LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection

Jo Van Bulck, D. Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Y. Yarom, B. Sunar, D. Gruss, F. Piessens
{"title":"LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection","authors":"Jo Van Bulck, D. Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin, Y. Yarom, B. Sunar, D. Gruss, F. Piessens","doi":"10.1109/SP40000.2020.00089","DOIUrl":null,"url":null,"abstract":"The recent Spectre attack first showed how to inject incorrect branch targets into a victim domain by poisoning microarchitectural branch prediction history. In this paper, we generalize injection-based methodologies to the memory hierarchy by directly injecting incorrect, attacker-controlled values into a victim’s transient execution. We propose Load Value Injection (LVI) as an innovative technique to reversely exploit Meltdown-type microarchitectural data leakage. LVI abuses that faulting or assisted loads, executed by a legitimate victim program, may transiently use dummy values or poisoned data from various microarchitectural buffers, before eventually being re-issued by the processor. We show how LVI gadgets allow to expose victim secrets and hijack transient control flow. We practically demonstrate LVI in several proof-of-concept attacks against Intel SGX enclaves, and we discuss implications for traditional user process and kernel isolation. State-of-the-art Meltdown and Spectre defenses, including widespread silicon-level and microcode mitigations, are orthogonal to our novel LVI techniques. LVI drastically widens the spectrum of incorrect transient paths. Fully mitigating our attacks requires serializing the processor pipeline with lfence instructions after possibly every memory load. Additionally and even worse, due to implicit loads, certain instructions have to be blacklisted, including the ubiquitous x86 ret instruction. Intel plans compiler and assembler-based full mitigations that will allow at least SGX enclave programs to remain secure on LVI-vulnerable systems. Depending on the application and optimization strategy, we observe extensive overheads of factor 2 to 19 for prototype implementations of the full mitigation.","PeriodicalId":6849,"journal":{"name":"2020 IEEE Symposium on Security and Privacy (SP)","volume":"81 1","pages":"54-72"},"PeriodicalIF":0.0000,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"181","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP40000.2020.00089","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 181

Abstract

The recent Spectre attack first showed how to inject incorrect branch targets into a victim domain by poisoning microarchitectural branch prediction history. In this paper, we generalize injection-based methodologies to the memory hierarchy by directly injecting incorrect, attacker-controlled values into a victim’s transient execution. We propose Load Value Injection (LVI) as an innovative technique to reversely exploit Meltdown-type microarchitectural data leakage. LVI abuses that faulting or assisted loads, executed by a legitimate victim program, may transiently use dummy values or poisoned data from various microarchitectural buffers, before eventually being re-issued by the processor. We show how LVI gadgets allow to expose victim secrets and hijack transient control flow. We practically demonstrate LVI in several proof-of-concept attacks against Intel SGX enclaves, and we discuss implications for traditional user process and kernel isolation. State-of-the-art Meltdown and Spectre defenses, including widespread silicon-level and microcode mitigations, are orthogonal to our novel LVI techniques. LVI drastically widens the spectrum of incorrect transient paths. Fully mitigating our attacks requires serializing the processor pipeline with lfence instructions after possibly every memory load. Additionally and even worse, due to implicit loads, certain instructions have to be blacklisted, including the ubiquitous x86 ret instruction. Intel plans compiler and assembler-based full mitigations that will allow at least SGX enclave programs to remain secure on LVI-vulnerable systems. Depending on the application and optimization strategy, we observe extensive overheads of factor 2 to 19 for prototype implementations of the full mitigation.
通过微架构负载值注入劫持瞬态执行
最近的Spectre攻击首次展示了如何通过毒害微架构分支预测历史将错误的分支目标注入受害者域。在本文中,我们通过将不正确的、攻击者控制的值直接注入受害者的瞬态执行,将基于注入的方法推广到内存层次。我们提出负载值注入(Load Value Injection, LVI)作为一种创新技术来反向利用熔毁型微架构数据泄漏。LVI滥用了由合法受害者程序执行的错误或辅助负载在最终由处理器重新发出之前,可能会暂时使用来自各种微体系结构缓冲区的虚拟值或中毒数据。我们展示了LVI小工具如何允许暴露受害者的秘密和劫持瞬态控制流。我们在针对Intel SGX飞地的几个概念验证攻击中实际演示了LVI,并讨论了对传统用户进程和内核隔离的影响。最先进的熔解和幽灵防御,包括广泛的硅级和微码缓解,与我们的新型LVI技术正交。LVI极大地拓宽了不正确瞬态路径的频谱。完全减轻我们的攻击需要在每次内存加载之后用lfence指令序列化处理器管道。此外,更糟糕的是,由于隐式加载,某些指令必须被列入黑名单,包括无处不在的x86 ret指令。英特尔计划基于编译器和汇编器的全面缓解措施,至少允许SGX飞地程序在易受lvi攻击的系统上保持安全。根据应用程序和优化策略的不同,我们观察到完整缓解的原型实现的开销为2到19倍。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信