IOTLB-SC: An Accelerator-Independent Leakage Source in Modern Cloud Systems

Hardware peripherals such as GPUs and FPGAs are commonly available in server-grade computing to accelerate specific compute tasks, from database queries to machine learning. CSPs have integrated these accelerators into their infrastructure and let tenants combine and configure these components flexibly, based on their needs. Securing I/O interfaces is critical to ensure proper isolation between tenants in these highly complex, heterogeneous, yet shared server systems, especially in the cloud, where some peripherals may be under control of a malicious tenant. In this work, we investigate the interfaces that connect peripheral hardware components to each other and the rest of the system.We show that the I/O memory management units (IOMMUs) - intended to ensure proper isolation of peripherals - are the source of a new attack surface: the I/O translation look-aside buffer (IOTLB). We show that by using an FPGA accelerator card one can gain precise information over IOTLB activity. That information can be used for covert communication between peripherals without bothering CPU or to directly extract leakage from neighboring accelerated compute jobs such as GPU-accelerated databases. We present the first qualitative and quantitative analysis of this newly uncovered attack surface before fine-grained channels become widely viable with the introduction of CXL and PCIe 5.0. In addition, we propose possible countermeasures that software developers, hardware designers, and system administrators can use to suppress the observed side-channel leakages and analyze their implicit costs.

[1]  Ingrid Verbauwhede,et al.  Prime+Scope: Overcoming the Observer Effect for High-Precision Cache Contention Attacks , 2021, CCS.

[2]  Swaroop Ghosh,et al.  Comprehensive Study of Side-Channel Attack on Emerging Non-Volatile Memories , 2021, Journal of Low Power Electronics and Applications.

[3]  Ajaya Neupane,et al.  Side Channel Attacks on GPUs , 2021, IEEE Transactions on Dependable and Secure Computing.

[4]  Daniel E. Holcomb,et al.  Remote Power Attacks on the Versatile Tensor Accelerator in Multi-Tenant FPGAs , 2021, 2021 IEEE 29th Annual International Symposium on Field-Programmable Custom Computing Machines (FCCM).

[5]  Junpeng Wan,et al.  Invisible Probe: Timing Attacks with PCIe Congestion Side-channel , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[6]  Dan Tsafrir,et al.  Characterizing, exploiting, and detecting DMA code injection vulnerabilities in the presence of an IOMMU , 2021, EuroSys.

[7]  Jacob C. N. Schuldt,et al.  On Private Information Retrieval Supporting Range Queries , 2020, ESORICS.

[8]  Animesh Trivedi,et al.  Stratus: Clouds with Microarchitectural Resource Management , 2020, HotCloud.

[9]  Herbert Bos,et al.  : Practical Cache Attacks from the Network , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[10]  Cristiano Giuffrida,et al.  TRRespass: Exploiting the Many Sides of Target Row Refresh , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[11]  T. Eisenbarth,et al.  JackHammer: Efficient Rowhammer on Heterogeneous FPGA-CPU Platforms , 2019, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[12]  Herbert Bos,et al.  RIDL: Rogue In-Flight Data Load , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[13]  Daniel Gruss,et al.  ZombieLoad: Cross-Privilege-Boundary Data Sampling , 2019, CCS.

[14]  Herbert Bos,et al.  Exploiting Correcting Codes: On the Effectiveness of ECC Memory Against Rowhammer Attacks , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[15]  David Pichardie,et al.  Verifying Constant-Time Implementations by Abstract Interpretation , 2019, ESORICS.

[16]  Thomas Eisenbarth,et al.  Undermining User Privacy on Mobile Devices Using AI , 2018, AsiaCCS.

[17]  Prateek Mittal,et al.  Robust Website Fingerprinting Through the Cache Occupancy Channel , 2018, USENIX Security Symposium.

[18]  Pepe Vila,et al.  Theory and Practice of Finding Eviction Sets , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[19]  Thomas Eisenbarth,et al.  MicroWalk: A Framework for Finding Side Channels in Binaries , 2018, ACSAC.

[20]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[21]  Andrew W. Moore,et al.  Understanding PCIe performance for end host networking , 2018, SIGCOMM.

[22]  Herbert Bos,et al.  Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks , 2018, USENIX Security Symposium.

[23]  G. Edward Suh,et al.  FPGA-Based Remote Power Side-Channel Attacks , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[24]  Herbert Bos,et al.  Grand Pwning Unit: Accelerating Microarchitectural Attacks with the GPU , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[25]  Kushagra Vaid,et al.  Azure Accelerated Networking: SmartNICs in the Public Cloud , 2018, NSDI.

[26]  Mehdi Baradaran Tahoori,et al.  An inside job: Remote power analysis attacks on FPGAs , 2018, 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[27]  Vincent Nicomette,et al.  IOMMU protection against I/O attacks: a vulnerability and a proof of concept , 2018, Journal of the Brazilian Computer Society.

