Abstract
To ensure backward compatibility while adding new features to CPUs, CPU vendors enable a limited CPU configuration via so-called model-specific registers (MSRs). These MSRs have been introduced for various features, such as debugging, performance monitoring, or security. While many MSRs are documented, there is still a plethora of undocumented or sparsely documented MSRs in modern CPUs. Furthermore, with multiple hundred MSRs, each providing up to 64 configuration bits, it is tedious to find specific configuration options.
In this paper, we show that MSRs and their configuration bits can be detected automatically on Intel and AMD CPUs. We introduce MSRevelio, a framework to automatically detect bits that influence the behavior of instructions and semi-automatically find bits controlled by BIOS settings. We show that previously overlooked bits can harden systems against microarchitectural attacks such as Medusa, CrossTalk, and software-prefetch attacks. Additionally, we show that an undocumented lock bit allows disabling AES-NI at runtime, forcing mbedTLS to fall back to an AES implementation vulnerable to cache attacks. Exploiting this fallback inside an SGX enclave, we fully recover the AES key used by the enclave. With our detection approach, we show that security features retrofitted with microcode updates can be easily detected, even before the public documentation of the underlying vulnerability. In our analysis of the Xen hypervisor, we show that Xen's handling of MSRs was flawed for a long time, allowing guests to access undocumented and unhandled MSRs and fingerprint specific Xen versions. Using automated correlation analysis between documented and undocumented MSRs, we discover a previously undocumented MSR correlating with the CPU's timestamp counter. This MSR is also accessible from Xen guests, and we demonstrate a Foreshadow attack when all other timers are unavailable or artificially deteriorated. Our results highlight that transparency is crucial for features interacting closely with CPU internals.
In this paper, we show that MSRs and their configuration bits can be detected automatically on Intel and AMD CPUs. We introduce MSRevelio, a framework to automatically detect bits that influence the behavior of instructions and semi-automatically find bits controlled by BIOS settings. We show that previously overlooked bits can harden systems against microarchitectural attacks such as Medusa, CrossTalk, and software-prefetch attacks. Additionally, we show that an undocumented lock bit allows disabling AES-NI at runtime, forcing mbedTLS to fall back to an AES implementation vulnerable to cache attacks. Exploiting this fallback inside an SGX enclave, we fully recover the AES key used by the enclave. With our detection approach, we show that security features retrofitted with microcode updates can be easily detected, even before the public documentation of the underlying vulnerability. In our analysis of the Xen hypervisor, we show that Xen's handling of MSRs was flawed for a long time, allowing guests to access undocumented and unhandled MSRs and fingerprint specific Xen versions. Using automated correlation analysis between documented and undocumented MSRs, we discover a previously undocumented MSR correlating with the CPU's timestamp counter. This MSR is also accessible from Xen guests, and we demonstrate a Foreshadow attack when all other timers are unavailable or artificially deteriorated. Our results highlight that transparency is crucial for features interacting closely with CPU internals.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 43rd IEEE Symposium on Security and Privacy, SP 2022 |
| Pages | 1474-1490 |
| Number of pages | 17 |
| ISBN (Electronic) | 9781665413169 |
| DOIs | |
| Publication status | Published - 2022 |
| Event | 43rd IEEE Symposium on Security and Privacy: S&P 2022 - Hybrider Event, San Francisco, United States Duration: 23 May 2022 → 25 May 2022 https://www.ieee-security.org/TC/SP2022/ |
Publication series
| Name | Proceedings - IEEE Symposium on Security and Privacy |
|---|---|
| Volume | 2022-May |
| ISSN (Print) | 1081-6011 |
Conference
| Conference | 43rd IEEE Symposium on Security and Privacy |
|---|---|
| Abbreviated title | S&P 2022 |
| Country/Territory | United States |
| City | Hybrider Event, San Francisco |
| Period | 23/05/22 → 25/05/22 |
| Internet address |
Keywords
- AES-NI
- BIOS
- CrossTalk
- Medusa
- Microarchitectural-Effects
- Microcode
- Model-Specific-Registers
- MSR
- Performance-Monitoring-Counter
- PMC
- Prefetch
- Templating
- Xen
ASJC Scopus subject areas
- Software
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications