ConTExT: A Generic Approach for Mitigating Spectre

Out-of-order execution and speculative execution are among the biggest contributors to performance and efficiency of modern processors. However, they are inconsiderate, leaking secret data during the transient execution of instructions. Many solutions and hardware fixes have been proposed for mitigating transient-execution attacks. However, they either do not eliminate the leakage entirely or introduce unacceptable performance penalties. In this paper, we propose ConTExT, a Considerate Transient Execution Technique. ConTExT is a minimal and fully backward compatible architecture change. The basic idea of ConTExT is that secrets can enter registers but not transiently leave them. ConTExT transforms Spectre from a problem that cannot be solved purely in software [65], to a problem that is not easy to solve, but solvable in software. For this, ConTExT requires minimal, fully backward-compatible modifications of applications, compilers, operating systems, and the hardware. ConTExT offers full protection for secrets in memory and secrets in registers. With ConTExT-light, we propose a software-only solution of ConTExT for existing commodity CPUs protecting secrets in memory. We evaluate the security and performance of ConTExT. Even when over-approximating with ConTExT-light, we observe no performance overhead for unprotected code and data, and an overhead between 0% and 338% for security-critical applications while protecting against all Spectre variants.

[1]  Herbert Bos,et al.  RIDL: Rogue In-Flight Data Load , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[2]  Daniel Gruss,et al.  Kernel Isolation: From an Academic Idea to an Efficient Patch for Every Computer , 2018, login Usenix Mag..

[3]  No License,et al.  Intel ® 64 and IA-32 Architectures Software Developer ’ s Manual Volume 3 A : System Programming Guide , Part 1 , 2006 .

[4]  Carl A. Waldspurger,et al.  Speculative Buffer Overflows: Attacks and Defenses , 2018, ArXiv.

[5]  Thomas F. Wenisch,et al.  Foreshadow-NG: Breaking the virtual memory abstraction with transient out-of-order execution , 2018 .

[6]  Kevin P. Lawton Bochs: A Portable PC Emulator for Unix/X , 1996 .

[7]  Adi Shamir,et al.  Cache Attacks and Countermeasures: The Case of AES , 2006, CT-RSA.

[8]  Bei Yu,et al.  TaintTrace: Efficient Flow Tracing with Dynamic Binary Rewriting , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).

[9]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[10]  Peter G. Neumann,et al.  CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization , 2015, 2015 IEEE Symposium on Security and Privacy.

[11]  Marcus Peinado,et al.  Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing , 2016, USENIX Security Symposium.

[12]  Nael B. Abu-Ghazaleh,et al.  SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation , 2018, 2019 56th ACM/IEEE Design Automation Conference (DAC).

[13]  Dmitry V. Ponomarev,et al.  Covert Channels through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations , 2016, CCS.

[14]  David Brumley,et al.  All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask) , 2010, 2010 IEEE Symposium on Security and Privacy.

[15]  Josep Torrellas,et al.  InvisiSpec: Making Speculative Execution Invisible in the Cache Hierarchy , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[16]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[17]  Babak Falsafi,et al.  SMoTherSpectre: Exploiting Speculative Execution through Port Contention , 2019, CCS.

[18]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[19]  Daniel Gruss,et al.  ZombieLoad: Cross-Privilege-Boundary Data Sampling , 2019, CCS.

[20]  Frank Piessens,et al.  Fallout: Leaking Data on Meltdown-resistant CPUs , 2019, CCS.

[21]  Gorka Irazoqui Apecechea,et al.  Cross Processor Cache Attacks , 2016, IACR Cryptol. ePrint Arch..

[22]  Thomas F. Wenisch,et al.  Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution , 2018, USENIX Security Symposium.

[23]  Zhenyu Wu,et al.  Whispers in the Hyper-Space: High-Bandwidth and Reliable Covert Channel Attacks Inside the Cloud , 2015, IEEE/ACM Transactions on Networking.

[24]  Klaus Wagner,et al.  Flush+Flush: A Fast and Stealthy Cache Attack , 2015, DIMVA.

[25]  Daniel Gruss,et al.  Store-to-Leak Forwarding: Leaking Data on Meltdown-resistant CPUs , 2019, ArXiv.

[26]  Jonathan Levin Mac OS X and iOS Internals: To the Apple's Core , 2012 .

[27]  Christian Rossow,et al.  ret2spec: Speculative Execution Using Return Stack Buffers , 2018, CCS.

[28]  Stefan Mangard,et al.  DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks , 2015, USENIX Security Symposium.

