ZombieLoad: Cross-Privilege-Boundary Data Sampling

Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, Daniel Gruss

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space by exploiting side-effects from transient instructions. While this attack has been mitigated through stronger isolation boundaries between user and kernel space, Meltdown inspired an entirely new class of fault-driven transient execution attacks. Particularly, over the past year, Meltdown-type attacks have been extended to not only leak data from the L1 cache but also from various other microarchitectural structures, including the FPU register file and store buffer. In this paper, we present the ZombieLoad attack which uncovers a novel Meltdown-type effect in the processor's previously unexplored fill-buffer logic. Our analysis shows that faulting load instructions (i.e., loads that have to be re-issued for either architectural or microarchitectural reasons) may transiently dereference unauthorized destinations previously brought into the fill buffer by the current or a sibling logical CPU. Hence, we report data leakage of recently loaded stale values across logical cores. We demonstrate ZombieLoad's effectiveness in a multitude of practical attack scenarios across CPU privilege rings, OS processes, virtual machines, and SGX enclaves. We discuss both short and long-term mitigation approaches and arrive at the conclusion that disabling hyperthreading is the only possible workaround to prevent this extremely powerful attack on current processors.
Originalspracheenglisch
TitelCCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
Herausgeber (Verlag)ACM/IEEE
PublikationsstatusAngenommen/In Druck - 12 Nov 2019
VeranstaltungACM CCS 2019: 26th ACM Conference on Computer and Communications Security - London, Großbritannien / Vereinigtes Königreich
Dauer: 11 Nov 201915 Nov 2019

Konferenz

KonferenzACM CCS 2019
LandGroßbritannien / Vereinigtes Königreich
OrtLondon
Zeitraum11/11/1915/11/19

Fingerprint

Program processors
Sampling
Faulting
Data storage equipment
Virtual machine

Schlagwörter

    Dies zitieren

    Schwarz, M., Lipp, M., Moghimi, D., Bulck, J. V., Stecklina, J., Prescher, T., & Gruss, D. (Angenommen/Im Druck). ZombieLoad: Cross-Privilege-Boundary Data Sampling. in CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security ACM/IEEE.

    ZombieLoad : Cross-Privilege-Boundary Data Sampling. / Schwarz, Michael; Lipp, Moritz; Moghimi, Daniel; Bulck, Jo Van; Stecklina, Julian; Prescher, Thomas; Gruss, Daniel.

    CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM/IEEE, 2019.

    Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

    Schwarz, M, Lipp, M, Moghimi, D, Bulck, JV, Stecklina, J, Prescher, T & Gruss, D 2019, ZombieLoad: Cross-Privilege-Boundary Data Sampling. in CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM/IEEE, London, Großbritannien / Vereinigtes Königreich, 11/11/19.
    Schwarz M, Lipp M, Moghimi D, Bulck JV, Stecklina J, Prescher T et al. ZombieLoad: Cross-Privilege-Boundary Data Sampling. in CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM/IEEE. 2019
    Schwarz, Michael ; Lipp, Moritz ; Moghimi, Daniel ; Bulck, Jo Van ; Stecklina, Julian ; Prescher, Thomas ; Gruss, Daniel. / ZombieLoad : Cross-Privilege-Boundary Data Sampling. CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM/IEEE, 2019.
    @inproceedings{0f583c8949b44ad088c859722bc9f3b2,
    title = "ZombieLoad: Cross-Privilege-Boundary Data Sampling",
    abstract = "In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space by exploiting side-effects from transient instructions. While this attack has been mitigated through stronger isolation boundaries between user and kernel space, Meltdown inspired an entirely new class of fault-driven transient execution attacks. Particularly, over the past year, Meltdown-type attacks have been extended to not only leak data from the L1 cache but also from various other microarchitectural structures, including the FPU register file and store buffer. In this paper, we present the ZombieLoad attack which uncovers a novel Meltdown-type effect in the processor's previously unexplored fill-buffer logic. Our analysis shows that faulting load instructions (i.e., loads that have to be re-issued for either architectural or microarchitectural reasons) may transiently dereference unauthorized destinations previously brought into the fill buffer by the current or a sibling logical CPU. Hence, we report data leakage of recently loaded stale values across logical cores. We demonstrate ZombieLoad's effectiveness in a multitude of practical attack scenarios across CPU privilege rings, OS processes, virtual machines, and SGX enclaves. We discuss both short and long-term mitigation approaches and arrive at the conclusion that disabling hyperthreading is the only possible workaround to prevent this extremely powerful attack on current processors.",
    keywords = "cs.CR",
    author = "Michael Schwarz and Moritz Lipp and Daniel Moghimi and Bulck, {Jo Van} and Julian Stecklina and Thomas Prescher and Daniel Gruss",
    year = "2019",
    month = "11",
    day = "12",
    language = "English",
    booktitle = "CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security",
    publisher = "ACM/IEEE",

    }

    TY - GEN

    T1 - ZombieLoad

    T2 - Cross-Privilege-Boundary Data Sampling

    AU - Schwarz, Michael

    AU - Lipp, Moritz

    AU - Moghimi, Daniel

    AU - Bulck, Jo Van

    AU - Stecklina, Julian

    AU - Prescher, Thomas

    AU - Gruss, Daniel

    PY - 2019/11/12

    Y1 - 2019/11/12

    N2 - In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space by exploiting side-effects from transient instructions. While this attack has been mitigated through stronger isolation boundaries between user and kernel space, Meltdown inspired an entirely new class of fault-driven transient execution attacks. Particularly, over the past year, Meltdown-type attacks have been extended to not only leak data from the L1 cache but also from various other microarchitectural structures, including the FPU register file and store buffer. In this paper, we present the ZombieLoad attack which uncovers a novel Meltdown-type effect in the processor's previously unexplored fill-buffer logic. Our analysis shows that faulting load instructions (i.e., loads that have to be re-issued for either architectural or microarchitectural reasons) may transiently dereference unauthorized destinations previously brought into the fill buffer by the current or a sibling logical CPU. Hence, we report data leakage of recently loaded stale values across logical cores. We demonstrate ZombieLoad's effectiveness in a multitude of practical attack scenarios across CPU privilege rings, OS processes, virtual machines, and SGX enclaves. We discuss both short and long-term mitigation approaches and arrive at the conclusion that disabling hyperthreading is the only possible workaround to prevent this extremely powerful attack on current processors.

    AB - In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space by exploiting side-effects from transient instructions. While this attack has been mitigated through stronger isolation boundaries between user and kernel space, Meltdown inspired an entirely new class of fault-driven transient execution attacks. Particularly, over the past year, Meltdown-type attacks have been extended to not only leak data from the L1 cache but also from various other microarchitectural structures, including the FPU register file and store buffer. In this paper, we present the ZombieLoad attack which uncovers a novel Meltdown-type effect in the processor's previously unexplored fill-buffer logic. Our analysis shows that faulting load instructions (i.e., loads that have to be re-issued for either architectural or microarchitectural reasons) may transiently dereference unauthorized destinations previously brought into the fill buffer by the current or a sibling logical CPU. Hence, we report data leakage of recently loaded stale values across logical cores. We demonstrate ZombieLoad's effectiveness in a multitude of practical attack scenarios across CPU privilege rings, OS processes, virtual machines, and SGX enclaves. We discuss both short and long-term mitigation approaches and arrive at the conclusion that disabling hyperthreading is the only possible workaround to prevent this extremely powerful attack on current processors.

    KW - cs.CR

    M3 - Conference contribution

    BT - CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

    PB - ACM/IEEE

    ER -