Advertisement

Can Microkernels Mitigate Microarchitectural Attacks?

  • Gunnar Grimsdal
  • Patrik Lundgren
  • Christian Vestlund
  • Felipe Boeira
  • Mikael AsplundEmail author
Conference paper
First Online:
  • 458 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11875)

Abstract

Microarchitectural attacks such as Meltdown and Spectre have attracted much attention recently. In this paper we study how effective these attacks are on the Genode microkernel framework using three different kernels, Okl4, Nova, and Linux. We try to answer the question whether the strict process separation provided by Genode combined with security-oriented kernels such as Okl4 and Nova can mitigate microarchitectural attacks. We evaluate the attack effectiveness by measuring the throughput of data transfer that violates the security properties of the system. Our results show that the underlying side-channel attack Flush+Reload used in both Meltdown and Spectre, is effective on all investigated platforms. We were also able to achieve high throughput using the Spectre attack, but we were not able to show any effective Meltdown attack on Okl4 or Nova.

Keywords

Genode Meltdown Spectre Flush+Reload Okl4 Nova 
This is a preview of subscription content, log in to check access.

References

  1. 1.
    Brito, T., Duarte, N.O., Santos, N.: ARM TrustZone for Secure Image Processing on the Cloud. In: IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW) (2016).  https://doi.org/10.1109/SRDSW.2016.17
  2. 2.
    Bukasa, S.K., Lashermes, R., Le Bouder, H., Lanet, J.-L., Legay, A.: How TrustZone could be bypassed: side-channel attacks on a modern system-on-chip. In: Hancke, G.P., Damiani, E. (eds.) WISTP 2017. LNCS, vol. 10741, pp. 93–109. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-93524-9_6CrossRefGoogle Scholar
  3. 3.
    Constable, S., Sahebolamri, A., Chapin, S.: Extending seL4 Integrity to the Genode OS Framework. Technical report, Critical Technologies (2017)Google Scholar
  4. 4.
    Feske, N.: Foundations: GENODE Operating System Framework 18.05. GENODE LABS (2018). URL: https://genode.org/documentation/genode-foundations-18-05.pdf
  5. 5.
    Irazoqui, G., Eisenbarth, T., Sunar, B.: S\$A: a shared cache attack that works across cores and defies VM sandboxing – and its application to AES. In: IEEE Symposium on Security and Privacy (2015).  https://doi.org/10.1109/SP.2015.42
  6. 6.
    Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: 2019 IEEE Symposium on Security and Privacy (SP). IEEE (2019).  https://doi.org/10.1109/SP.2019.00002
  7. 7.
    Koruyeh, E.M., Khasawneh, K.N., Song, C., Abu-Ghazaleh, N.: Spectre returns! speculation attacks using the return stack buffer. In: 12th Workshop on Offensive Technologies (WOOT), p. 12 (2018)Google Scholar
  8. 8.
    Lapid, B., Wool, A.: Cache-attacks on the ARM TrustZone implementations of AES-256 and AES-256-GCM via GPU-based analysis. In: Selected Areas in Cryptography (SAC) (2019).  https://doi.org/10.1007/978-3-030-10970-7_11CrossRefGoogle Scholar
  9. 9.
    Lipp, M., et al.: Melt-down: reading kernel memory from user space. In: 27th USENIX Security Symposium (2018). ISBN: 978-1-939133-04-5Google Scholar
  10. 10.
    Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: IEEE Symposium on Security and Privacy. May (2015).  https://doi.org/10.1109/SP.2015.43
  11. 11.
    Mcilroy, R., Sevcik, J., Tebbi, T., Titzer, B.L., Verwaest, T.: Spectre is here to stay: an analysis of side-channels and speculative execution (2019). arXiv: 1902.05178
  12. 12.
    Pessl, P., Gruss, D., Maurice, C., Schwarz, M., Mangard, S.: DRAMA: exploiting dram addressing for cross-CPU attacks. In: 25th USENIX Security Symposium (2016). ISBN: 978-1-931971-32-4Google Scholar
  13. 13.
    Schmidt, W., Hanspach, M., Keller, J.: A Case Study on Covert Channel Establishment via Software Caches in High-Assurance Computing Systems (2015). arXiv: 1508.05228 [cs.CR]
  14. 14.
    Schwarz, M., Lipp, M., Moghimi, D., Bulck, J.V., Stecklina, J., Prescher, T., Gruss, D.: ZombieLoad: Cross-Privilege-Boundary Data Sampling (2019). arXiv: 1905.05726 [cs.CR]
  15. 15.
    Thongthua, A., Ngamsuriyaroj, S.: Assessment of hypervisor vulnerabilities. In: International Conference on Cloud Computing Research and Innovations (ICCCRI) (2016).  https://doi.org/10.1109/ICCCRI.2016.19
  16. 16.
    Xiao, Y., Zhang, X., Zhang, Y., Teodorescu, R.: One bit flips, one cloud flops: cross-VM row hammer attacks and privilege escalation. In: 25th USENIX Security Symposium (2016). ISBN: 978-1-931971-32-4Google Scholar
  17. 17.
    Yarom, Y., Falkner, K.: Flush+reload: a high resolution, low noise, L3 cache side-channel attack. In: 23rd USENIX Security Symposium (2014). ISBN: 978-1-931971-15-7Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.OmegapointStockholmSweden
  2. 2.Department of Computer and Information ScienceLinköping UniversityLinköpingSweden
  3. 3.Westermo Network TechnologiesStora SundbySweden
  4. 4.Sectra ABLinköpingSweden

Personalised recommendations

Cite paper

Buy options