[28]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[29]  Wouter Joosen,et al.  Automated Feature Extraction for Website Fingerprinting through Deep Learning. , 2017 .

[30]  Daniel Gruss,et al.  Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory , 2017, USENIX Security Symposium.

[31]  Craig Disselkoen,et al.  Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX , 2017, USENIX Security Symposium.

[32]  Thomas Eisenbarth,et al.  PerfWeb: How to Violate Web Privacy with Hardware Performance Events , 2017, ESORICS.

[33]  Stefan Mangard,et al.  Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript , 2017, Financial Cryptography.

[34]  Gorka Irazoqui Apecechea,et al.  CacheZoom: How SGX Amplifies The Power of Cache Attacks , 2017, CHES.

[35]  Vincent Nicomette,et al.  Bypassing IOMMU Protection against I/O Attacks , 2016, 2016 Seventh Latin-American Symposium on Dependable Computing (LADC).

[36]  Gorka Irazoqui Apecechea,et al.  Cache Attacks Enable Bulk Key Recovery on the Cloud , 2016, CHES.

[37]  Gilles Barthe,et al.  Verifying Constant-Time Implementations , 2016, USENIX Security Symposium.

[38]  Thomas Eisenbarth,et al.  Co-location detection on the Cloud , 2016, IACR Cryptol. ePrint Arch..

[39]  Gernot Heiser,et al.  CATalyst: Defeating last-level cache side channel attacks in cloud computing , 2016, 2016 IEEE International Symposium on High Performance Computer Architecture (HPCA).

[40]  Klaus Wehrle,et al.  Website Fingerprinting at Internet Scale , 2016, NDSS.

[41]  Stefan Mangard,et al.  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks , 2015, USENIX Security Symposium.

[42]  Stefan Mangard,et al.  ARMageddon: Cache Attacks on Mobile Devices , 2015, USENIX Security Symposium.

[43]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[44]  George Danezis,et al.  k-fingerprinting: A Robust Scalable Website Fingerprinting Technique , 2015, USENIX Security Symposium.

[45]  Gorka Irazoqui Apecechea,et al.  Systematic Reverse Engineering of Cache Slice Selection in Intel Processors , 2015, 2015 Euromicro Conference on Digital System Design.

[46]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[47]  Gorka Irazoqui Apecechea,et al.  S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES , 2015, 2015 IEEE Symposium on Security and Privacy.

[48]  Angelos D. Keromytis,et al.  The Spy in the Sandbox: Practical Cache Attacks in JavaScript and their Implications , 2015, CCS.

[49]  Michael K. Reiter,et al.  Cross-Tenant Side-Channel Attacks in PaaS Clouds , 2014, CCS.

[50]  Gilles Barthe,et al.  System-level Non-interference for Constant-time Cryptography , 2014, IACR Cryptol. ePrint Arch..

[51]  Ying Ye,et al.  COLORIS: A dynamic cache partitioning system using page coloring , 2014, 2014 23rd International Conference on Parallel Architecture and Compilation (PACT).

[52]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[53]  Carsten Willems,et al.  Practical Timing Side Channel Attacks against Kernel Space ASLR , 2013, 2013 IEEE Symposium on Security and Privacy.

[54]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[55]  Christoforos E. Kozyrakis,et al.  Vantage: Scalable and efficient fine-grain cache partitioning , 2011, 2011 38th Annual International Symposium on Computer Architecture (ISCA).

[56]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[57]  Gil Neiger,et al.  Intel ® Virtualization Technology for Directed I/O , 2006 .

[58]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[59]  Rafail Ostrovsky,et al.  Replication is not needed: single database, computationally-private information retrieval , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[60]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[61]  I. Verbauwhede,et al.  Double Trouble: Combined Heterogeneous Attacks on Non-Inclusive Cache Hierarchies , 2022, USENIX Security Symposium.

[62]  Moritz Lipp,et al.  ÆPIC Leak: Architecturally Leaking Uninitialized Data from the Microarchitecture , 2022, USENIX Security Symposium.

[63]  H. Bos,et al.  TLB;DR: Enhancing TLB-based Attacks with TLB Desynchronized Reverse Engineering , 2022, USENIX Security Symposium.

[64]  Peter G. Neumann,et al.  Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals , 2019, NDSS.

[65]  Kay Römer,et al.  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud , 2017, NDSS.

[66]  Herbert Bos,et al.  ASLR on the Line: Practical Cache Attacks on the MMU , 2017, NDSS.

[67]  Achieving Fast , Scalable I / O for Virtualized Servers With Intel ® Virtualization Technology and the PCI-SIG * Single Root I / O Virtualization and Sharing Specification , 2009 .