Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Aug 2015 17:18:47 +0300
From: Solar Designer <>
Subject: Re: CVE request - Processor side channels using out of order execution

Hi Sophia,

On Tue, Aug 11, 2015 at 09:35:26PM -0400, sophia wrote:
> Past discussion of this includes:
> Details of attack:
> Brief Description: 
> Simultaneous multi-threading on current processors allows for one process to exploit out-of-order execution optimizations to leak information from co-executed processes. Conversely, this same setup allows for one process to force an increase or a decrease in out-of-order-execution optimizations in the other process, thereby effecting its computed values and control flow.

First of all, this is fine work.  Thank you for spending your time on it.

Then, can we try to summarize what the novelty in your research is?

Here's my take at it: the novelty is primarily in use of other than
direct timing measurements on the receiving or attacker end (instead,
you observe memory reordering, even though it's also dependent on
timings internally), and secondarily in targeting out-of-order execution
rather than caching.  (Yet another thing to target, and one I considered
and briefly played with on P4 with HT in 2005 when I saw Colin
Percival's paper, would be utilization of different execution units
within a core, which is measurable from another hardware thread running
on the same core.  Surprisingly, I am still unaware of published
research on that.)

That's great.  However, to figure out whether this poses a new
vulnerability (rather than "merely" a novel exploitation technique for
what were already considered vulnerabilities), we may want to determine
whether there (might) exist programs that are vulnerable to your attacks
yet invulnerable to previously known attacks.  Do these exist, and what
are they (or what would they be like)?

Of the 7 attack types you listed in your thesis, 2 through 7 don't
appear to be limited to your novel attack technique.  They are also
do-able by cache timings on the same hardware.  Do you agree?  Also,
for most systems the ability to deliberately construct a covert channel
between two processes or VMs isn't considered a vulnerability.  The
system designers would need to specifically claim to prevent covert
channels in order for this to become a vulnerability.

As to attack type 1, cryptographic key theft, I'd be interested in more
detail on it.  Am I correct that this attack relies on the victim
program doing secret-dependent branching or at least secret-dependent
indexing (in the latter case, out-of-order execution might be affected
by caching and by cache bank conflicts)?  If so, that same program
might be susceptible to a cache timing attack on its instruction fetches
(as well as execution unit utilization attack, but like I mentioned this
is surprisingly lacking published research), and in the latter case also
to the classic cache timing attack.  Now, "might be" is not same as
"always is", so there might be cases where your attack is the only known
one that works.  (For example, I think secret-dependent branching within
one cache line _might_ be unrealistic to attack as such, but might be
exploitable via its effect on out-of-order execution and memory
reordering, or via execution unit utilization.)

Do I understand correctly that for attack type 1, there should be at
least 3 concurrent threads: the victim and two attacker threads (these
two would be performing reorder-"unsafe" memory operations between
themselves)?  And that at least the victim and one of the attacker
threads would need to be scheduled onto the same core (as different
hardware threads)?

Would you release the code, please?  So far, I only saw your
and, which look like high-level wrappers for a demo, but lack
the substance.

Another aspect is whether "the issue" (the focus of your research) is
realistically fixable as a vulnerability anywhere.  I don't care about
CVEs much (and we'll see what MITRE says on this), but FWIW Colin
Percival's 2005 work did receive a CVE ID:

and there were a handful of security advisories, such as:

At the time, only the workaround of disabling HT was suggested, but e.g.
the FreeBSD advisory also said:

"NOTE:  It is expected that future work in cryptographic libraries and
operating system schedulers may remedy this problem for many or most
users, without necessitating the disabling of Hyper-Threading
Technology.  Future advisories will address individual cases."

and we've since seen such work (changes to crypto libraries and
programs are practical and already deployed, but changes to schedulers
appear to be more recent and only academic - granting temporary
exclusive use of CPU cores to programs processing sensitive data).

When a particular crypto library or program was found to be vulnerable
to cache timing side-channels, this was generally treated as a separate
vulnerability (and getting its own CVE ID).

I guess there's probably a 100% overlap between vulnerabilities that
would be treated as potentially susceptible to cache timing and to
out-of-order / memory reordering attacks, even if in practice the
likelihood of exploitation via these methods might vary drastically.
(This guess is based on my current understanding as described above.)

Finally, arguably, systems with any shared resources are knowingly
taking a performance/$ vs. security tradeoff.  It is very important for
us to have an idea just how bad (or not) the security impact is in
practice, so your research is a step in the right direction.

Thanks again for working on this.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.