23 research outputs found
ret2spec: Speculative Execution Using Return Stack Buffers
Speculative execution is an optimization technique that has been part of CPUs
for over a decade. It predicts the outcome and target of branch instructions to
avoid stalling the execution pipeline. However, until recently, the security
implications of speculative code execution have not been studied.
In this paper, we investigate a special type of branch predictor that is
responsible for predicting return addresses. To the best of our knowledge, we
are the first to study return address predictors and their consequences for the
security of modern software. In our work, we show how return stack buffers
(RSBs), the core unit of return address predictors, can be used to trigger
misspeculations. Based on this knowledge, we propose two new attack variants
using RSBs that give attackers similar capabilities as the documented Spectre
attacks. We show how local attackers can gain arbitrary speculative code
execution across processes, e.g., to leak passwords another user enters on a
shared system. Our evaluation showed that the recent Spectre countermeasures
deployed in operating systems can also cover such RSB-based cross-process
attacks. Yet we then demonstrate that attackers can trigger misspeculation in
JIT environments in order to leak arbitrary memory content of browser
processes. Reading outside the sandboxed memory region with JIT-compiled code
is still possible with 80\% accuracy on average.Comment: Updating to the cam-ready version and adding reference to the
original pape
Verifying RISC-V Physical Memory Protection
We formally verify an open-source hardware implementation of physical memory
protection (PMP) in RISC-V, which is a standard feature used for memory
isolation in security critical systems such as the Keystone trusted execution
environment. PMP provides per-hardware-thread machine-mode control registers
that specify the access privileges for physical memory regions. We first
formalize the functional property of the PMP rules based on the RISC-V ISA
manual. Then, we use the LIME tool to translate an open-source implementation
of the PMP hardware module written in Chisel to the UCLID5 formal verification
language. We encode the formal specification in UCLID5 and verify the
functional correctness of the hardware. This is an initial effort towards
verifying the Keystone framework, where the trusted computing base (TCB) relies
on PMP to provide security guarantees such as integrity and confidentiality.Comment: SECRISC-V 2019 Worksho
Pentimento: Data Remanence in Cloud FPGAs
Cloud FPGAs strike an alluring balance between computational efficiency,
energy efficiency, and cost. It is the flexibility of the FPGA architecture
that enables these benefits, but that very same flexibility that exposes new
security vulnerabilities. We show that a remote attacker can recover "FPGA
pentimenti" - long-removed secret data belonging to a prior user of a cloud
FPGA. The sensitive data constituting an FPGA pentimento is an analog imprint
from bias temperature instability (BTI) effects on the underlying transistors.
We demonstrate how this slight degradation can be measured using a
time-to-digital (TDC) converter when an adversary programs one into the target
cloud FPGA.
This technique allows an attacker to ascertain previously safe information on
cloud FPGAs, even after it is no longer explicitly present. Notably, it can
allow an attacker who knows a non-secret "skeleton" (the physical structure,
but not the contents) of the victim's design to (1) extract proprietary details
from an encrypted FPGA design image available on the AWS marketplace and (2)
recover data loaded at runtime by a previous user of a cloud FPGA using a known
design. Our experiments show that BTI degradation (burn-in) and recovery are
measurable and constitute a security threat to commercial cloud FPGAs.Comment: 17 Pages, 8 Figure
Sanctorum: A lightweight security monitor for secure enclaves
Enclaves have emerged as a particularly compelling primitive to implement
trusted execution environments: strongly isolated sensitive user-mode processes
in a largely untrusted software environment. While the threat models employed
by various enclave systems differ, the high-level guarantees they offer are
essentially the same: attestation of an enclave's initial state, as well as a
guarantee of enclave integrity and privacy in the presence of an adversary.
