Skip to content

Meltdown & Spectre

Key terms

  • side channel - any system characteristic that can be used to convey information, other than the intended input and output channels e.g. disk or memory usage, electromagnetic radiation, sound, power consumption, etc.

  • FLUSH + RELOAD technique used in cache side channel, has 3 steps:

    1. Flush: flush cache memory to make sure none of array elements are cached
    2. Get secret: access secret element and it will get cached
    3. Reload: memory has been erased but cached values remain: the access time for secret element will be faster because it is in the cache

  • Meltdown and spectre are closely related: both exploit race conditions and the CPU cache as a side channel

    • meltdown targets kernel memory
    • spectre can target memory anywhere

Meltdown

  • hardware vulnerability in the CPU design leading to data leakage
  • allows user-level programs to read data in kernel memory
  • fixing the vulnerability is difficult because it requires changing CPUs
  • affects older Intel and ARM processors
  • caused by out-of-order execution and race condition: results of execution are not committed before access check finishes → issue: the CPU cache is not wiped out after permission denied - if data was accessed it will still be in the CPU cache

Details

  • out-of-order execution creates an opportunity to read kernel memory → this is a race condition between reading secret and performing access check
  • uses FLUSH + RELOAD technique with CPU cache as a side channel
    • use cache block size that is greater than typical cache block size (64 bits) → no two elements will be in the same cache block
    • avoid using array index 0 because it may be cached due to variables in adjacent memory
  • 2 pieces of information are required:
    • knowing the address of the secret data
    • the secret data needs to be cached
  • there are several challenges to successfully carrying out the attack:
    • in C: use signal handler to catch segmentation fault that will be raise following attempt to access kernel memory
    • if loading data to register is slower than access check the attack will not succeed → → using assembly and adding additonal statements can impact the execution and delay access check to improve chances of success
    • side-channels can be noisy and fail to obtain results due to race conditions → run program multiple times to counter these issues

Countermeasures

Most OSs have developed ways to make this attack more difficult: do not map any kernel memory in user space except what is needed by x86 architecture → addresses cannot be resolved and attack fails.

Spectre

  • uses CPU cache as a side channel to steal secret from a protected region
  • exploits a race condition vulnerability in the design of speculative execution implemented in most CPUs
  • allows malicious program to read data from area that is not accessible to it by breaking inter-process and intra-process isolation
  • restricted data does not need to reside in kernel memory → defending against spectre is difficult
  • affects many modern processors including Intel, AMD, ARM
  • name is based on the root cause: speculative execution

example

1
2
3
4
data = 0;
if(x < size) {
   data = data + 5;
}
  • parallel execution may cause statements to execute out of order: if size is not in CPU cache → execution of true block may begin before condition has been checked → out-of-order execution
  • if the evaluation of condition is true computation proceeds quicker
  • if the evaluation of condition is false, the CPU will revert to saved state
  • CPU cache is not cleared in the false case → observable effect

Details

  • goal is to read data in protected memory → if CPU cache is not cleaned it serves as a side channel
  • CPUs perform speculative evaluation → train the CPU to select the desired branch as prediction result
  • protection between processes is done in hardware and protection within same process is done in software → spectre works against both types of defences
  • address of secret value should be known (attacker may attempt to guess)
  • the results have noise and may not be accurate → perform attack multiple times
  • capture one character at a time → repeat to capture longer strings

Countermeasures

Fixing spectre requires redesign of CPUs. Several variants also exist making the fixing more challenging. In the meantime software fixes can be implemented: better sandboxing mechanisms that eliminate security impact of speculative execution; creating more noise and reduce resolution of timers to make side channels less accurate.