Crossbow Labs

Here’s how, and why, the Spectre and Meltdown

meltdown-spectre-kernel-vulnerability

Now we are in 2018 and security industries are glad to not be in the shoes of the Intel folks. The intel processor which is one of the most widely known and used processors in the world is facing attacks such as Meltdown and Spectre.

SPECTRE

What is Spectre?

Spectre is an attack that injects the processor with an incorrect instruction set which should not be executed if the correct execution path is followed. It is considered similar to the Meltdown attack because it exploits similar functionality but it differs in many aspects that will be discussed later. Spectre is considered the more sophisticated attack of the two, being difficult to detect and mitigate.

Why the attack occurs?

Spectre is caused due to speculative execution by branch prediction. It does not cause privilege escalation but needs prerequisite information regarding the process environment to execute, which is the reason for its complexity. This is also the cause that constitutes accomplishment of its execution on a wider range of processors. The name Spectre is derived from the vulnerability it exploits i.e., speculative execution.

What is speculative execution?

Speculative execution occurs when a processor tries to guess the memory location of the branch that is to be read and executes instructions on that assumption (Secret value). If the assumption is correct, it will commit the changes and if it fails, it will roll back and correct itself. This speculative execution allows the processor to access any memory location regardless of program boundaries.

What does SPECTRE affect?

The Spectre attack is impairing processors like ARM, Intel and AMD. According to the paper author of the vulnerability on the official website, the Spectre attack has not been tested on non-Intel processors. This may be the reason why android wrote on January 2018 bulletin.

“CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754, a set of vulnerabilities related to speculative execution in processors, have been publicly disclosed. Android is unaware of any successful reproduction of these vulnerabilities that would allow unauthorized information disclosure on any ARM-based Android device.

To provide additional protection, the update for CVE-2017-13218 included in this bulletin reduces access to high-precision timers, which helps limits side channel attacks (such as CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) of all known variants of ARM processors.

We encourage Android users to accept available security updates to their devices. See the Google security blog for more details.”

Summary of SPECTRE

In simple words, Spectre Attack is done by making a side channel (branch) which accesses the memory location or taking actions on that memory, like moving it to user accessible register.

Why speculative execution must be dropped?

The processor uses speculative execution to guess the next instruction or memory location to be accessed and executes it beforehand to be faster. Since speculative execution is now a vulnerability, this approach for faster execution needs to be dropped. This will result in slowing down the processor to some extent.

Remediation for SPECTRE

A solution to the Spectre attack could be discontinuing the speculative execution on sensitive execution paths. It is to be noted that KAISER patch does not work in mitigating Spectre. Spectre POC is present at the end of this paper, which is present on the official website for reading x86 memory.

Some myth busting

Sandboxing, process separation, containerization, memory safety and proof-carrying code which ensure that the process is executing in a secluded manner appear to be a failure when you look at the Spectre attack speculation because the attacker has access to every process memory. The only good news is that the integrity of data is not at risk.

Impact of SPECTRE over Processor’s Industries.

The paper on the official Meltdown and Spectre website claims to have a significant penalty over the performance when there is a avoidance of speculative memory reads. Intel openly denies this saying” Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”

MELTDOWN

What is MELTDOWN?

When compared to Spectre, Meltdown is the more discussed vulnerability in 2018 because it is easy to regenerate and POCs are available on Github. It has a wide spread effect on the organization since this is a problem in most of the Intel Chips. The availability of POCs will soon lead to exploiting of development and also be a part of attacker’s tool list.

Meltdown attack essentially consists of 3 steps:

Step 1 constitutes loading memory into registers which are otherwise not accessible to attackers.

Step 2 is transient function, which accesses the cache line based on secret value for a process.

Step 3 involves usage of covert channel to access cache line which narrates the updated memory location and hence secret is stored at memory location.

It has 2 building blocks, which are as follows: –

  • Transient function, and
  • Covert channel.
  • Transient function

Transient function is when the CPU runs a process without previous process execution and this result is needed to execute the current one. The value on which the current process is executing is called secret. This is done by the CPU to reduce latency. Transient function introduces a covert channel if the execution is dependent on the secret value. Thus, when the other protected memory is accessed by user process, there occurs an exception which attacker has to handle by either exception suppression or exception handling.

Covert channels

The transient function accesses regular memory depending on the secret value, after which it acts as sender of covert channel as it stores the memory address in the cache for multiple access. The receiver can then monitor the cache to look for the updated address by measuring the access time to that cache address. Flush + Reload or Prime + Prob or Evict + Time works for making a covert channel.

Temporary workaround for MELTDOWN

Meltdown can be prevented by addressing KAISER but this is a short time solution. KASLR(Kernel address space layout randomization) is a solution introduced in 2013, which randomizes the location of kernel code at boot time. However, the randomization is limited to 40 bits. Consider a machine of 8GB RAM. The address space search in 8GB step, worst case, allows to search the address space of 40 bit in only 128 steps.

What are the affected technologies?

The technologies affected are Cloud, Docker, Paravirtualization address space isolation and cryptography. The cornerstone of the security in OS is isolation of processes but the kernel memory is copied into address space of all the process for easy transition. Similarly, The VMs in Cloud Kernel is shared between all of these machines and Meltdown can be exploited to read the confidential information.

What is exploited by Meltdown?

Weaknesses that are exploited are the use out of order execution, side channel execution and Hardware weakness of accessing the memory of kernel by user process, because it depends on supervisor bit to decide whether kernel memory can be accessed or not. Typically, when a process enters kernel mode, the supervisor bit is set, and when it leaves, it is reset(cleared). To ensure smooth transition, the CPU maps the kernel memory into every process, so every user process has access to kernel memory in its address space. Thus, out of order execution allows access to protected memory by unprivileged user process and CPU allows operation on it. Out of order memory lookups influence cache, so the attacker can run out of order execution and flush it through a covert channel. E.g., Flush + Reload or Prime + Prob Or Evict + Time through cache. The advantage of the Flush + Reload cache covert channel is the noise resistance and high transmission rate. Furthermore, the leakage can be observed from any CPU core i.e., rescheduling events do not significantly affect the covert channel. When the CPU performs the out of order executions, if the operations is not to be executed, it simply discards memory locations of registers holding value of the memory of result.

HOW to detect and prevent MELTDOWN?

Detection of Meltdown and Spectre can be done via Nessus OR Intel’s provided GUI or CLI app on link as follows

https://downloadcenter.intel.com/download/27150

KAISER was used to prevent side channel attack but also prevents Meltdown. Updates to kernel of Linux will come under the name KPTI(Kernel Page-Table Isolation), a similar patch has been provided for Windows and Mac for prevention.

References:-

https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://source.android.com/security/bulletin/2018-01-01

Written By Arpit Rohela; Edited by Prasad Nair, Khaviyaa Janakiraman