This work describes Sanctorum, a small trusted code base (TCB), consisting of
a generic enclave-capable system, which is sufficient to implement secure
enclaves akin to the primitive offered by Intel's SGX. While enclaves may be
implemented via unconditionally trusted hardware and microcode, as it is the
case in SGX, we employ a smaller TCB principally consisting of authenticated,
privileged software, which may be replaced or patched as needed. Sanctorum
implements a formally verified specification for generic enclaves on an
in-order multiprocessor system meeting baseline security requirements, e.g.,
the MIT Sanctum processor and the Keystone enclave framework. Sanctorum
requires trustworthy hardware including a random number generator, a private
cryptographic key pair derived via a secure bootstrapping protocol, and a
robust isolation primitive to safeguard sensitive information. Sanctorum's
threat model is informed by the threat model of the isolation primitive, and is
suitable for adding enclaves to a variety of processor systems.Comment: 6 page
On Subnormal Floating Point and Abnormal Timing
Abstract—We identify a timing channel in the floating point instructions of modern x86 processors: the running time of floating point addition and multiplication instructions can vary by two orders of magnitude depending on their operands. We develop a benchmark measuring the timing variability of floating point operations and report on its results. We use floating point data timing variability to demonstrate practi-cal attacks on the security of the Firefox browser (versions 23 through 27) and the Fuzz differentially private database. Finally, we initiate the study of mitigations to floating point data timing channels with libfixedtimefixedpoint, a new fixed-point, constant-time math library. Modern floating point standards and implementations are sophisticated, complex, and subtle, a fact that has not been sufficiently recognized by the security community. More work is needed to assess the implications of the use of floating point instructions in security-relevant software. I
An Online Survey of the Perceptions of Clinical and Non-Clinical Professionals on Healthcare for Non-Communicable Diseases and COVID-19 Measures During the Pandemic in Malaysia
Objectives: This study assesses the opinions of health professionals in Malaysia on the disruption of non-communicable disease (NCD) services during the COVID-19 pandemic from March 2020 to January 2022. Methods: We conducted a cross-sectional online survey with 191 non-clinical public health workers and clinical health service workers in Malaysia from November 2021 to January 2022. Participants were recruited by the Malaysian Ministry of Health using major networks including key experts and practitioners. Secondary respondents were subsequently enrolled through snowballing. Results: The most notable issues raised by the survey participants relate to NCD service disruption, the redirection of NCD care resources, and NCD care being overburdened post-pandemic. Respondents also reported accounts of resilience and prompt reaction from the healthcare system, as well as calls for innovation. Conclusion: Most respondents perceived that the challenges arising from COVID-19 were mostly managed well by the healthcare system, which was able to provide the necessary services to NCD patients during this health emergency. However, the study identifies gaps in the health system response and preparedness capacity, and highlights solutions for strengthening NCD services
Welcome to the Entropics: Boot-Time Entropy in Embedded Devices
Abstract—We present three techniques for extracting entropy during boot on embedded devices. Our first technique times the execution of code blocks early in the Linux kernel boot process. It is simple to implement and has a negligible runtime overhead, but, on many of the devices we test, gathers hundreds of bits of entropy. Our second and third techniques, which run in the bootloader, use hardware features — DRAM decay behavior and PLL locking latency, respectively — and are therefore less portable and less generally applicable, but their behavior is easier to explain based on physically unpredictable processes. We implement and measure the effectiveness of our techniques on ARM-, MIPS-, and AVR32-based systems-on-a-chip from a variety of vendors. I
On Subnormal Floating Point and Abnormal Timing
Abstract-We identify a timing channel in the floating point instructions of modern x86 processors: the running time of floating point addition and multiplication instructions can vary by two orders of magnitude depending on their operands. We develop a benchmark measuring the timing variability of floating point operations and report on its results. We use floating point data timing variability to demonstrate practical attacks on the security of the Firefox browser (versions 23 through 27) and the Fuzz differentially private database. Finally, we initiate the study of mitigations to floating point data timing channels with libfixedtimefixedpoint, a new fixed-point, constant-time math library. Modern floating point standards and implementations are sophisticated, complex, and subtle, a fact that has not been sufficiently recognized by the security community. More work is needed to assess the implications of the use of floating point instructions in security-relevant software
Sanctorum: A lightweight security monitor for secure enclaves
Enclaves have emerged as a particularly compelling primitive to implement trusted execution environments: strongly isolated sensitive user-mode processes in a largely untrusted software environment. While the threat models employed by various enclave systems differ, the high-level guarantees they offer are essentially the same: attestation of an enclave's initial state, as well as a guarantee of enclave integrity and privacy in the presence of an adversary.This work describes Sanctorum, a small trusted code base (TCB), consisting of a generic enclave-capable system, which is sufficient to implement secure enclaves akin to the primitive offered by Intel's SGX. While enclaves may be implemented via unconditionally trusted hardware and microcode, as it is the case in SGX, we employ a smaller TCB principally consisting of authenticated, privileged software, which may be replaced or patched as needed. Sanctorum implements a formally verified specification for generic enclaves on an in-order multiprocessor system meeting baseline security requirements, e.g., the MIT Sanctum processor and the Keystone enclave framework. Sanctorum requires trustworthy hardware including a random number generator, a private cryptographic key pair derived via a secure bootstrapping protocol, and a robust isolation primitive to safeguard sensitive information. Sanctorum's threat model is informed by the threat model of the isolation primitive, and is suitable for adding enclaves to a variety of processor systems