# Topic 11: Side Channels, Meltdown, and Spectre, Oh My!





ECE 4750 Computer Architecture

Prof. Anne Bracy

Based on slides by D. Zagieboylo, M. Hill, K. Sekniqi

1

3

## Side Channels

- An extra way to learn information about a program's execution
- Usually a way for an *attacker* to bypass security mechanisms



7

# Side Channels

• An extra way to learn information about a program's execution



• Usually a way for an attacker to bypass security mechanisms

- Power consumption
- Electromagnetic Radiation
- Responsiveness / Faults
- Timing



- Timing attacks are a BIG concern:
  - Can be executed remotely
  - · Hard to prevent all secret-dependent timing
  - Small differences can be amplified with repetition
  - Very stealthy



What influences a program's execution time?



- Dynamic instruction count
- Which branches get executed
- Cycles per instruction
  - Variable latency instructions (e.g., division)
  - TLB Hit or Miss (Page Fault)
  - Cache Hit or Miss
  - Correct vs. Incorrect Speculation
- Clock frequency
  - DVFS (Dynamic Voltage-Frequency Scaling)

# Cache Timing Channel very common side channel Fast/easy to execute High signal to noise (don't have to repeat much to be sure it worked) How it works: Prime + Probe: Setup cache state Run victim Time memory accesses "Which cache set did the victim access?"

```
Prime + Probe Example

//Attacker: (e.g., user process)
char arr[N_CACHE_SETS*LINE_SIZE];
for (int i = 0; i < N_CACHE_SETS; i++) {
    arr[i*LINE_SIZE] = 0;
}

62 & arr[62]

61 & arr[61]

...

Cache is now completely
filled with attacker's array.
```

5

```
Prime + Probe Example

//Attacker: (e.g., user process)
char arr[N_CACHE_SETS*LINE_SIZE];
for (int i = 0; i < N_CACHE_SETS; i++) {
    arr[i*LINE_SIZE] = 0;
}
//Call Victim Code (e.g., via syscall)
...
victim[secret] = data;
...
2 &arr[0]
1 &arr[1]
0 &arr[0]</pre>
```

```
Prime + Probe Example
                                                          Tag
//Attacker: (e.g., user process)
                                                 63 &arr[63]
char arr[N_CACHE_SETS*LINE_SIZE];
for (int i = 0; i < N_CACHE_SETS; i++) {</pre>
                                                 62 &arr[62]
      arr[i*LINE SIZE] = 0;
                                                 61 &arr[61]
//Call Victim Code (e.g., via syscall)
  victim[secret] = data;
                                                   2 &arr[0]
//Return to Attacker:
for (int i = 0; i < N CACHE SETS; i++) {
      time_start();
                                                  1 | &arr[1]
                                                                     Hit
      arr[i*LINE_SIZE] = 0;
      time end();
                                                  @ &arr[0]
                                                                     Hit
```

7





Recent Events – Transient Execution Attacks

• 2018

• Meltdown & Spectre – [Jann Horn, Google Project Zero]

Also, independently, Paul Kocher

• Both are microarchitectural attacks that allow the user to exploit speculative execution to learn secret data

• Make \$ timing channels super easy to exploit – nearly NO statistical analysis necessary, can pick any address you want to leak

• Meltdown affects almost every Intel chip made since 1995, and some ARM chips Spectre affects Everychip, Everywhere, All at once.

• Intel® pushes out several microcode (HW) patches that...don't work and cause BSOD

OS Compiler & Browser Mitigations (KPTL SLH Retpoline) start to be rolled out

11



12

### Recent Events – Transient Execution Attacks

- - Meltdown & Spectre [Jann Horn, Google Project Zero] Also, independently, Paul Kocher





- 2019
  - Spectre Variants (Speculative Store Bypass, Foreshadow, Zombieload) continue to haunt us
  - Numerous new microarchitectural designs to avoid Spectre are proposed at high profile research conferences
  - No new word from Intel, AMD, ARM, etc. on Spectre-secure designs
- 2020-2022
  - Even more Spectre attacks. Old defenses broken. New defenses proposed. Repeat.

Recent Events – Transient Execution Attacks

- - Meltdown & Spectre [Jann Horn, Google Project Zero] Also, independently, Paul Kocher





- 2018-19
  - OS patches for Meltdown released
  - Chipmakers plan to fix Meltdown in future HW
  - SW patches for Spectre\_v1 & v2 developed. Mostly unused outside Google Chrome & Cryptographic libraries
- 2020-2022
  - Spectre patches gain more traction, incorporated into LLVM
  - More variants discovered, highlights need for new design, not just adhoc patches
  - Still an open problem, the attack-defense vicious cycle continues.

13

15

14

16

## Background on Memory space 0xfffffffc The virtual address space of each process OS Memory contains user-level memory and OS memory. This is convenient for handling exceptions and making system calls (just change to privileged User-space memory mode and start fetching OS code). User-level process cannot load from OS memory. This is a permission violation. reserved

Background on Memory Checks <sub>exfffffff</sub> x = \*target\_addr; // user-level code OS Memory target\_addr →TLB detects illegal memory violation →instruction will throw an exception → seg fault kills the process. WHEN does detection & suppression happen?? User-space memory **EARLY:** AMD seems to suppress at TLB access **LATE:** Intel seems to suppress *after* cache access Architectural state not changed reserved • Micro-architectural state is changed!





17





19 20

t





21 22



23

Takeaways for Computer Architects

Architecture: timing-independent functional behavior of a computer Micro-architecture: implementation techniques to performance These choices have consequences!

What if a computer that is architecturally correct can leak protected information via its micro-architecture?

Perhaps our definition of "architecturally correct" needs re-thinking...

24

## Some References

25

New York Times: https://www.nytimes.com/2018/01/03/business/computer-flaws.html

Meltdown paper: https://meltdownattack.com/meltdown.pdf Spectre paper: https://spectreattack.com/spectre.pdf

A blog separating the two bugs: https://danielmiessler.com/blog/simple-explanationdifference-meltdown-spectre/

Google Blog: https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-youneed.html and https://googleprojectzero.blogspot.com/2018/01/reading-privilegedmemory-with-side.html

Industry News Sources: https://arstechnica.com/gadgets/2018/01/whats-behind-theintel-design-flaw-forcing-numerous-patches/ and https://www.theregister.co.uk/2018/01/02/intel cpu design flaw/