Microsoft: C++ Developer Guidance for Speculative Execution Side Channels

C++ Developer Guidance for Speculative Execution Side Channels
05/03/2018
Matt Miller Colin Robertson Mike B

This article contains guidance for developers to assist with identifying and mitigating speculative execution side channel hardware vulnerabilities in C++ software. These vulnerabilities can disclose sensitive information across trust boundaries and can affect software that runs on processors that support speculative, out-of-order execution of instructions. This class of vulnerabilities was first described in January, 2018 and additional background and guidance can be found in Microsoft’s security advisory. The guidance provided by this article is related to the class of vulnerabilities represented by CVE-2017-5753, also known as Spectre variant 1. This hardware vulnerability class is related to side channels that can arise due to speculative execution that occurs as a result of a conditional branch misprediction. The Visual C++ compiler in Visual Studio 2017 (starting with version 15.5.5) includes support for the /Qspectre switch provides a compile-time mitigation for a limited set of potentially vulnerable coding patterns related to CVE-2017-5753. The documentation for the /Qspectre flag provides more information on its effects and usage.[…]

https://docs.microsoft.com/en-us/cpp/security/developer-guidance-speculative-execution

[…]An accessible introduction to speculative execution side channel vulnerabilities can be found in the presentation titled The Case of Spectre and Meltdown by one of the research teams that discovered these issues.[…]

 

more on Spectre/Meltdown

A few new Spectre/Meltdown-related things in the news:

https://www.heise.de/ct/artikel/Super-GAU-fuer-Intel-Weitere-Spectre-Luecken-im-Anflug-4039134.html

https://www.wired.com/story/rowhammer-remote-android-attack/

https://www.arm.com/products/security-on-arm/security-ip/side-channel-mitigation

US CERT update on Spectre/Meltdown

This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities (Update F) that was published March 1, 2018, on the NCCIC/ICS-CERT website.

https://ics-cert.us-cert.gov/alerts/ICS-ALERT-18-011-01

 

AMD: Spectre Mitigation Update

Spectre Mitigation Update
4/10/18

Today, AMD is providing updates regarding our recommended mitigations for Google Project Zero (GPZ) Variant 2 (Spectre) for Microsoft Windows users. These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows. For Linux users, AMD recommended mitigations for GPZ Variant 2 were made available to our Linux partners and have been released to distribution earlier this year.[…]

https://www.amd.com/en/corporate/security-updates

https://developer.amd.com/wp-content/resources/Architecture_Guidelines_Update_Indirect_Branch_Control.pdf

https://www.amd.com/en/corporate/security-updates#paragraph-347856

Microsoft Windows: Kernel Virtual Address (KVA) Shadow: mitigating Meltdown

KVA Shadow: Mitigating Meltdown on Windows

On January 3rd, 2018, Microsoft released an advisory and security updates that relate to a new class of discovered hardware vulnerabilities, termed speculative execution side channels, that affect the design methodology and implementation decisions behind many modern microprocessors. This post dives into the technical details of Kernel Virtual Address (KVA) Shadow which is the Windows kernel mitigation for one specific speculative execution side channel: the rogue data cache load vulnerability (CVE-2017-5754, also known as “Meltdown” or “Variant 3”). KVA Shadow is one of the mitigations that is in scope for Microsoft’s recently announced Speculative Execution Side Channel bounty program. It’s important to note that there are several different types of issues that fall under the category of speculative execution side channels, and that different mitigations are required for each type of issue. Additional information about the mitigations that Microsoft has developed for other speculative execution side channel vulnerabilities (“Spectre”), as well as additional background information on this class of issue, can be found here. Please note that the information in this post is current as of the date of this post.[…]

https://blogs.technet.microsoft.com/srd/2018/03/23/kva-shadow-mitigating-meltdown-on-windows/

 

Using Intel C/Fortran to mitigate against Spectre/Meltdown

Using Intel® Compilers to Mitigate Speculative Execution Side-Channel Issues
Jennifer J. (Intel)
March 23, 2018

