6 research outputs found
ret2spec: Speculative Execution Using Return Stack Buffers
Speculative execution is an optimization technique that has been part of CPUs
for over a decade. It predicts the outcome and target of branch instructions to
avoid stalling the execution pipeline. However, until recently, the security
implications of speculative code execution have not been studied.
In this paper, we investigate a special type of branch predictor that is
responsible for predicting return addresses. To the best of our knowledge, we
are the first to study return address predictors and their consequences for the
security of modern software. In our work, we show how return stack buffers
(RSBs), the core unit of return address predictors, can be used to trigger
misspeculations. Based on this knowledge, we propose two new attack variants
using RSBs that give attackers similar capabilities as the documented Spectre
attacks. We show how local attackers can gain arbitrary speculative code
execution across processes, e.g., to leak passwords another user enters on a
shared system. Our evaluation showed that the recent Spectre countermeasures
deployed in operating systems can also cover such RSB-based cross-process
attacks. Yet we then demonstrate that attackers can trigger misspeculation in
JIT environments in order to leak arbitrary memory content of browser
processes. Reading outside the sandboxed memory region with JIT-compiled code
is still possible with 80\% accuracy on average.Comment: Updating to the cam-ready version and adding reference to the
original pape
A Vulnerability in RSA Implementations due to Instruction Cache Analysis and Its Demonstration on OpenSSL
MicroArchitectural Analysis (MA) techniques, more specifically
Simple Branch Prediction Analysis (SBPA) and Instruction Cache
Analysis, have the potential of disclosing the entire execution
ow of a
software-implemented cryptosystem ([5, 2]). In this paper we will show
that one can completely break RSA in the original unpatched OpenSSL
version (v.0.9.8e) even if the most secure configuration is in place, including
all countermeasures against side-channel and MicroArchitectural
analysis (in particular, base blinding). We also discuss (known) countermeasures
that prevent this attack.
In a first step we apply an instruction cache attack to reveal which Montgomery
operations require extra reductions. To exploit this information
we model the timing behavior of the modular exponentiation algorithm
by a stochastic process. Its analysis provides the optimal guessing strategy,
which reveals the secret key ( mod p1) and finally the factorization of
the RSA modulus n = p1p2. For the instruction cache attack we applied
a spy process that was embedded in the target process (OpenSSL), which
clearly facilitates the experimental part. This simplifiation yet does not
nullify our results since in cache attacks empirical results from embedded
spy processes and (suitably implemented) stand-alone spy processes
are very close to each other [16] and, moreover, our guessing strategy is
fault-tolerant. Interestingly, the second step of our attack is related to
that of a particular combined power and timing attack on smart cards
[23] (see also [27, 22]).
Before we published our result [1] we informed the OpenSSL development
team who included a patch into the stable branch of v.0.9.7e ([31, 32])
and CERT which informed software vendors ([33{35]). In particular, this
countermeasure is included in the current version 0.9.8f. We have only
analyzed OpenSSL, thus we currently do not know the strength of other
cryptographic libraries
Securing Access to Cloud Computing for Critical Infrastructure
Cloud computing offers cost effective services on-demand which encourage critical infrastructure providers to consider migrating to the cloud. Critical infrastructures are considered as a backbone of modern societies such as power plants and water. Information in cloud computing is likely to be shared among different entities, which could have various degrees of sensitivity. This requires robust isolation and access control mechanisms. Although various access control models and policies have been developed, they cannot fulfil requirements for a cloud based access control system. The reason is that cloud computing has a diverse sets of security requirements and unique security challenges such as multi-tenant and heterogeneity of security policies, rules and domains.
This thesis provides a detailed study of cloud computing security challenges and threats, which were used to identify security requirements for various critical infrastructure providers. We found that an access control system is a crucial security requirement for the surveyed critical infrastructure providers. Furthermore, the requirement analysis was used to propose a new criteria to evaluate access control systems for cloud computing. Moreover, this work presents a new cloud based access control model to meet the identified cloud access control requirements. The model does not only ensure the secure sharing of resources among potential untrusted tenants, but also has the capacity to support different access permissions for the same cloud user.
Our focused in the proposed model is the lack of data isolation in lower levels (CPU caches), which could lead to bypass access control models to gain some sensitive information by using cache side-channel attacks. Therefore, the thesis investigates various real attack scenarios and the gaps in existing mitigation approaches. It presents a new Prime and Probe cache side-channel attack, which can give detailed information about addresses accessed by a virtual machine with no need for any information about cache sets accessed by the virtual machine. The design, implementation and evaluation of a proposed solution preventing cache side-channel attacks are also presented in the thesis. It is a new lightweight solution, which introduces very low overhead (less than 15,000 CPU cycles). It can be applied in any operating system and prevents cache side-channel attacks in cloud computing. The thesis also presents a new detecting cache side-channel attacks solution. It focuses on the infrastructure used to host cloud computing tenants by counting cache misses caused by a virtual machine. The detection solutions has 0% false negative and 15% false positive