google ScholarDigital Library
- Michalis Athanasakis, Elias Athanasopoulos, Michalis Polychronakis, Georgios Portokalidis, and Sotiris Ioannidis. 2015. The Devil is in the Constants: Bypassing Defenses in Browser JIT Engines Proceedings of the Network and Distributed System Security (NDSS) Symposium.Google Scholar
- Daniel J Bernstein. 2005. Cache-timing attacks on AES. (2005).Google Scholar
- Yinzhi Cao, Zhanhao Chen, Song Li, and Shujiang Wu. 2017. Deterministic Browser. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 163--178. Google ScholarDigital Library
- Caisen Chen, Tao Wang, Yingzhan Kou, Xiaocen Chen, and Xiong Li. 2013. Improvement of trace-driven I-Cache timing attack on the RSA algorithm. Journal of Systems and Software Vol. 86, 1 (2013), 100--107. Google ScholarDigital Library
- Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, and Ten H Lai. 2018. SGXPECTRE Attacks: Leaking Enclave Secrets via Speculative Execution. arXiv preprint arXiv:1802.09085 (2018).Google Scholar
- Dmitry Evtyushkin, Dmitry Ponomarev, and Nael Abu-Ghazaleh. 2016. Jump over ASLR: Attacking branch predictors to bypass ASLR Microarchitecture (MICRO), 2016 49th Annual IEEE/ACM International Symposium on. IEEE, 1--13. Google ScholarDigital Library
- Dmitry Evtyushkin, Ryan Riley, Nael CSE Abu-Ghazaleh, Dmitry Ponomarev, et almbox.. 2018. BranchScope: A New Side-Channel Attack on Directional Branch Predictor Proceedings of the Twenty-Third International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 693--707. Google ScholarDigital Library
- Agner Fog. 2018. The microarchitecture of Intel, AMD and VIA CPUs. http://www.agner.org/optimize/microarchitecture.pdfGoogle Scholar
- Anders Fogh. 2018. Negative Result: Reading Kernel Memory From User Mode. https://cyber.wtf/2017/07/28/negative-result-reading-kernel-memory-from-user-mode/Google Scholar
- Google. 2018. Site Isolation Design Document. https://www.chromium.org/developers/design-documents/site-isolationGoogle Scholar
- Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Bos, and Christiano Giuffrida. 2017. ASLR on the line: Practical cache attacks on the MMU. NDSS (Feb. 2017) (2017).Google Scholar
- Daniel Gruss, Moritz Lipp, Michael Schwarz, Richard Fellner, Clémentine Maurice, and Stefan Mangard. 2017. Kaslr is dead: long live kaslr. In International Symposium on Engineering Secure Software and Systems. Springer, 161--176.Google ScholarCross Ref
- Daniel Gruss, Clémentine Maurice, Anders Fogh, Moritz Lipp, and Stefan Mangard. 2016 b. Prefetch side-channel attacks: Bypassing SMAP and kernel ASLR Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 368--379. Google ScholarDigital Library
- Daniel Gruss, Clémentine Maurice, and Stefan Mangard. 2016 a. Rowhammer. js: A remote software-induced fault attack in javascript International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 300--321. Google ScholarDigital Library
- Daniel Gruss, Raphael Spreitzer, and Stefan Mangard. 2015. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. USENIX Security Symposium. 897--912. Google ScholarDigital Library
- Jann Horn. 2018. Reading privileged memory with a side-channel. https://googleprojectzero.blogspot.de/2018/01/reading-privileged-memory-with-side.htmlGoogle Scholar
- Ralf Hund, Carsten Willems, and Thorsten Holz. 2013. Practical timing side channel attacks against kernel space ASLR Security and Privacy (SP), 2013 IEEE Symposium on. IEEE, 191--205. Google ScholarDigital Library
- Intel. 2018. Intel Analysis of Speculative Execution Side Channels. https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculative-Execution-Side-Channels.pdfGoogle Scholar
- Yeongjin Jang, Sangho Lee, and Taesoo Kim. 2016. Breaking kernel address space layout randomization with intel tsx Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, 380--392. Google ScholarDigital Library
- Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In ACM SIGARCH Computer Architecture News, Vol. Vol. 42. IEEE Press, 361--372. Google ScholarDigital Library
- Paul Kocher, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2018. Spectre Attacks: Exploiting Speculative Execution. ArXiv e-prints (Jan.. 2018). {arxiv}1801.01203Google Scholar
- David Kohlbrenner and Hovav Shacham. 2016. Trusted Browsers for Uncertain Times.. In USENIX Security Symposium. 463--480. Google ScholarDigital Library
- Esmaeil Mohammadian Koruyeh, Khaled N. Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh. 2018. Spectre Returns! Speculation Attacks using the Return Stack Buffer 12th USENIX Workshop on Offensive Technologies (WOOT 18). USENIX Association, Baltimore, MD. https://www.usenix.org/conference/woot18/presentation/koruyehGoogle Scholar