Table of Content:
Disclaimers
Introduction
Mitigating Bounds Check Bypass (Spectre Variant 1)
Mitigating Branch Target Injection (Spectre Variant 2)
How to Obtain the Latest Intel® C++ Compiler and Intel® Fortran Compiler
Conclusion and Further Reading

https://software.intel.com/en-us/articles/using-intel-compilers-to-mitigate-speculative-execution-side-channel-issues

https://software.intel.com/en-us/c-compilers
https://software.intel.com/en-us/qualify-for-free-software

SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution

SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution
Guoxing Chen, Sanchuan Chen, Yuan Xiao, Yinqian Zhang, Zhiqiang Lin, Ten H. Lai
(Submitted on 25 Feb 2018)

This paper presents SgxPectre Attacks that exploit the recently disclosed CPU bugs to subvert the confidentiality of SGX enclaves. Particularly, we show that when branch prediction of the enclave code can be influenced by programs outside the enclave, the control flow of the enclave program can be temporarily altered to execute instructions that lead to observable cache-state changes. An adversary observing such changes can learn secrets inside the enclave memory or its internal registers, thus completely defeating the confidentiality guarantee offered by SGX. To demonstrate the practicality of our SgxPectre Attacks, we have systematically explored the possible attack vectors of branch target injection, approaches to win the race condition during enclave’s speculative execution, and techniques to automatically search for code patterns required for launching the attacks. Our study suggests that any enclave program could be vulnerable to SgxPectre Attacks since the desired code patterns are available in most SGX runtimes (e.g., Intel SGX SDK, Rust-SGX, and Graphene-SGX).

https://arxiv.org/abs/1802.09085

 

MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols

MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols

Caroline Trippel, Daniel Lustig, Margaret Martonosi

The recent Meltdown and Spectre attacks highlight the importance of automated verification techniques for identifying hardware security vulnerabilities. We have developed a tool for synthesizing microarchitecture-specific programs capable of producing any user-specified hardware execution pattern of interest. Our tool takes two inputs: a formal description of (i) a microarchitecture in a domain-specific language, and (ii) a microarchitectural execution pattern of interest, e.g. a threat pattern. All programs synthesized by our tool are capable of producing the specified execution pattern on the supplied microarchitecture. We used our tool to specify a hardware execution pattern common to Flush+Reload attacks and automatically synthesized security litmus tests representative of those that have been publicly disclosed for conducting Meltdown and Spectre attacks. We also formulated a Prime+Probe threat pattern, enabling our tool to synthesize a new variant of each—MeltdownPrime and SpectrePrime. Both of these new exploits use Prime+Probe approaches to conduct the timing attack. They are both also novel in that they are 2-core attacks which leverage the cache line invalidation mechanism in modern cache coherence protocols. These are the first proposed Prime+Probe variants of Meltdown and Spectre. But more importantly, both Prime attacks exploit invalidation-based coherence protocols to achieve the same level of precision as a Flush+Reload attack. While mitigation techniques in software (e.g., barriers that prevent speculation) will likely be the same for our Prime variants as for original Spectre and Meltdown, we believe that hardware protection against them will be distinct. As a proof of concept, we implemented SpectrePrime as a C program and ran it on an Intel x86 processor, averaging about the same accuracy as Spectre over 100 runs—97.9% for Spectre and 99.95% for SpectrePrime.

https://scirate.com/arxiv/1802.03802

Xen Security Advisory XSA-254 updated to V12 (on Spectre/Meltdown)

The XSA on Spectre/Meltdown has been updated again, with more info on ARM firmware:

Xen Security Advisory CVE-2017-5753,CVE-2017-5715,CVE-2017-5754 / XSA-254
version 12

Information leak via side effects of speculative execution

UPDATES IN VERSION 12:

Corrections to ARM SP2 information:
* ARM 32-bit requires new firmware on some CPUs.
* Provide link to the ARM firmware page, accordingly.
* ARM 32-bit mitigations are complete for Cortex-A CPUs.
We do not have information for other ARM CPUs at this time.

