LVI: a new class of speculative execution attacks on Intel CPUs

Darkcrizt

4 minutes

Information about a new class of attacks LVI in the mechanism speculative execution affecting Intel, which can be used for the derivation of keys and sensitive data from Intel SGX enclaves and other processes.

The new class of attacks is based on manipulations with the same microarchitectural structures as in the MDS, Specter and Meltdown attacks. At the same time, new attacks are not blocked by existing methods protection against Meltdown, Specter, MDS and other similar attacks.

About LVI

The problem was identified in April of last year by researcher Jo Van Bulck from the University of Leuven, after which, with the participation of 9 researchers from other universities, five basic methods of attack were developed, each of which allows for more specific options.

Anyway, in February of this year, the Bitdefender researchers also discovered one of the attack options LVI and reported it to Intel.

The attack options are distinguished by the use of various microarchitectural structures, such as Store Buffer (SB, Store Buffer), Fill Buffer (LFB, Line Fill Buffer), FPU Context Switch Buffer, and First Level Cache (L1D), previously used in attacks like ZombieLoad, RIDL , Fallout, LazyFP, Foreshadow, and Meltdown.

The main difference between I attack thems LVI and MDS is that MDS manipulates content determination of microarchitectural structures that remain in the cache after speculative error handling or load and store operations, while The attacks LVI allow the attacker to be substituted in microarchitectural structures to influence subsequent speculative execution of the victim's code.

Using these manipulations, an attacker can extract the content of closed data structures in other processes while executing certain code in the core of the target CPU.

For exploitation, problems must be found in the process code and send special code sequences (gadgets) in which the attacker-controlled value is loaded and the loading of this value causes exceptions that discard the result and rerun the instruction.

When processing an exception, a speculative window appears during which the data processed in the gadget is filtered.

En particular, the processor starts speculatively executing a piece of code (a gadget), then determines that the prediction has not been justified and reverses the operations, but the processed data During speculative execution are deposited in the L1D cache and buffers microarchitectural data and can be extracted from them using known methods to determine residual data from third-party channels.

The main difficulty to attack other processes ands how to initiate assistance by manipulating the victim process.

Currently, there are no reliable ways to do this, but in the future its finding is not excluded. So far the possibility of an attack has been confirmed only for Intel SGX enclaves, other scenarios are theoretical or reproducible under synthetic conditions.

Possible attack vectors

  • The leakage of data from the kernel structures to the user-level process. Linux kernel protection against Specter 1 attacks and the SMAP (Supervisor Mode Access Prevention) protection mechanism significantly reduce the likelihood of an LVI attack. Introducing additional kernel protection may be necessary when identifying simpler methods to carry out an LVI attack in the future.
  • Data leakage between different processes. An attack requires the presence of certain code snippets in the application and the determination of the method to raise an exception in the target process.
  • Data leak from the host environment to the guest system. The attack is classified as too complex, requiring the implementation of several difficult-to-implement steps and predictions of activity on the system.
  • Data leakage between processes in different guest systems. The attack vector is close to organizing data leakage between different processes, but also requires complex manipulations to avoid isolation between guest systems.

To provide effective protection against LVI, hardware changes to the CPU are required. By organizing protection programmatically, adding the compiler LFENCE statement after every load operation from memory, and replacing the RET statement with POP, LFENCE, and JMP, fixes too much overhead; According to the researchers, comprehensive software protection will lead to a performance degradation of 2 to 19 times.

Source: https://www.intel.com


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.