Security Vulnerabilities in Microprocessors

Source:
By:Benjamin Ashby Smith, Kevin Curran

DOI: https://doi.org/10.30564/ssid.v3i1.3151

Abstract: Microprocessors such as those found in PCs and smartphones are complex in their design and nature. In recent years, an increasing number of security vulnerabilities have been found within these microprocessors that can leak sensitive user data and information. This report will investigate microarchitecture vulnerabilities focusing on the Spectre and Meltdown exploits and will look at what they do, how they do it and, the real-world impact these vulnerabilities can cause. Additionally, there will be an introduction to the basic concepts of how several PC components operate to support this. References:

[1] TechTerms, “Clock Cycle,” 2010. [Online]. Available: https://techterms.com/definition/clockcycle.[Accessed 15 11 2019]. [2]S. Eggers, J. Emer, H. Levy, J. Lo, R. Stamm and D.Tullsen, “Simultaneous multithreading: a platform for next-generation processors,” IEEE Micro, vol.17, no. 5, pp. 12-19, 1997. [3]Intel, “Deep Dive: Introduction to Speculative Execution Side Channel Methods,” 2019. [Online].Available: https://software.intel.com/security-software-guidance/insights/deep-dive-introduction-speculative-execution-side-channel-methods.[Accessed 11 11 2019]. [4]Wideskills, “C++ Control Flow Structures,” 2015.[Online]. Available: https://www.wideskills.com/c-plusplus/c-plusplus-control-flow-structures. [Accessed 13 11 2019]. [5]Micron, “Speed vs. Latency (Whitepaper),” 01 05 2015. [Online]. Available:https://pics.crucial.com/wcsstore/CrucialSAS/pdf/en-us-c3-whitepaper-speed-vs-latency-letter.pdf. [Accessed 12 11 2019]. [6]J. Hruska, “How L1 and L2 CPU Caches Work, and Why They’re an Essential Part of Modern Chips,”2018. [Online]. Available: https://www.extremetech.com/extreme/188776-how-l1-and-l2-cpu-cacheswork-and-why-theyre-an-essential-part-of-modernchips. [Accessed 11 11 2019]. [7]J. Horn, M. Lipp, M. Schwarz, D. Gruss, T. Prescher,W. Haas, A. Fogh, S. Mangard, P. Kocher, D.Genkin, Y. Yarom and M. Hamburg, “Meltdown: Reading Kernel Memory from User Space,” 2017.[Online].Available: https://meltdownattack.com/meltdown.pdf. [Accessed 11 11 2019]. [8]M. Rouse, “side-channel attack,” 2019. [Online].Available:https://searchsecurity.techtarget.com/definition/side-channel-attack. [Accessed 11 11 2019]. [9]J. Horn, W. Haas, T. Prescher, D. Gruss, M. Lipp, S.Mangard and M. Schwarz, “Spectre Attacks:Exploiting Speculative Execution,” 2017. [Online]. Available:https://spectreattack.com/spectre.pdf. [Accessed 12 11 2019]. [10] J. Horn, “Reading privileged memory with a side-channel,” 2018. [Online]. Available: https://googleprojectzero.blogspot.com/search?q=spectre.[Accessed 12 11 2019]. [11] Graz University of Technology, “Meltdown and Spectre,” 2018. [Online]. Available: https://meltdownattack.com/. [Accessed 14 11 2019]. [12] ARM, “Vulnerability of Speculative Processors to Cache Timing Side-Channel Mechanism,”2019.[Online]. Available: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability. [Accessed 14 11 2019]. [13] P. Kocher, “Spectre Attacks: Exploiting Speculative Execution,” 17 04 2018. [Online]. Available:https://www.rsaconference.com/usa/us-2018/agenda/spectre-attacks-exploiting-speculative-execution-4. [Accessed 12 11 2019]. [14] Oxford Dictionary of English, Mitigation, 3rd ed.,Oxford: Oxford University Press, 2019. [15] J. Edge, “Kernel address space layout randomization,” 2013. [Online]. Available:https://lwn.net/Articles/569635/. [Accessed 13 11 2019]. [16] J. Corbet, “KAISER: hiding the kernel from user space,” 2017. [Online]. Available:https://lwn.net/Articles/738975/. [Accessed 13 11 2019]. [17] Technopedia, “Trusted Computing Base (TCB),”2019. [Online]. Available:https://www.techopedia.com/definition/4145/trusted-computing-base-tcb.[Accessed 13 11 2019]. [18] “syscalls - Linux system calls,” 2019. [Online].Available: http://man7.org/linux/man-pages/man2/syscalls.2.html. [Accessed 13 11 2019]. [19] M. Rouse, “context switch,” 2012. [Online]. Available:https://whatis.techtarget.com/definition/context-switch. [Accessed 13 11 2019]. [20] Redhat, “4.4. Virtual Memory: The Details,” N/A.[Online]. Available:https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Introduction_To_System_Administration/s1-memory-virt-details.html. [Accessed 13 11 2019]. [21] P. J. Denning, “The Working Set Model for Program Behavior,” Massachusetts Institute of Technology,Cambridge, Massachusetts, 1968. [22] B. Jang, D. Schaa, P. Mistry and D. Kaeli, “Exploiting Memory Access Patterns to Improve Memory Performance in Data-Parallel Architectures,” IEEE Transactions on Parallel and Distributed Systems, vol. 22,no. 1, pp. 105-118, 2011. [23] B. Gregg, “KPTI/KAISER Meltdown Initial Performance Regressions,” 2018. [Online].Available:http://www.brendangregg.com/blog/2018-02-09/kpti-kaiser-meltdown-performance.html. [Accessed 13 11 2019]. [24] Swiat, “Mitigating speculative execution side channel hardware vulnerabilities,” 2018. [Online].Available: https://msrc-blog.microsoft.com/2018/03/15/mitigating-speculative-execution-side-channel-hardware-vulnerabilities/. [Accessed 13 11 2019]. [25] Microsoft, “Microsoft Bug Bounty Program,” 2019.[Online]. Available:https://www.microsoft.com/enus/msrc/bounty?rtc=1. [Accessed 13 11 2019]. [26] T. Myerson, “Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems,” 2018. [Online]. Available: https://www.microsoft.com/security/blog/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/. [Accessed 13 11 2019]. [27] Apple, “About the security content of macOS High Sierra 10.13.3, Security Update 2018-001 Sierra,and Security Update 2018-001 El Capitan,” 2019.[Online]. Available: https://support.apple.com/en-us/HT208465. [Accessed 14 11 2019]. [28] Apple, “About speculative execution vulnerabilities in ARM-based and Intel CPUs,” 2018. [Online]. Available: https://support.apple.com/en-us/HT208394. [Accessed 13 11 2019]. [29] Apple, “How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities,”2019. [Online]. Available: https://support.apple.com/en-gb/HT210108. [Accessed 13 11 2019].