S C I E N C E P A S S I O N T E C H N O L O G Y
u www.iaik.tugraz.at
DRAMA:Exploiting DRAM Addressing for Cross-CPU Attacks
Usenix Security 2016, August 11
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan MangardIAIK, Graz University of Technology, Austria
2Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
3Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Setting – Cloud Servers
Multi-CPU (multi-socket) systems
Multiple tenants separate VMs
dedicated CPUs no shared cache
No shared memory no cross-VM memory deduplication
Previously slow covert channel (< 1 kbps)
no side channel
4Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Overview
Cross-CPU attacks using DRAM addressing (DRAMA) fast covert channel (up to 2 Mbps)
first side-channel attack
Reverse-engineered DRAM addressing two approaches
Improving existing attacks
5Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
DRAM Organization
Hierarchy of
CPUs
CPU 2 MC
MCCPU 1
Inte
rco
nn
ect
DRAM Bus
DRAM Bus
6Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
DRAM Organization
Hierarchy of
CPUs
Channels
DIMMsChannel B
Channel A
CPU MC
DIMM
DIMM DIMM
DIMM
7Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Bank 1Bank 2
Bank 8....
DRAM Organization
Hierarchy of
CPUs
Channels
DIMMs
Ranks
Banks
8Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
DRAM Banks
Memory array rows of columns
Row Buffer buffers one entire row (8 KB)
Row 1Row 2
Row NRow Buffer
9Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
The Row Buffer
Behavior similar to a cache row hits fast access
row conflicts slow access
10Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Reverse Engineeringof DRAM Addressing
11Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Reverse-Engineering DRAM Addressing
Mapping to banks using physical-address bits
„Complex“ addressing functions distribute traffic to channels/banks
undisclosed (Intel)
Two approaches to reverse engineer
Presumption: linear functions (XORs)
12Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Approach 1: Probing the Memory Bus
Probing of control signals CS, BA, …
measure voltage with Osci.
recover logic value
Repeated access to address until value is determined
Function reconstruction linear algebra over bits
13Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Approach 2: Fully Automated SW-based
Exploit timing differences
Measuring phase build sets of same-bank addresses
alternating access to two addresses measure avg. access time
Reconstruction phase exhaustive search over linear functions with up to n set coefficients
Total time: seconds
14Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Comparison
Probing recover function labels
find a ground truth
equipment and access to internals of machine
SW-based fully automated
ability to run remotely, sandboxed, and on mobile devices
15Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Some Results - Desktop
...678911 1012131416171819202122...
BA0BA1
Rank
Ch.
15
BA2
Intel Haswell (desktop system) – DDR3
16Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Some Results – Server System
...678911 1012131416171819202122...
Rank
BG0
BG1BA0
Ch.
15
BA1
23242526
CPU
Dual-CPU Intel Haswell-EP – DDR4
17Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Some Results – Mobile
Samsung Exynos 7420 (Galaxy S6) – LPDDR4
...678911 1012131416171819202122...
RankBA0BA1
Ch.
15
BA2
18Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Cross-CPU Attacks…and how it continues with Romeo and Juliet
19Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
High-speed covert channel
20Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Concept
Occupy different rows in the same bank
Sender send 1: continuously access row
send 0: don‘t do anything
Receiver access row and measure avg. time
infer sent bits based on time
SenderSender
Row Buffer
ReceiverReceiverReceiver
21Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Implementation
Each bank is a channel use up to 8 banks in parallel
multithreading
Performance: desktop: 2.1 Mbps
multi-CPU server: 1.2 Mbps
Intel Haswell (desktop system)
22Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Performance Comparison
Performance Cross-CPU No Shared Memory
Ours 2.1 Mbps
Prime+Probe [2] 536 Kbps
Flush+Reload [2] 2.3 Mbps
Flush+Flush [2] 3.8 Mbps
Memory Bus Contention [3] 746 bps
Deduplication [4] 90 bps
23Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Low-noise side-channel attack
24Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Row Buffer
VictimVictim
Spy
VictimVictim
SpySpy
Spying on Memory Accesses
Memory in the same row/bank row size 8 KB / page size 4 KB
Spy activates conflict row
Victim computes and possibly accesses shared row
Spy accesses shared row fast row hit victim access
25Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Example
Keystrokes in Firefox address bar
26Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Implementation
high spatial accuracy (down to 512 B)
very low number of false positives monitor single events
Finding addresses: template attack [1] automatic location of vulnerable addresses
scan large fraction of memory (4 KB pages)
27Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Countermeasures to DRAMA
Restrictions of rdtsc
clflush
Multi-CPU: separating DRAM for tenants only access to CPU-local memory
degradation into single-CPU system
Detection via high number of cache misses / row conflicts
28Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Improving Attacks - Rowhammer
Rowhammer inducing bit flips in DRAM
by quickly switching rows
requires addressing functions
First documented bit flips on DDR4 Jan. 2016
29Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
The End… of Romeo and Juliet
30Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Source code for reverse-engineering tool and side-channel attack at
https://github.com/IAIK/drama
31Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
S C I E N C E P A S S I O N T E C H N O L O G Y
u www.iaik.tugraz.at
DRAMA:Exploiting DRAM Addressing for Cross-CPU Attacks
Usenix Security 2016, August 11
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, Stefan MangardIAIK, Graz University of Technology, Austria
32Pessl, Gruss, Maurice, Schwarz, MangardUsenix Security 2016, August 11
www.iaik.tugraz.at
Bibliography
[1] Gruss, Spreitzer, Mangard. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In Usenix Security 2015
[2] Gruss, Maurice, Wagner, Mangard. Flush+Flush: A Fast and Stealthy Cache Attack. In DIMVA’16
[3] Wu, Xu, Wang. Whispers in the Hyper-space: High-bandwidth and Reliable Covert Channel Attacks Inside the Cloud. In Usenix Security 2012
[4] Xiao, Xu, Huang, Wang. Security implications of memory deduplication in a virtualized environment. In DSN‘13