Fallout: Leaking Data on Meltdown-resistant CPUs

Claudio Alberto Canella, Daniel Genkin, Lukas Giner, Daniel Gruß, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, Jo Van Bulck, Yuval Yarom

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Abstract

Meltdown and Spectre enable arbitrary data leakage from memory via various side channels. Short-term software mitigations for Meltdown are only a temporary solution with a significant performance overhead. Due to hardware fixes, these mitigations are disabled on recent processors.

In this paper, we show that Meltdown-like attacks are still possible on recent CPUs which are not vulnerable to Meltdown. We identify two behaviors of the store buffer, a microarchitectural resource to reduce the latency for data stores, that enable powerful attacks. The first behavior, Write Transient Forwarding forwards data from stores to subsequent loads even when the load address differs from that of the store. The second, Store-to-Leak exploits the interaction between the TLB and the store buffer to leak metadata on store addresses. Based on these, we develop multiple attacks and demonstrate data leakage, control flow recovery, and attacks on ASLR. Our paper shows that Meltdown-like attacks are still possible, and software fixes with potentially significant performance overheads are still necessary to ensure proper isolation between the kernel and user space.
Original languageEnglish
Title of host publicationCCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
PublisherACM/IEEE
Pages769-784
Number of pages15
ISBN (Electronic)978-1-4503-6747-9
DOIs
Publication statusPublished - 12 Nov 2019
EventACM CCS 2019: 26th ACM Conference on Computer and Communications Security - London, United Kingdom
Duration: 11 Nov 201915 Nov 2019

Conference

ConferenceACM CCS 2019
CountryUnited Kingdom
CityLondon
Period11/11/1915/11/19

Fingerprint

Fallout
Metadata
Flow control
Program processors
Hardware
Data storage equipment
Recovery

Keywords

  • side-channel attack
  • Meltdown
  • Spectre
  • store buffer
  • store-to-load

Cite this

Canella, C. A., Genkin, D., Giner, L., Gruß, D., Lipp, M., Minkin, M., ... Yarom, Y. (2019). Fallout: Leaking Data on Meltdown-resistant CPUs. In CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 769-784). ACM/IEEE. https://doi.org/10.1145/3319535.3363219

Fallout: Leaking Data on Meltdown-resistant CPUs. / Canella, Claudio Alberto; Genkin, Daniel; Giner, Lukas; Gruß, Daniel; Lipp, Moritz; Minkin, Marina; Moghimi, Daniel; Piessens, Frank; Schwarz, Michael; Sunar, Berk; Bulck, Jo Van; Yarom, Yuval.

CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM/IEEE, 2019. p. 769-784.

Research output: Chapter in Book/Report/Conference proceedingConference contributionResearchpeer-review

Canella, CA, Genkin, D, Giner, L, Gruß, D, Lipp, M, Minkin, M, Moghimi, D, Piessens, F, Schwarz, M, Sunar, B, Bulck, JV & Yarom, Y 2019, Fallout: Leaking Data on Meltdown-resistant CPUs. in CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM/IEEE, pp. 769-784, ACM CCS 2019, London, United Kingdom, 11/11/19. https://doi.org/10.1145/3319535.3363219
Canella CA, Genkin D, Giner L, Gruß D, Lipp M, Minkin M et al. Fallout: Leaking Data on Meltdown-resistant CPUs. In CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM/IEEE. 2019. p. 769-784 https://doi.org/10.1145/3319535.3363219
Canella, Claudio Alberto ; Genkin, Daniel ; Giner, Lukas ; Gruß, Daniel ; Lipp, Moritz ; Minkin, Marina ; Moghimi, Daniel ; Piessens, Frank ; Schwarz, Michael ; Sunar, Berk ; Bulck, Jo Van ; Yarom, Yuval. / Fallout: Leaking Data on Meltdown-resistant CPUs. CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. ACM/IEEE, 2019. pp. 769-784
@inproceedings{7dbc6aff24414764a00488a00a1d1c99,
title = "Fallout: Leaking Data on Meltdown-resistant CPUs",
abstract = "Meltdown and Spectre enable arbitrary data leakage from memory via various side channels. Short-term software mitigations for Meltdown are only a temporary solution with a significant performance overhead. Due to hardware fixes, these mitigations are disabled on recent processors.In this paper, we show that Meltdown-like attacks are still possible on recent CPUs which are not vulnerable to Meltdown. We identify two behaviors of the store buffer, a microarchitectural resource to reduce the latency for data stores, that enable powerful attacks. The first behavior, Write Transient Forwarding forwards data from stores to subsequent loads even when the load address differs from that of the store. The second, Store-to-Leak exploits the interaction between the TLB and the store buffer to leak metadata on store addresses. Based on these, we develop multiple attacks and demonstrate data leakage, control flow recovery, and attacks on ASLR. Our paper shows that Meltdown-like attacks are still possible, and software fixes with potentially significant performance overheads are still necessary to ensure proper isolation between the kernel and user space.",
keywords = "side-channel attack, Meltdown, Spectre, store buffer, store-to-load",
author = "Canella, {Claudio Alberto} and Daniel Genkin and Lukas Giner and Daniel Gru{\ss} and Moritz Lipp and Marina Minkin and Daniel Moghimi and Frank Piessens and Michael Schwarz and Berk Sunar and Bulck, {Jo Van} and Yuval Yarom",
year = "2019",
month = "11",
day = "12",
doi = "10.1145/3319535.3363219",
language = "English",
pages = "769--784",
booktitle = "CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security",
publisher = "ACM/IEEE",