- VI Levenshtein. 1992. On perfect codes in deletion and insertion metric. Discrete Mathematics and Applications Vol. 2, 3 (1992), 241--258.Google ScholarCross Ref
- Moritz Lipp, Daniel Gruss, Raphael Spreitzer, Clémentine Maurice, and Stefan Mangard. 2016. ARMageddon: Cache Attacks on Mobile Devices.. In USENIX Security Symposium. 549--564. Google ScholarDigital Library
- Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown. ArXiv e-prints (Jan.. 2018). {arxiv}1801.01207Google Scholar
- Giorgi Maisuradze, Michael Backes, and Christian Rossow. 2016. What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses. In 25th USENIX Security Symposium (USENIX Security 16). Austin, TX. Google ScholarDigital Library
- Giorgi Maisuradze, Michael Backes, and Christian Rossow. 2017. Dachshund: Digging for and Securing Against (Non-) Blinded Constants in JIT Code Proceedings of the 15th Conference on Network and Distributed System Security Symposium (NDSS).Google Scholar
- Giorgi Maisuradze and Christian Rossow. 2018. Speculose: Analyzing the Security Implications of Speculative Execution in CPUs. CoRR Vol. abs/1801.04084 (2018). {arxiv}1801.04084http://arxiv.org/abs/1801.04084Google Scholar
- Yossef Oren, Vasileios P Kemerlis, Simha Sethumadhavan, and Angelos D Keromytis. 2015. The spy in the sandbox: Practical cache attacks in javascript and their implications Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 1406--1418. Google ScholarDigital Library
- Dag Arne Osvik, Adi Shamir, and Eran Tromer. 2006. Cache attacks and countermeasures: the case of AES Cryptographers' Track at the RSA Conference. Springer, 1--20. Google ScholarDigital Library
- Colin Percival. 2005. Cache missing for fun and profit.Google Scholar
- Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on Computer and communications security. ACM, 199--212. Google ScholarDigital Library
- Michael Schwarz, Clémentine Maurice, Daniel Gruss, and Stefan Mangard. 2017. Fantastic timers and where to find them: high-resolution microarchitectural attacks in JavaScript. In International Conference on Financial Cryptography and Data Security. Springer, 247--267.Google ScholarDigital Library
- Chengyu Song, Chao Zhang, Tielei Wang, Wenke Lee, and David Melski. 2015. Exploiting and Protecting Dynamic Code Generation 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, February 8--11, 2014.Google Scholar
- Eran Tromer, Dag Arne Osvik, and Adi Shamir. 2010. Efficient cache attacks on AES, and countermeasures. Journal of Cryptology Vol. 23, 1 (2010), 37--71. Google ScholarDigital Library
- Henry Wong. 2018. Microbenchmarking Return Address Branch Prediction. http://blog.stuffedcow.net/2018/04/ras-microbenchmarksGoogle Scholar
- Yuval Yarom and Katrina Falkner. 2014. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack USENIX Security Symposium. 719--732. Google ScholarDigital Library
- Yinqian Zhang, Ari Juels, Michael K Reiter, and Thomas Ristenpart. 2012. Cross-VM side channels and their use to extract private keys Proceedings of the 2012 ACM conference on Computer and communications security. ACM, 305--316. Google ScholarDigital Library
Index Terms
- ret2spec: Speculative Execution Using Return Stack Buffers
Recommendations
Tamper Evident Microprocessors
SP '10: Proceedings of the 2010 IEEE Symposium on Security and PrivacyMost security mechanisms proposed to date unquestioningly place trust in microprocessor hardware. This trust, however, is misplaced and dangerous because microprocessors are vulnerable to insider attacks that can catastrophically compromise security, ...
Speculator: a tool to analyze speculative execution attacks and mitigations
ACSAC '19: Proceedings of the 35th Annual Computer Security Applications ConferenceSpeculative execution attacks exploit vulnerabilities at a CPU's microarchitectural level, which, until recently, remained hidden below the instruction set architecture, largely undocumented by CPU vendors. New speculative execution attacks are released ...
Side-channel security of superscalar CPUs: evaluating the impact of micro-architectural features
DAC '18: Proceedings of the 55th Annual Design Automation ConferenceSide-channel attacks are performed on increasingly complex targets, starting to threaten superscalar CPUs supporting a complete operating system. The difficulty of both assessing the vulnerability of a device to them, and validating the effectiveness of ...
Comments