[…]
VULNERABLE SYSTEMS:
Systems running all versions of Xen are affected. For SP1 and SP2, both Intel and AMD are vulnerable. Vulnerability of ARM processors to SP1 and SP2 varies by model and manufacturer. ARM has information on affected models on the following website. For SP3, only Intel processors are vulnerable. (The hypervisor cannot be attacked using SP3 on any ARM processors, even those that are listed as affected by SP3.) Furthermore, only 64-bit PV guests can exploit SP3 against Xen. PVH, HVM, and 32-bit PV guests cannot exploit SP3.
[…]

https://xenbits.xen.org/xsa/advisory-254.html
https://xenbits.xen.org/xsa/
https://developer.arm.com/support/security-update
https://blog.xenproject.org/2018/01/04/xen-project-spectremeltdown-faq/
https://blog.xenproject.org/2018/01/22/xen-project-spectre-meltdown-faq-jan-22-update/
https://www.qubes-os.org/security/xsa/
https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-037-2018.txt

Coping with Spectre and Meltdown: What sysadmins are doing

Esther Schindler has a new article on Spectre and Meltdown for SysAdmins:

Coping with Spectre and Meltdown: What sysadmins are doing

The recent security vulnerabilities dumped a bunch of to-do items on system administrators’ desks. Feel like you’re alone? Here’s what other sysadmins have done so far, as well as their current plans and long-term strategy, not to mention how to communicate progress to management.

https://www.hpe.com/us/en/insights/articles/coping-with-spectre-and-meltdown-what-sysadmins-are-doing-1802.html

https://groups.google.com/a/lopsa.org/forum/#!topic/discuss/OSk4U32ShGs

Microsoft Windows Analytics now helps assess Meltdown and Spectre protections


To help IT professionals everywhere, we have added new capabilities to our free Windows Analytics service1 to report the status for all the Windows devices2 that they manage. These new capabilities include:

[…]
Firmware Status – This insight provides details about the firmware installed on the device. Specifically, this insight reports if the installed firmware indicates that it includes the specific protections required. Initially, this status will be limited to the list of approved and available firmware security updates from Intel4. We will be adding other CPU (chipset) partners’ data as it becomes available to Microsoft.
[…]

https://blogs.windows.com/business/2018/02/13/windows-analytics-now-helps-assess-meltdown-and-spectre-protections/

Windows Analyitcs

Jon Masters FOSDEM2018 Keynote on Spectre/Meltodown uploaded

Re: https://firmwaresecurity.com/2018/02/04/jom-masters-at-fosdem-exploiting-modern-microarchitectures/

 

more on Spectre/Meltdown

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr (updated)

Acknowledgements: Intel would like to thank Jann Horn with Google Project Zero for his original report and for working with the industry on coordinated disclosure. Intel would also like to thank the following researchers for working with us on coordinated disclosure. Moritz Lipp, Michael Schwarz, Daniel Gruss, Stefan Mangard from Graz University of Technology. Paul Kocher, Daniel Genkin from University of Pennsylvania and University of Maryland, Mike Hamburg from Rambus, Cryptography Research Division and Yuval Yarom from University of Adelaide and Data61. Thomas Prescher and Werner Haas from Cyberus Technology, Germany

https://www.dragonflydigest.com/2018/01/05/20672.html

https://www.raspberrypi.org/blog/why-raspberry-pi-isnt-vulnerable-to-spectre-or-meltdown/

http://www.foxbusiness.com/features/2018/01/28/intel-warned-chinese-companies-chip-flaw-before-u-s-government.html

Sigh, these days all global tech companies are now cyber arms manufacturers. 😦

 

a bit more on Spectre/Meltdown

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown (updated)

https://access.redhat.com/solutions/3315431

https://support.apple.com/en-ca/HT201222

https://blog.barkly.com/meltdown-spectre-patches-list-windows-update-help

https://www.goodreads.com/author_blog_posts/16310893-the-effects-of-the-spectre-and-meltdown-vulnerabilities

http://www.patentlyapple.com/patently-apple/2018/01/intel-confirms-that-silicon-based-changes-addressing-meltdown-spectre-will-be-arriving-later-this-year.html
https://www.marketwatch.com/story/intel-promises-chip-fix-sees-no-financial-impact-from-spectre-and-meltdown-2018-01-25