通信学报 ›› 2023, Vol. 44 ›› Issue (4): 64-77.doi: 10.11959/j.issn.1000-436x.2023051
唐明, 胡一凡
修回日期:
2022-10-08
出版日期:
2023-04-25
发布日期:
2023-04-01
作者简介:
唐明(1976- ),女,湖北武汉人,博士,武汉大学教授、博士生导师,主要研究方向为信息安全、密码学和密码芯片等基金资助:
Ming TANG, Yifan HU
Revised:
2022-10-08
Online:
2023-04-25
Published:
2023-04-01
Supported by:
摘要:
为了研究现代处理器微架构中的漏洞并制定对应防护,针对负责管理访存指令执行顺序的内存顺序缓冲(MOB)进行分析,发现前向加载会把存在依赖的store指令的数据直接旁路到load指令,推测加载会提前执行不存在依赖的load指令,在带来效率优化的同时,也可能导致执行出错与相应的阻塞。针对Intel Coffee Lake微架构上现有MOB优化机制,分析如何利用内存顺序缓冲的4种执行模式与对应执行时间,构造包括暂态攻击、隐蔽信道与还原密码算法私钥的多种攻击。利用MOB引发的时间差还原内存指令地址,该地址可泄露AES T表实现的索引值。在Intel i5-9400处理器上对OpenSSL 3.0.0的AES-128进行了密钥还原实验,实验结果显示, 30 000组样本能以63.6%概率还原出一个密钥字节,且由于内存顺序缓冲的特性,该利用隐蔽性优于传统cache时间泄露。
中图分类号:
唐明, 胡一凡. Load-to-store: store buffer暂态窗口时间泄露的利用[J]. 通信学报, 2023, 44(4): 64-77.
Ming TANG, Yifan HU. Load-to-store: exploit the time leakage of store buffer transient window[J]. Journal on Communications, 2023, 44(4): 64-77.
表4
现有微架构攻击的防护方案"
防护方案 | 防护措施 | 具体方法 |
针对TA的防护方案 | 软件级别防护TA触发 | 对spectre v1触发:文献[ |
软件级别检测是否存在漏洞 | 对分支条件进行掩码防护:文献[ | |
模糊测试:文献[ | ||
符号执行:文献[ | ||
改进微架构设计 | 对条件分支相关部分的修改:文献[ | |
解码阶段的隔离:文献[ | ||
修改数据传播的控制策略:文献[ | ||
利用污点分析检测泄露:文献[ | ||
安全内存设计:文献[ | ||
针对隐蔽信道的防护方案 | 阻止发送方发送有效信息 | InvisiSpec:文献[ |
Muontrap:文献[ | ||
CleanupSpec:文献[ | ||
降低信道质量 | 限制接收方带宽:文献[ |
[1] | HENNESSY J L , PATTERSON D A . Computer architecture:a quantitative approach[M]. Fifth Edition. San Francisco: Margan Kaufmann, 2006. |
[2] | SCHAIK V S , MILBURN A , ?STERLUND S ,et al. RIDL:rogue In-flight data load[C]// Proceedings of 2019 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2019: 88-105. |
[3] | ABU-GHAZALEH N , PONOMAREV D , EVTYUSHKIN D . How the Spectre and meltdown hacks really worked[J]. IEEE Spectrum, 2019,56(3): 42-49. |
[4] | SULLIVAN D , ARIAS O , MEADE T ,et al. Microarchitectural minefields:4K-aliasing covert channel and multi-tenant detection in IaaS clouds[C]// Proceedings of 2018 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2018: 1-14. |
[5] | MOGHIMI A , WICHELMANN J , EISENBARTH T ,et al. MemJam:a false dependency attack against constant-time crypto implementations[J]. International Journal of Parallel Programming, 2019,47(4): 538-570. |
[6] | ISLAM S , MOGHIMI A , BRUHNS I ,et al. SPOILER:speculative load hazards boost rowhammer and cache attacks[C]// Proceedings of the 28th USENIX Conference on Security Symposium. New York:ACM Press, 2019: 621-637. |
[7] | YAROM Y , FALKNER K . Flush+Reload:a high resolution,low noise,L3 cache side-channel attack[C]// Proceedings of the 23rd USENIX Conference on Security Symposium. New York:ACM Press, 2014: 719-732. |
[8] | KOCHER P , HORN J , FOGH A ,et al. Spectre attacks:exploiting speculative execution[C]// Proceedings of 2019 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2019: 1-19. |
[9] | LIPP M , SCHWARZ M , GRUSS D ,et al. Meltdown:reading kernel memory from user space[J]. Communications of the ACM, 2020,63(6): 46-56. |
[10] | OSVIK D A , SHAMIR A , TROMER E . Cache attacks and countermeasures:the case of AES[C]// Proceedings of the Cryptographers’ Track at the RSA Conference on Topics in Cryptology. New York:ACM Press, 2006: 1-20. |
[11] | GRUSS D , MAURICE C , WAGNER K ,et al. Flush+Flush:a fast and stealthy cache attack[M]. Cham: Springer International Publishing, 2016. |
[12] | CANELLA C , GENKIN D , GINER L ,et al. Fallout:leaking data on meltdown-resistant CPUs[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2019: 769-784. |