}

TY - GEN

T1 - Fallout: Leaking Data on Meltdown-resistant CPUs

AU - Canella, Claudio Alberto

AU - Genkin, Daniel

AU - Giner, Lukas

AU - Gruß, Daniel

AU - Lipp, Moritz

AU - Minkin, Marina

AU - Moghimi, Daniel

AU - Piessens, Frank

AU - Schwarz, Michael

AU - Sunar, Berk

AU - Bulck, Jo Van

AU - Yarom, Yuval

PY - 2019/11/12

Y1 - 2019/11/12

N2 - Meltdown and Spectre enable arbitrary data leakage from memory via various side channels. Short-term software mitigations for Meltdown are only a temporary solution with a significant performance overhead. Due to hardware fixes, these mitigations are disabled on recent processors.In this paper, we show that Meltdown-like attacks are still possible on recent CPUs which are not vulnerable to Meltdown. We identify two behaviors of the store buffer, a microarchitectural resource to reduce the latency for data stores, that enable powerful attacks. The first behavior, Write Transient Forwarding forwards data from stores to subsequent loads even when the load address differs from that of the store. The second, Store-to-Leak exploits the interaction between the TLB and the store buffer to leak metadata on store addresses. Based on these, we develop multiple attacks and demonstrate data leakage, control flow recovery, and attacks on ASLR. Our paper shows that Meltdown-like attacks are still possible, and software fixes with potentially significant performance overheads are still necessary to ensure proper isolation between the kernel and user space.

AB - Meltdown and Spectre enable arbitrary data leakage from memory via various side channels. Short-term software mitigations for Meltdown are only a temporary solution with a significant performance overhead. Due to hardware fixes, these mitigations are disabled on recent processors.In this paper, we show that Meltdown-like attacks are still possible on recent CPUs which are not vulnerable to Meltdown. We identify two behaviors of the store buffer, a microarchitectural resource to reduce the latency for data stores, that enable powerful attacks. The first behavior, Write Transient Forwarding forwards data from stores to subsequent loads even when the load address differs from that of the store. The second, Store-to-Leak exploits the interaction between the TLB and the store buffer to leak metadata on store addresses. Based on these, we develop multiple attacks and demonstrate data leakage, control flow recovery, and attacks on ASLR. Our paper shows that Meltdown-like attacks are still possible, and software fixes with potentially significant performance overheads are still necessary to ensure proper isolation between the kernel and user space.

KW - side-channel attack

KW - Meltdown

KW - Spectre

KW - store buffer

KW - store-to-load

U2 - 10.1145/3319535.3363219

DO - 10.1145/3319535.3363219

M3 - Conference contribution

SP - 769

EP - 784

BT - CCS 2019 - Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

PB - ACM/IEEE

ER -