Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals

Direct Memory Access (DMA) attacks have been known for many years: DMA-enabled I/O peripherals have complete access to the state of a computer and can fully compromise it including reading and writing all of system memory. With the popularity of Thunderbolt 3 over USB Type-C and smart internal devices, opportunities for these attacks to be performed casually with only seconds of physical access to a computer have greatly broadened. In response, commodity hardware and operating-system (OS) vendors have incorporated support for Input-Output Memory Management Units (IOMMUs), which impose memory protection on DMA, and are widely believed to protect against DMA attacks. We investigate the state-of-the-art in IOMMU protection across OSes using a novel I/O security research platform, and find that current protections fall short when faced with a functional network peripheral that uses its complex interactions with the OS for ill intent, and demonstrate compromises against macOS, FreeBSD, and Linux, which notionally utilize IOMMUs to protect against DMA attackers. Windows only uses the IOMMU in limited cases and remains vulnerable. Using Thunderclap, an open-source FPGA research platform we built, we explore a number of novel exploit techniques to expose new classes of OS vulnerability. The complex vulnerability space for IOMMU-exposed shared memory available to DMA-enabled peripherals allows attackers to extract private data (sniffing cleartext VPN traffic) and hijack kernel control flow (launching a root shell) in seconds using devices such as USB-C projectors or power adapters. We have worked closely with OS vendors to remedy these vulnerability classes, and they have now shipped substantial feature improvements and mitigations as a result of our work.DARPA I2O FA8750-10-C-0237 ("CTSRD") DARPA MTO HR0011- 18-C-0016 ("ECATS") Arm Ltd Google Inc This work was also supported by EPSRC EP/R012458/1 (“IOSEC”)

Memory safety with CHERI capabilities: security analysis, language interpreters, and heap temporal safety

CHERI (Capability Hardware Enhanced RISC Instructions) is a promising research processor-architecture protection model that facilitates memory safety and fine-grained compartmentalization for software. The architecture has reached a mature state and been integrated into Arm’s industrial-scale Morello system-on-chip, a large corpus of software has been adapted to support CHERI, and prior work has demonstrated that replacing integer pointers with CHERI capabilities can make C and C++ programs spatially safe. In this dissertation, I identify gaps that limit the ability of current mitigations based on CHERI to deliver real-world vulnerability protection, and I work towards addressing them. I develop the memory-operations framework (MOF) for reasoning about memory-safety mitigations and the types of attacks they prevent. I apply the MOF to analyze CheriABI, the most sophisticated memory-safety mitigation built atop CHERI. I also evaluate CheriABI’s effectiveness in mitigating a set of real-world attacks that targeted devices running Apple’s iOS. Based on this evaluation, I identify two key areas in CHERI-supported memory safety that require improved protections. One of these areas involves support for contemporary programming language interpreters, which have not previously been adapted to CHERI. Using Apple’s JavaScriptCore as a case study, I evaluate the feasibility, source-code compatibility, and security properties of adapting an interpreter that supports just-in-time compilation to CHERI. I determine that such an adaptation is feasible, practical, and can achieve parity with more typical applications in terms of memory protection. The other area is providing temporal safety for userspace heaps, which CheriABI does not currently support. I introduce novel algorithms and software components that constitute a fully elaborated system for CHERI-based userspace heap temporal safety. I implement the system, which includes the Cornucopia kernel subsystem for sweeping capability revocation and a generic userspace library that encapsulates changes required for memory allocators, in CheriBSD for Morello. Relative to the CHERIvoke algorithm for heap temporal safety, which has previously been published but not implemented on CHERI hardware, the novel algorithms reduce application runtimes by up to 23.5% and pause times by up to 11,000x, potentially making temporal safety with CHERI feasible for large, real-world workloads.Gates Cambridge Trus

Cornucopia Reloaded: Load Barriers for CHERI Heap Temporal Safety

Violations of temporal memory safety (“use after free”, “UAF”) continue to pose a significant threat to software security. The CHERI capability architecture has shown promise as a technology for C and C++ language reference integrity and spatial memory safety. Building atop CHERI, prior works – CHERIvoke and Cornucopia – have explored adding heap temporal safety. The most pressing limitation of Cornucopia was its impractical “stop-the-world” pause times. We present Cornucopia Reloaded, a re-designed drop-in replacement implementation of CHERI temporal safety, using a novel architectural feature – a per-page capability load barrier, added in Arm’s Morello prototype CPU and CHERI- RISC-V – to nearly eliminate application pauses. We analyze the performance of Reloaded as well as Cornucopia and CHERIvoke on Morello, using the CHERI-compatible SPEC CPU2006 INT workloads to assess its impact on batch workloads and using pgbench and gRPC QPS as surrogate interactive workloads. Under Reloaded, applications no longer experience significant revocation-induced stop-the-world periods, without additional wall- or CPU-time cost over Cornucopia and with median 87% of Cornucopia’s DRAM traffic overheads across SPEC CPU2006 and < 50% for pgbench.Defense Advanced Research Projects Agency (DARPA) under Contract No. HR0011-18-C-0016 (“ECATS”) and Contract No. HR0011-23-C-0031 ("MTSS"

Research data supporting 'Cornucopia: Temporal Safety for CHERI Heaps'

Source code for CheriBSD, snmalloc, dlmalloc, and the allocator shim ("mrs") used for the Cornucopia experiments. See README.txt file for details of each file and associated licences

Inhibition of renin-angiotensin system (RAS) reduces ventricular tachycardia risk by altering connexin43

Renin-angiotensin system (RAS) activation is associated with arrhythmias. We investigated the effects of RAS inhibition in cardiac-specific angiotensin-converting enzyme (ACE) overexpression (ACE 8/8) mice, which exhibit proclivity to ventricular tachycardia (VT) and sudden death because of reduced connexin43 (Cx43). ACE 8/8 mice were treated with an ACE inhibitor (captopril) or an angiotensin receptor type-1 blocker (losartan). Subsequently, electrophysiological studies were performed, and the hearts were extracted for Cx43 quantification using immunoblotting, immunohistochemistry, fluorescent dye spread method, and sodium current quantification using whole cell patch clamping. VT was induced in 12.5% of captopril-treated ACE 8/8 and in 28.6% of losartan-treated mice compared to 87.5% of untreated mice (P<0.01). Losartan and captopril treatment increased total Cx43 2.4-fold (P=0.01) and the Cx43 phosphorylation ratio 2.3-fold (P=0.005). Treatment was associated with a recovery of gap junctional conductance. Survival in treated mice improved to 0.78 at 10 weeks (95% confidence interval 0.64 to 0.92), compared to the expected survival of less than 0.50. In a model of RAS activation, arrhythmic risk was correlated with reduced Cx43 amount and phosphorylation. RAS inhibition resulted in increased total and phosphorylated Cx43, decreased VT inducibility, and improved survival