[13] | YAN M J , CHOI J , SKARLATOS D ,et al. InvisiSpec:making speculative execution invisible in the cache hierarchy[C]// Proceedings of 51st Annual IEEE/ACM International Symposium on Microarchitecture. Piscataway:IEEE Press, 2018: 428-441. |
[14] | BENGER N M , POL J V D , SMART N P ,et al. “Ooh aah...just a little bit”:a small amount of side channel can go a long way[C]// International Workshop on Cryptographic Hardware and Embedded Systems. Berlin:Springer, 2014: 75-92. |
[15] | SCHWARZ M , CANELLA C , GINER L ,et al. Store-to-leak forwarding:leaking data on meltdown-resistant CPUs (updated and extended version)[J]. arXiv Preprint,arXiv:1905.05725, 2019. |
[16] | KURTH M , GRAS B , ANDRIESSE D ,et al. NetCAT:practical cache attacks from the network[C]// Proceedings of 2020 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2020: 20-38. |
[17] | RAMANATHAN R M , CURRY R , CHENNUPATY S ,et al. Extending the world’s most popular processor architecture[J]. Intel Whitepaper, 2006,1(1): 2-10. |
[18] | BERNSTEIN D J , BREITNER J , GENKIN D ,et al. Sliding right into disaster:left-to-right sliding windows leak[C]// International Conference on Cryptographic Hardware and Embedded Systems. Berlin:Springer, 2017: 555-576. |
[19] | LOU X X , ZHANG T W , JIANG J ,et al. A survey of microarchitectural side-channel vulnerabilities,attacks,and defenses in cryptography[J]. ACM Computing Surveys, 2022,54(6): 1-37. |
[20] | XIONG W J , SZEFER J . Leaking information through cache LRU states[C]// Proceedings of 2020 IEEE International Symposium on High Performance Computer Architecture. Piscataway:IEEE Press, 2020: 139-152. |
[21] | SCHAIK S V , MINKIN M , KWONG A ,et al. CacheOut:leaking data on Intel CPUs via cache evictions[C]// Proceedings of 2021 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2021: 339-354. |
[22] | PURNAL A , GINER L , GRUSS D ,et al. Systematic analysis of randomization-based protected cache architectures[C]// Proceedings of 2021 IEEE Symposium on Security and Privacy. Piscataway:IEEE Press, 2021: 987-1002. |
[23] | YAN M , FLETCHER C W , TORRELLAS J . Cache telepathy:leveraging shared resource attacks to learn {DNN} architectures[C]// Proceedings of 29th USENIX Security Symposium. Berkeley:USENIX Association, 2020: 2003-2020. |
[24] | ABRAMSON J M , AKKARY H , GLEW A F ,et al. Method and apparatus for performing a store operation:US6378062[P].[2002-04-23]. |
[25] | ABRAMSON J M , AKKARY H , GLEW A F ,et al. Method and apparatus for dispatching and executing a load operation to memory:US5717882[P].[1998-02-10]. |
[26] | BARBERIS E , FRIGO P , MUENCH M ,et al. Branch history injection:on the effectiveness of hardware mitigations against Spectre-v2 attacks[C]// Proceedings of 31st USENIX Security Symposium. Berkeley:USENIX Association, 2022: 971-988. |
[27] | OLEKSENKO O , TRACH B , REIHER T ,et al. You shall not bypass:employing data dependencies to prevent bounds check bypass[J]. arXiv Preprint,arXiv:1805.08506, 2018. |
[28] | OLEKSENKO O , TRACH B , SILBERSTEIN M ,et al. SpecFuzz:bringing Spectre-type vulnerabilities to the surface[C]// Proceedings of the 29th USENIX Conference on Security Symposium. Berkeley:USENIX Association, 2020: 1481-1498. |
[29] | WANG G H , CHATTOPADHYAY S , BISWAS A K ,et al. KLEESpectre:detecting information leakage through speculative cache attacks via symbolic execution[J]. ACM Transactions on Software Engineering and Methodology, 2020,29(3): 1-31. |
