Microwalk-CI

Wichelmann, Jan; Sieck, Florian; Pätschke, Anna; Eisenbarth, Thomas

doi:10.1145/3548606.3560654

Cited by 8 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Before the advent of transient execution attacks, the constanttime policy was enforced with a coding discipline ensuring that the control-flow of the program, addresses of memory accesses, and operands of variable-time instructions do not depend on secret data. This coding discipline is the de facto standard for writing cryptographic code; it has been adopted in many cryptographic libraries [57,58,59,60] and is supported by many tools, e.g., [25,61,62,63,64,65,66,67,68,69,70].…”

Section: Secure Speculation Approachesmentioning

confidence: 99%

ProSpeCT: Provably Secure Speculation for the Constant-Time Policy (Extended version)

Daniel¹,

Bognar²,

Noorman³

et al. 2023

Preprint

View full text Add to dashboard Cite

We propose PROSPECT, a generic formal processor model providing provably secure speculation for the constant-time policy. For constant-time programs under a non-speculative semantics, PROSPECT guarantees that speculative and out-oforder execution cause no microarchitectural leaks. This guarantee is achieved by tracking secrets in the processor pipeline and ensuring that they do not influence the microarchitectural state during speculative execution. Our formalization covers a broad class of speculation mechanisms, generalizing prior work. As a result, our security proof covers all known Spectre attacks, including load value injection (LVI) attacks.In addition to the formal model, we provide a prototype hardware implementation of PROSPECT on a RISC-V processor and show evidence of its low impact on hardware cost, performance, and required software changes. In particular, the experimental evaluation confirms our expectation that for a compliant constant-time binary, enabling ProSpeCT incurs no performance overhead.

show abstract

Section: Secure Speculation Approachesmentioning

confidence: 99%

ProSpeCT: Provably Secure Speculation for the Constant-Time Policy (Extended version)

Daniel¹,

Bognar²,

Noorman³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…We used a side-channel leakage analysis tool [WSPE22] in combination with a custom QEMU plugin to analyze the Linux kernel's crypto primitives for the secret oblivious memory access and constant time properties. Due to limitations of QEMU, we were not able to analyze AVX-based implementations.…”

Section: Preventing Vulnerable Algorithm Selectionmentioning

confidence: 99%

SEV-Step A Single-Stepping Framework for AMD-SEV

Wilke,

Wichelmann,

Rabich

et al. 2023

TCHES

View full text Add to dashboard Cite

The ever increasing popularity and availability of Trusted Execution Environments (TEEs) had a stark influence on microarchitectural attack research in academia, as their strong attacker model both boosts existing attack vectors and introduces several new ones. While many works have focused on Intel SGX, other TEEs like AMD SEV have recently also started to receive more attention. A common technique when attacking SGX enclaves is single-stepping, where the system’s APIC timer is used to interrupt the enclave after every instruction. Single-stepping increases the temporal resolution of subsequent microarchitectural attacks to a maximum. A key driver in the proliferation of this complex attack technique was the SGX-Step framework, which offered a stable reference implementation for single-stepping and a relatively easy setup. In this paper, we demonstrate that SEV VMs can also be reliably single-stepped. To lay the foundation for further microarchitectural attack research against SEV, we introduce the reusable SEV-Step framework. Besides reliable single-stepping, SEV-Step provides easy access to common attack primitives like page fault tracking and cache attacks against SEV. All features can be used interactively from user space. We demonstrate SEV-Step’s capabilities by carrying out an end-toend cache attack against SEV that leaks the volume key of a LUKS2-encrypted disk. Finally, we show for the first time that SEV is vulnerable to Nemesis-style attacks, which allow to extract information about the type and operands of single-stepped instructions from SEV-protected VMs.

show abstract

“…One possible pitfall is the level of leakage granularity assumed by these tools. While some of these tools assume cache line resolution for attacks [DFK + 13, WWL + 17], others such as Microwalk [WMES18,WSPE22] and DATA [WZS + 18] keep the resolution configurable, leaving the choice to the developer.…”

Section: Introductionmentioning

confidence: 99%

TeeJam: Sub-Cache-Line Leakages Strike Back

Sieck,

Zhang,

Berndt

et al. 2023

TCHES

View full text Add to dashboard Cite

The microarchitectural behavior of modern CPUs is mostly hidden from developers and users of computer software. Due to a plethora of attacks exploiting microarchitectural behavior, developers of security-critical software must, e.g., ensure their code is constant-time, which is cumbersome and usually results in slower programs. In practice, small leakages which are deemed not exploitable still remain in the codebase. For example, sub-cache-line leakages have previously been investigated in the CacheBleed and MemJam attacks, which are deemed impractical on modern platforms.In this work, we revisit and carefully analyze the 4k-aliasing effect and discover that the measurable delay introduced by this microarchitectural effect is higher than found by previous work and described by Intel. By combining the rediscovered effect with a high temporal resolution possible when single-stepping an SGX enclave, we construct a very precise, yet widely applicable attack with sub-cache-line leakage resolution. o demonstrate the significance of our findings, we apply the new attack primitive to break a hardened AES T-Table implementation that features constant cache line access patterns. The attack is up to three orders of magnitude more efficient than previous sub-cache-line attacks on AES in SGX. Furthermore, we improve upon the recent work of Sieck et al. which showed partial exploitability of very faint leakages in a utility function loading base64-encoded RSA keys. With reliable sub-cache-line resolution, we build an end-to-end attack exploiting the faint leakage that can recover 4096-bit keys in minutes on a laptop. Finally, we extend the key recovery algorithm to also work for RSA keys following the standard that uses Carmichael’s totient function, while previous attacks were restricted to RSA keys using Euler’s totient function.

show abstract

Microwalk-CI

Cited by 8 publications

References 13 publications

ProSpeCT: Provably Secure Speculation for the Constant-Time Policy (Extended version)

ProSpeCT: Provably Secure Speculation for the Constant-Time Policy (Extended version)

SEV-Step A Single-Stepping Framework for AMD-SEV

TeeJam: Sub-Cache-Line Leakages Strike Back

Contact Info

Product

Resources

About