#### Microarchitectural Vulnerabilities -Assessment and Mitigation **ICE** Seminar Sep 8, 2022 Maria MUSHTAQ #### About me! Maria MUSHTAQ, Safe and Secure Hardware (SSH), Communications and Electronics (COMELEC) #### Distinctions: - Portrait of Woman -International face of university @ UBS, France - Recipient of HiPEAC International Mobility –Yale University, USA - Recipient of ACM Young Researcher Award –ETH Zurich, Switzerland - Recipient of Ministry of Defense scholarship - Recipient of CNRS-Excellent Postdoc grant - Admissible candidate by the academic jury of CNRS, 2020-2021 #### **Outline** • Information Security Perspective Detection Framework Mitigation Framework • Conclusions & Future Pespectives ■A shared concern by many application domains #### Computing Stack & Privilege Levels - Information leakage is possible even under safe software! - Software is often encrypted by mathematically strong encryption techniques [RSA, AES, ECC etc.] - Underlying hardware is vulnerable - Micro-architectural features leak information on the state of program's execution ■Shared Memory Architecture —An Abstract View! ■Leakage through Shared Memory Key-dependent memory accesses create timing (Side-Channel) Information! #### ■Leakage Through Computational Optimizations ■Intel's x86 –the biggest casualty of security vulnerabilities! - Threat Model –Why CSCAs are interesting? - CSCAs are Non-invasive, Passive & High-resolution - CSCAs do not respect privileges - o They are Cross CPU, Cross Core, Cross VM - All CSCAs [and other attacks too] work the same way: - Manipulate cache to a known state - Wait for the victim to perform its activity - Examine what has changed o Hard to detect as they are part of the hardware design! #### Prime+Probe Attack Victim's Execution Attacker Probes the Cache State ■State-of-the-Art on Defenses ■State-of-the-Art on Defenses #### What is Missing? - Mitigations are Vulnerability Specific - Mitigations are not System-wide - Mitigations are Performance Heavy Randomization Noise Addition Noise Addition #### o The Way Forward: - O Attack surface is not completely known yet -rather expanding! - Security paradigm is shifting - Secure-by-Design –attacks are not feasible in the first place Secure at Run-time —attacks can happen, but their impact & value is contained #### Research Perspective #### ■The Big Picture Mukhtar et al., Smart Flush: A Timing Countermeasure against FLUSH+RELOAD Cache-based Side-Channel Attack on RSA. Published at Elsevier Journal of Systems Architecture 2020. Mushtaq et al., Improving Confidentiality Against Cache-based SCAs. Published at Conference of ACM WomENcourage-2017, Barcelona, Spain. #### o Cache SCAs affect or alter cache behavior! #### Performance Counters as features | # | Scope | Hardware Events | |----|---------------|----------------------------------------| | 1 | | Data Cache Misses (L1-DCM) | | 2 | Cache Level 1 | Instruction Cache misses (L1-ICM) | | 3 | | Total cache misses (L1-TCM) | | 4 | Cache Level 2 | Instruction cache accesses (L2-ICA) | | 5 | | Instruction Cache misses (L2-ICM) | | 6 | | Total Cache accesses (L2-TCA) | | 7 | | Total cache misses (L2-TCM) | | 8 | Cache Level 3 | Instruction cache accesses (L3-ICA) | | 9 | | Total Cache accesses (L3-TCA) | | 10 | | Total cache misses (L3-TCM) | | 11 | | Branch Miss Prediction (BR_MSP) | | 12 | System-wide | Total CPU Cycles (TOT_CYC) | | 13 | | Total Page Faults (Page-Faults) | | 14 | | Total Number of Instructions (TOT_INS) | | 15 | | Total Branch Instructions (BR_INS) | #### Performance Counters –Prime+Probe Attack #### o Performance Counters Jnder Load Conditions & Multiple Attacks Mushtaq et al., Machine Learning for Security: The case of Side-Channel Attack Detection at Run-time. Published at IEEE-ICECS, Bordeaux, France, 2018. #### Performance Counters # Machine Learning Can Help! Jnder Load Conditions & Multiple Attacks Mushtaq et al., Machine Learning for Security: The case of Side-Channel Attack Detection at Run-time. Published at IEEE-ICECS, Bordeaux, France, 2018. #### Machine Learning Models | # | Machine Learning Model | Type of Model | |----|---------------------------------------|---------------| | 1 | Linear Regression (LR) | Linear | | 2 | Linear Discriminant Analysis (LDA) | Linear | | 3 | Linear Support Vector Machine (SVM) | Linear | | 4 | Quadratic Discriminant Analysis (QDA) | Linear | | 5 | Nearest Centroid | Linear | | 6 | Naïve Bayes | Linear | | 7 | K-Nearest Neighbors (KNN) | Non-Linear | | 8 | Perceptron | Non-Linear | | 9 | Decision Tree | Non-Linear | | 10 | Dummy | Non-Linear | | 11 | Random Forest (RF) | Non-Linear | | 12 | Convolutional Neural Networks (CNNs) | Non-Linear | https://scikit-learn.org/0.17/modules/classes.html o Cache SCA Detection Mushtaq et al., "WHISPER: A Tool for Run-time Detection of Cache Side-Channel Attacks" Published at IEEE-Access, 2022. ■ Proposed Framework — The Big Picture #### Use-case Attacks | No. | Use-cases | Cryptosystem | OpenSSL Version | Key Recovery | |-----|-------------------------|---------------------|-----------------------|---------------------------| | 1 | Flush+Reload | RSA | 0.9.71 | Full Key | | 2 | Flush+Reload | AES | | Half Key | | 3 | Flush+Reload | Flush+Reload AES | Full Key | | | 4 | Flush+Flush AES 0.9.7l/ | 0.9.7l/<br>1.0.1f | Half Key | | | 5 | Flush+Flush | AES | 1.0.11 | Full Key | | 6 | Prime+Probe | AES | | Half Key | | 7 | Prime+Probe | AES | | Full Key | | 8 | Spectre | Not crypto-specific | Linux Kernel 4.13.037 | Full message exploitation | | 9 | Meltdown | Not crypto-specific | Linux Kernel 4.13.037 | Full message exploitation | Open source repository of our work: https://github.com/ECLab-ITU/Cache-Side-Channel-Attacks #### F+R Attack on RSA Cryptosystem | Model | Loads | Accuracy | Speed | FP | FN | Overhead | |-------|-------|----------|-------|------|------|----------| | | | (%) | (%) | (%) | (%) | (%) | | | ZL | 99.5 | 0.9 | .498 | .002 | | | LDA | ML | 99.5 | 0.9 | 0.49 | .01 | 0.9 | | | HL | 99.4 | 0.9 | .527 | .073 | | | | ZL | 99.5 | 0.9 | 0.5 | 0 | | | LR | ML | 99.5 | 0.9 | .494 | .006 | 1.6 | | | HL | 99.5 | 0.9 | .462 | .038 | | | | ZL | 98.8 | 0.9 | 0.4 | .78 | | | SVM | ML | 90 | 0.9 | 0.17 | 9.83 | 1.3 | | | HL | 95.8 | 0.9 | 3.21 | .99 | | | | ZL | 99.5 | 0.9 | 0.5 | 0 | | | QDA | ML | 99.5 | 0.9 | .494 | .006 | 0.6 | | | HL | 99.4 | 0.9 | 0.57 | .03 | | Computational Attacks Computational Attacks - Two CPU vulnerabilities discovered in 2018! - Both exploit performance enhancement techniques #### o Meltdown Vulnerability: Permission check for address is done in parallel & out-of-order to the load instruction! #### Meltdown Detection Selected HPCs & SPCs | Scope of event | Hardware event | Feature ID | |----------------|------------------------------|-------------| | L3 cache | Total cache misses | L3_TCM | | L3 cache | Total cache accesses | L3_TCA | | System wide | Total page faults | page_faults | | System wide | Total number of instructions | TOT_INS | #### o Meltdown Detection | Model | Load | Accuracy<br>(%) | Speed<br>(µs) | FP (%) | FN(%) | Overhead<br>(%) | |-------|------|-----------------|---------------|--------|-------|-----------------| | | NL | 99.99 | 10 | 0.01 | 0 | 1.91 | | LDA | AL | 99.91 | 10 | 0.09 | 0 | | | | FL | 98.30 | 10 | 1.25 | 0.45 | | | | NL | 99.41 | 10 | 0.59 | 0 | 2.21 | | LR | AL | 97.45 | 10 | 1.95 | 0.60 | | | | FL | 96.00 | 10 | 3.40 | 1.60 | | | | NL | 99.99 | 10 | 0.01 | 0 | 2.00 | | SVM | AL | 99.40 | 10 | 0.60 | 0 | | | | FL | 98.35 | 10 | 1.39 | 0.26 | | ■ Proposed Framework — The Big Picture o Simultaneous Attacks, Detection and Mitigation Detection-based Protection under Linux #### Detection-based Mitigation of F+R Attack on RSA #### **Outline** • Information Security Perspective Detection Framework Mitigation Framework • Conclusions & Future Perspectives #### Conclusions —at large - O Side channel information leakage is powerful & attack surface is expanding - Need-based protection has the potential to contain SCAs, both computational & storage, while retaining the performance benefits - Detection is promising —can serve as the first line of defense in the absence of secureby-design solutions - Machine learning can help improving security –use of specialized ML models and deep learning ## Future Perspectives Information Retrieval Attacks Software Software Software Internal Attack Surface on on Software Hardware Software External Hardware Hardware Hardware Internal on on Hardware Software Hardware External Trusted Computing Base (TCB) **Protected Software** [Hardware/Software] ## Future Perspectives Security has become a 1<sup>st</sup> class design constraint –computing must be seen beyond classics Modern security challenges emerge from the way we compute today -radical changes at both the hardware & software levels are required No computing platform is secure today and attack surface will expand further—tools are required to contain existing vulnerabilities and future systems must be predictable! #### **Research Activities** Forcioli et al., Virtual Platofrm to Analyze Security of a System on Chip at Microarchitectural level, Published SILM, European Symposium on Security and Privacy Workshop, 2021 Hamza et al., Diminisher: A Linux Kernel based Countermeasure for TAA Vulnerability, European Symposium on Research in Computer Security, 2021 France et al., Vulnerability Assessment of the Rowhammer Attack Using Machine Learning and the gem5 Simulator, at ACM workshop on secure and trustworthy cyber-physical systems, 2021 France et al., Implementing Rowhammer Memory Corruption in the gem5 Simulator, at Workshop on Rapid System Prototyping (RSP), 2021 Khatib et al., Unsupervised Network Intrusion Detection System for AVTP in Automotive Ethernet Networks, at IEEE Intelligent Vehicles Symposium, 2022 #### **Awareness Seminar** # IP Paris & Telecom's 1<sup>st</sup> International Winter School on Microarchitectural Security – 5-9<sup>th</sup> of December 2022 https://www.ip-paris.fr/en/international-winter-school-microarchitectural-security-2022 https://www.ip-paris.fr/en/news/winter-school-microarchitectural-security-complex-and-transdisciplinary-emerging-subject https://imtech.imt.fr/en/2022/09/07/side-channel-attacks-how-to-exploit-vulnerabilities-of-processors/ Paris, France. ## Thank You! # [Discussion] Maria.Mushtaq@telecom-paris.fr @Maria\_Mushtaq\_