IBM: Let’s Not Speculate: Discovering and Analyzing Speculative Execution Attacks

[…]We plan to release our tool, SPECULATOR , which we used
to investigate speculative execution behavior, as open source.[…]

Speculative execution attacks exploit vulnerabilities at a CPU’s microarchitectural level, which, until recently, remained hidden below the instruction set architecture, largely undocumented by CPU vendors. New speculative execution attacks are released on a monthly basis, showing how aspects of the so-far unexplored microarchitectural attack surface can be exploited. In this paper, we generalize speculative execution related attacks and identify common components. The structured approach that we employed helps us to identify potential new variants of speculative execution attacks. We explore one such variant, SPLITSPECTRE, in depth and demonstrate its applicability to a real-world scenario with the SpiderMonkey JavaScript engine. Further, we introduce SPECULATOR, a novel tool to investigate speculative execution behavior critical to these new microarchitectural attacks. We also present our findings on multiple CPU platforms.

https://domino.research.ibm.com/library/cyberdig.nsf/1e4115aea78b6e7c85256b360066f0d4/d66e56756964d8998525835200494b74!OpenDocument&Highlight=0,RZ3933

stealth hard-drive firmware backdoor research

Implementation and Implications of a Stealth Hard-Drive Backdoor
Jonas Zaddach, Anil Kurmus, Travis Goodspeed, Davide Balzarotti, Erik-Oliver Blass, Moitrayee Gupta, Aur ́elien Francillon, Ioannis Koltsidas

Modern workstations and servers implicitly trust hard disks to act as well-behaved block devices. This paper analyzes the catastrophic loss of security that occurs when hard disks are not trustworthy. First, we show that it is possible to compromise the firmware of a commercial off-the-shelf hard drive, by resorting only to public information and reverse engineering. Using such a compromised firmware, we present a stealth rootkit that replaces arbitrary blocks from the disk while they are written, providing a data replacement backdoor. The measured performance overhead of the compromised disk drive is less than 1% compared with a normal, non-malicious disk drive. We then demonstrate that a remote attacker can even establish a communication channel with a compromised disk to infiltrate commands and to exfiltrate data. In our example, this channel is established over the Internet to an unmodified web server that relies on the compromised drive for its storage, passing through the original webserver, database server, database storage engine, filesystem driver, and block device driver. Additional experiments, performed in an emulated disk-drive environment, could automatically extract sensitive data such as /etc/shadow (or a secret key file) in less than a minute. This paper claims that the difficulty of implementing such an attack is not limited to the area of government cyber-warfare; rather, it is well within the reach of moderately funded criminals, botnet herders and academic researchers.

https://www.ibr.cs.tu-bs.de/users/kurmus/papers/acsac13.pdf

AsyncShock: exploiting Intel SGX enclaves

 

AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves
Nico Weichbrodt, Anil Kurmus, Peter Pietzuch,  Rüdiger Kapitza

Intel’s Software Guard Extensions (SGX) provide a new hardware-based trusted execution environment on Intel CPUs using secure enclaves that are resilient to accesses by privileged code and physical attackers. Originally designed for securing small services, SGX bears promise to protect complex, possibly cloud-hosted, legacy applications. In this paper, we show that previously considered harmless synchronisation bugs can turn into severe security vulnerabilities when using SGX. By exploiting use-after-free and time-of-check-to-time-of-use (TOCTTOU) bugs in enclave code, an attacker can hijack its control flow or bypass access control. We present AsyncShock, a tool for exploiting synchronisation bugs of multithreaded code running under SGX. AsyncShock achieves this by only manipulating the scheduling of threads that are used to execute enclave code. It allows an attacker to interrupt threads by forcing segmentation faults on enclave pages. Our evaluation using two types of Intel Skylake CPUs shows that AsyncShock can reliably exploit use-after-free and TOCTTOU bugs.

https://www.ibr.cs.tu-bs.de/users/weichbr/papers/esorics2016.pdf