[29]  Aseem Rastogi,et al.  ConfLLVM: A Compiler for Enforcing Data Confidentiality in Low-Level Code , 2019, EuroSys.

[30]  Nael B. Abu-Ghazaleh,et al.  Spectre Returns! Speculation Attacks Using the Return Stack Buffer , 2018, IEEE Design & Test.

[31]  Stefan Mangard,et al.  Rowhammer.js: A Remote Software-Induced Fault Attack in JavaScript , 2015, DIMVA.

[32]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[33]  Frank Piessens,et al.  A Systematic Evaluation of Transient Execution Attacks and Defenses , 2018, USENIX Security Symposium.

[34]  Stefan Mangard,et al.  Fantastic Timers and Where to Find Them: High-Resolution Microarchitectural Attacks in JavaScript , 2017, Financial Cryptography.

[35]  Margaret Martonosi,et al.  MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols , 2018, ArXiv.

[36]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[37]  Somayeh Sardashti,et al.  The gem5 simulator , 2011, CARN.

[38]  James Newsome,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software , 2005, NDSS.

[39]  Charles Reis,et al.  Site Isolation: Process Separation for Web Sites within the Browser , 2019, USENIX Security Symposium.

[40]  Mordechai Guri,et al.  BitWhisper: Covert Signaling Channel between Air-Gapped Computers Using Thermal Manipulations , 2015, 2015 IEEE 28th Computer Security Foundations Symposium.

[41]  Debdeep Mukhopadhyay,et al.  Template Attack on Blinded Scalar Multiplication with Asynchronous perf-ioctl Calls , 2017, IACR Cryptol. ePrint Arch..

[42]  Dean M. Tullsen,et al.  Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization , 2019, ASPLOS.

[43]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[44]  Nael B. Abu-Ghazaleh,et al.  Jump over ASLR: Attacking branch predictors to bypass ASLR , 2016, 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[45]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[46]  Nael B. Abu-Ghazaleh,et al.  BranchScope: A New Side-Channel Attack on Directional Branch Predictor , 2018, ASPLOS.

[47]  Kay Römer,et al.  Hello from the Other Side: SSH over Robust Cache Covert Channels in the Cloud , 2017, NDSS.

[48]  Stefan Mangard,et al.  KASLR is Dead: Long Live KASLR , 2017, ESSoS.

[49]  Guru Venkataramani,et al.  FlexiTaint: A programmable accelerator for dynamic taint propagation , 2008, 2008 IEEE 14th International Symposium on High Performance Computer Architecture.

[50]  Srinivas Devadas,et al.  DAWG: A Defense Against Cache Timing Attacks in Speculative Execution Processors , 2018, 2018 51st Annual IEEE/ACM International Symposium on Microarchitecture (MICRO).

[51]  Zhenkai Liang,et al.  BitBlaze: A New Approach to Computer Security via Binary Analysis , 2008, ICISS.

[52]  Christof Fetzer,et al.  You Shall Not Bypass: Employing data dependencies to prevent Bounds Check Bypass , 2018, ArXiv.

[53]  George Candea,et al.  Code-pointer integrity , 2014, OSDI.

[54]  Tal Garfinkel,et al.  Understanding data lifetime via whole system simulation , 2004 .

[55]  Sencun Zhu,et al.  STILL: Exploit Code Detection via Static Taint and Initialization Analyses , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[56]  Gernot Heiser,et al.  A survey of microarchitectural timing attacks and countermeasures on contemporary hardware , 2016, Journal of Cryptographic Engineering.

[57]  Jacques Klein,et al.  FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps , 2014, PLDI.

[58]  Toon Verwaest,et al.  Spectre is here to stay: An analysis of side-channels and speculative execution , 2019, ArXiv.

[59]  Mohamad El Hajj,et al.  Data Oblivious ISA Extensions for Side Channel-Resistant and High Performance Computing , 2018, IACR Cryptol. ePrint Arch..

[60]  Cheng Wang,et al.  LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks , 2006, 2006 39th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO'06).

[61]  Mathias Payer,et al.  DataShield: Configurable Data Confidentiality and Integrity , 2017, AsiaCCS.

[62]  Herbert Bos,et al.  Pointless tainting?: evaluating the practicality of pointer tainting , 2009, EuroSys '09.

[63]  Martin Schwarzl,et al.  NetSpectre: Read Arbitrary Memory over Network , 2018, ESORICS.

[64]  Matti A. Hiltunen,et al.  An exploration of L2 cache covert channels in virtualized environments , 2011, CCSW '11.