[30] | YU J Y , YAN M J , KHYZHA A ,et al. Speculative taint tracking (STT):a comprehensive protection for speculatively accessed data[J]. IEEE Micro, 2020,40(3): 81-90. |
[31] | FUSTOS J , FARSHCHI F , YUN H . SpectreGuard:an efficient data-centric defense mechanism against Spectre attacks[C]// Proceedings of 2019 56th ACM/IEEE Design Automation Conference. Piscataway:IEEE Press, 2019: 1-6. |
[32] | KELSEY K , BAI T X , DING C ,et al. Fast track:a software system for speculative program optimization[C]// Proceedings of 2009 International Symposium on Code Generation and Optimization. Piscataway:IEEE Press, 2009: 157-168. |
[33] | MCILROY R , SEVCIK J , TEBBI T ,et al. Spectre is here to stay:an analysis of side-channels and speculative execution[J]. arXiv Preprint,arXiv:1902.05178, 2019. |
[34] | TARAM M , VENKAT A , TULLSEN D . Context-sensitive fencing:securing speculative execution via microcode customization[C]// Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems. New York:ACM Press, 2019: 395-410. |
[35] | WEISSE O , NEAL I , LOUGHLIN K ,et al. NDA:preventing speculative execution attacks at their source[C]// Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture. New York:ACM Press, 2019: 572-586. |
[36] | SUN K , BRANCO R , HU K . A new memory type against speculative side channel attacks[J]. Intel-Strategic Offensive Research & Mitigations, 2019,1(1): 2-16. |
[37] | AINSWORTH S , JONES T M . MuonTrap:preventing cross-domain Spectre-like attacks by capturing speculative state[C]// Proceedings of 2020 ACM/IEEE 47th Annual International Symposium on Computer Architecture. Piscataway:IEEE Press, 2020: 132-144. |
[38] | SAILESHWAR G , QURESHI M K . CleanupSpec:an “undo” approach to safe speculation[C]// Proceedings of the 52nd Annual IEEE/ACM International Symposium on Microarchitecture. New York:ACM Press, 2019: 73-86. |
[39] | SCHWARZ M , LIPP M , GRUSS D . JavaScript zero:real JavaScript and zero side-channel attacks[C]// Proceedings 2018 Network and Distributed System Security Symposium. Virginia:the Internet Society, 2018: 1-12. |
[1] | 胡柏吉, 张晓娟, 李元诚, 赖荣鑫. 支持多功能的V2G网络隐私保护数据聚合方案[J]. 通信学报, 2023, 44(4): 187-200. |
[2] | 黄冬艳, 李琨. 多地址的时间型区块链隐蔽通信方法研究[J]. 通信学报, 2023, 44(2): 148-159. |
[3] | 张淑芬, 董燕灵, 徐精诚, 王豪石. 基于目标扰动的AdaBoost算法[J]. 通信学报, 2023, 44(2): 198-209. |
[4] | 杨冬梅, 陈越, 魏江宏, 胡学先. 基于身份的可穿刺签名方案[J]. 通信学报, 2021, 42(12): 17-26. |
[5] | 史瑞, 封化民, 谢惠琴, 史国振, 刘飚, 杨旸. 基于带智能卡的移动终端实现的隐私保护的属性票据方案[J]. 通信学报, 2022, 43(10): 26-41. |
[6] | 康海燕, 冀源蕊. 基于本地化差分隐私的联邦学习方法研究[J]. 通信学报, 2022, 43(10): 94-105. |
[7] | 佘维, 荣欣鹏, 刘炜, 田钊. 基于马尔可夫链的生成式区块链隐蔽通信模型[J]. 通信学报, 2022, 43(10): 121-132. |
[8] | 李雷孝, 杜金泽, 林浩, 高昊昱, 杨艳艳, 高静. 区块链网络隐蔽信道研究进展[J]. 通信学报, 2022, 43(9): 209-223. |
[9] | 哈冠雄, 贾巧雯, 陈杭, 贾春福. 无第三方服务器的基于数据流行度的加密去重方案[J]. 通信学报, 2022, 43(8): 17-29. |
[10] | 封化民, 史瑞, 袁峰, 李艳俊, 杨旸. 高效的强隐私保护和可转让的属性票据方案[J]. 通信学报, 2022, 43(3): 63-75. |
[11] | 向夏雨, 王佳慧, 王子睿, 段少明, 潘鹤中, 庄荣飞, 韩培义, 刘川意. 基于生成对抗网络技术的医疗仿真数据生成方法[J]. 通信学报, 2022, 43(3): 211-224. |
[12] | 张红霞, 王琪, 王登岳, 王奔. 基于深度学习的区块链蜜罐陷阱合约检测[J]. 通信学报, 2022, 43(1): 194-202. |
[13] | 潘鹤中, 韩培义, 向夏雨, 段少明, 庄荣飞, 刘川意. 深度学习数据窃取攻击在数据沙箱模式下的威胁分析与防御方法研究[J]. 通信学报, 2021, 42(11): 133-144. |
[14] | 贾春福, 哈冠雄, 武少强, 陈杭, 李瑞琪. 加密去重场景下基于AONT和NTRU的密钥更新方案[J]. 通信学报, 2021, 42(10): 67-80. |
[15] | 杨晓元, 毕新亮, 刘佳, 黄思远. 结合图像加密与深度学习的高容量图像隐写算法[J]. 通信学报, 2021, 42(9): 96-105. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|