Can Microkernels Mitigate Microarchitectural Attacks?
- 458 Downloads
Abstract
Microarchitectural attacks such as Meltdown and Spectre have attracted much attention recently. In this paper we study how effective these attacks are on the Genode microkernel framework using three different kernels, Okl4, Nova, and Linux. We try to answer the question whether the strict process separation provided by Genode combined with security-oriented kernels such as Okl4 and Nova can mitigate microarchitectural attacks. We evaluate the attack effectiveness by measuring the throughput of data transfer that violates the security properties of the system. Our results show that the underlying side-channel attack Flush+Reload used in both Meltdown and Spectre, is effective on all investigated platforms. We were also able to achieve high throughput using the Spectre attack, but we were not able to show any effective Meltdown attack on Okl4 or Nova.
Keywords
Genode Meltdown Spectre Flush+Reload Okl4 NovaReferences
- 1.Brito, T., Duarte, N.O., Santos, N.: ARM TrustZone for Secure Image Processing on the Cloud. In: IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW) (2016). https://doi.org/10.1109/SRDSW.2016.17
- 2.Bukasa, S.K., Lashermes, R., Le Bouder, H., Lanet, J.-L., Legay, A.: How TrustZone could be bypassed: side-channel attacks on a modern system-on-chip. In: Hancke, G.P., Damiani, E. (eds.) WISTP 2017. LNCS, vol. 10741, pp. 93–109. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93524-9_6CrossRefGoogle Scholar
- 3.Constable, S., Sahebolamri, A., Chapin, S.: Extending seL4 Integrity to the Genode OS Framework. Technical report, Critical Technologies (2017)Google Scholar
- 4.Feske, N.: Foundations: GENODE Operating System Framework 18.05. GENODE LABS (2018). URL: https://genode.org/documentation/genode-foundations-18-05.pdf
- 5.Irazoqui, G., Eisenbarth, T., Sunar, B.: S\$A: a shared cache attack that works across cores and defies VM sandboxing – and its application to AES. In: IEEE Symposium on Security and Privacy (2015). https://doi.org/10.1109/SP.2015.42
- 6.Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: 2019 IEEE Symposium on Security and Privacy (SP). IEEE (2019). https://doi.org/10.1109/SP.2019.00002
- 7.Koruyeh, E.M., Khasawneh, K.N., Song, C., Abu-Ghazaleh, N.: Spectre returns! speculation attacks using the return stack buffer. In: 12th Workshop on Offensive Technologies (WOOT), p. 12 (2018)Google Scholar
- 8.Lapid, B., Wool, A.: Cache-attacks on the ARM TrustZone implementations of AES-256 and AES-256-GCM via GPU-based analysis. In: Selected Areas in Cryptography (SAC) (2019). https://doi.org/10.1007/978-3-030-10970-7_11CrossRefGoogle Scholar
- 9.Lipp, M., et al.: Melt-down: reading kernel memory from user space. In: 27th USENIX Security Symposium (2018). ISBN: 978-1-939133-04-5Google Scholar
- 10.Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: IEEE Symposium on Security and Privacy. May (2015). https://doi.org/10.1109/SP.2015.43
- 11.Mcilroy, R., Sevcik, J., Tebbi, T., Titzer, B.L., Verwaest, T.: Spectre is here to stay: an analysis of side-channels and speculative execution (2019). arXiv: 1902.05178
- 12.Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting dram addressing for cross-CPU attacks. In: 25th USENIX Security Symposium (2016). ISBN: 978-1-931971-32-4Google Scholar
- 13.Schmidt, W., Hanspach, M., Keller, J.: A Case Study on Covert Channel Establishment via Software Caches in High-Assurance Computing Systems (2015). arXiv: 1508.05228 [cs.CR]
- 14.Schwarz, M., Lipp, M., Moghimi, D., Bulck, J.V., Stecklina, J., Prescher, T., Gruss, D.: ZombieLoad: Cross-Privilege-Boundary Data Sampling (2019). arXiv: 1905.05726 [cs.CR]
- 15.Thongthua, A., Ngamsuriyaroj, S.: Assessment of hypervisor vulnerabilities. In: International Conference on Cloud Computing Research and Innovations (ICCCRI) (2016). https://doi.org/10.1109/ICCCRI.2016.19
- 16.Xiao, Y., Zhang, X., Zhang, Y., Teodorescu, R.: One bit flips, one cloud flops: cross-VM row hammer attacks and privilege escalation. In: 25th USENIX Security Symposium (2016). ISBN: 978-1-931971-32-4Google Scholar
- 17.Yarom, Y., Falkner, K.: Flush+reload: a high resolution, low noise, L3 cache side-channel attack. In: 23rd USENIX Security Symposium (2014). ISBN: 978-1-931971-15-7Google Scholar