Facebook Instagram Twitter RSS Feed PodBean Back to top on side

Self-spectre, write-execute and the hidden state

In: Tatra Mountains Mathematical Publications, vol. 73, no. 1
Gregory Morse
Detaily:
Rok, strany: 2019, 131 - 144
Jazyk: eng
Kľúčové slová:
x86, x86--64, Spectre, Meltdown, assembly language, self-modifying code, white-box cryptography, side-channel vulnerabilities, CPU cache, speculative execution, predictive branching.
Typ článku: scientific article/mathematics
Typ dokumentu: pdf
O článku:
The recent Meltdown and Spectre vulnerabilities have highlighted a very present and real threat in the on-chip memory cache units which can ultimately provide a hidden state, albeit only readable via memory timing instructions [Kocher, P.—Genkin, D.— Gruss, D.— Haas, W.—Hamburg, M.—Lipp, M. Mangard, S.—Prescher, T.—Schwarz, M.—Yarom, Y.: Spectre attacks: Exploiting speculative execution, CoRR, abs/1801.01203, 2018]. Yet the exploits, although having some complexity and slowness, are demonstrably reliable on nearly all processors produced for the last two decades. Moving out from looking at this strictly as a means of reading protected memory, as the large microprocessor companies move to close this security vulnerability, an interesting question arises. Could the inherent design of the processor give the ability to hide arbitrary calculations in this speculative and parallel side channel? Without even using protected memory and exploiting the vulnerability, as has been the focus, there could very well be a whole class of techniques which exploit the side-channel. It could be done in a way which would be largely unpreventable behavior as the technology would start to become self-defeating or require a more complicated and expensive on-chip cache memory system to properly post-speculatively clean itself. And the ability to train the branch predictor to incorrectly speculatively behave is almost certain given hardware limitations, and thus provides exactly this pathway. A novel approach looks at just how much computation can be done speculatively with a result store via indirect reads and available through the memory cache. A multi-threaded approach can allow a multi-stage computation pipeline where each computation is passed to a read-out thread and then to the next computation thread [Swanson, S.—McDowell, L. K.—Swift, M. M.—Eggers, S. J. Levy H. M.: An evaluation of speculative instruction execution on simultaneous multithreaded processors, {ACM Trans. Comput. Syst.} 21 (2003), 314–340]. Through channels like this, an application can surreptitiously make arbitrary calculations, or even leak data without any standard tracing tools being capable of monitoring the subtle changes. Like a variation of the famous physics Heisenberg uncertainty principle, even a tool capable of reading the cache states would not only be incredibly inefficient, but thereby tamper with and modify the state. Tools like in-circuit emulators, or specially designed cache emulators would be needed to unmask the speculative reads, and it is further difficult to visualize with a linear time-line. Specifically, the AES and RSA algorithms will be studied with respect to these ideas, looking at success rates for various calculation batches with speculative execution, while having a summary view to see the rather severe performance penalties for using such methods. Either approaches could provide for strong white-box cryptography when considering a binary, non-source code form. In terms of white-box methods, both could be significantly challenging to locate or deduce the inner workings of the code. Further, both methods can easily surreptitiously leak or hide data within shared memory in a seemingly innocuous manner.
Ako citovať:
ISO 690:
Morse, G. 2019. Self-spectre, write-execute and the hidden state. In Tatra Mountains Mathematical Publications, vol. 73, no.1, pp. 131-144. 1210-3195. DOI: https://doi.org/10.2478/tmmp-2019-0010

APA:
Morse, G. (2019). Self-spectre, write-execute and the hidden state. Tatra Mountains Mathematical Publications, 73(1), 131-144. 1210-3195. DOI: https://doi.org/10.2478/tmmp-2019-0010
O vydaní:
Vydavateľ: Mathematical Institute, Slovak Academy of Sciences, Bratislava
Publikované: 15. 8. 2019
Verejná licencia:
© 2019 Mathematical Institute, Slovak Academy of Sciences. Licensed under the Creative Commons Attribution-NC-ND 4.0 International Public License.