Finding and Exploiting CPU Features using MSR Templating

Andreas Kogler, Daniel Weber, Martin Haubenwallner, Moritz Lipp, Daniel Gruss, Michael Schwarz

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

Abstract

To ensure backward compatibility while adding new features to CPUs, CPU vendors enable a limited CPU configuration via so-called model-specific registers (MSRs). These MSRs have been introduced for various features, such as debugging, performance monitoring, or security. While many MSRs are documented, there is still a plethora of undocumented or sparsely documented MSRs in modern CPUs. Furthermore, with multiple hundred MSRs, each providing up to 64 configuration bits, it is tedious to find specific configuration options.

In this paper, we show that MSRs and their configuration bits can be detected automatically on Intel and AMD CPUs. We introduce MSRevelio, a framework to automatically detect bits that influence the behavior of instructions and semi-automatically find bits controlled by BIOS settings. We show that previously overlooked bits can harden systems against microarchitectural attacks such as Medusa, CrossTalk, and software-prefetch attacks. Additionally, we show that an undocumented lock bit allows disabling AES-NI at runtime, forcing mbedTLS to fall back to an AES implementation vulnerable to cache attacks. Exploiting this fallback inside an SGX enclave, we fully recover the AES key used by the enclave. With our detection approach, we show that security features retrofitted with microcode updates can be easily detected, even before the public documentation of the underlying vulnerability. In our analysis of the Xen hypervisor, we show that Xen's handling of MSRs was flawed for a long time, allowing guests to access undocumented and unhandled MSRs and fingerprint specific Xen versions. Using automated correlation analysis between documented and undocumented MSRs, we discover a previously undocumented MSR correlating with the CPU's timestamp counter. This MSR is also accessible from Xen guests, and we demonstrate a Foreshadow attack when all other timers are unavailable or artificially deteriorated. Our results highlight that transparency is crucial for features interacting closely with CPU internals.
Original languageEnglish
Title of host publicationProceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022
Pages1474-1490
Number of pages17
ISBN (Electronic)9781665413169
DOIs
Publication statusPublished - 2022
Event43rd IEEE Symposium on Security and Privacy: S&P 2022 - Hybrider Event, San Francisco, United States
Duration: 23 May 202225 May 2022
https://www.ieee-security.org/TC/SP2022/

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
Volume2022-May
ISSN (Print)1081-6011

Conference

Conference43rd IEEE Symposium on Security and Privacy
Abbreviated titleS&P 2022
Country/TerritoryUnited States
CityHybrider Event, San Francisco
Period23/05/2225/05/22
Internet address

Keywords

  • AES-NI
  • BIOS
  • CrossTalk
  • Medusa
  • Microarchitectural-Effects
  • Microcode
  • Model-Specific-Registers
  • MSR
  • Performance-Monitoring-Counter
  • PMC
  • Prefetch
  • Templating
  • Xen

ASJC Scopus subject areas

  • Software
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Finding and Exploiting CPU Features using MSR Templating'. Together they form a unique fingerprint.

Cite this