SMoTherSpectre: exploiting speculative execution through port contention (1903.01843v3)

Abstract: Spectre, Meltdown, and related attacks have demonstrated that kernels, hypervisors, trusted execution environments, and browsers are prone to information disclosure through micro-architectural weaknesses. However, it remains unclear as to what extent other applications, in particular those that do not load attacker-provided code, may be impacted. It also remains unclear as to what extent these attacks are reliant on cache-based side channels. We introduce SMoTherSpectre, a speculative code-reuse attack that leverages port-contention in simultaneously multi-threaded processors (SMoTher) as a side channel to leak information from a victim process. SMoTher is a fine-grained side channel that detects contention based on a single victim instruction. To discover real-world gadgets, we describe a methodology and build a tool that locates SMoTher-gadgets in popular libraries. In an evaluation on glibc, we found hundreds of gadgets that can be used to leak information. Finally, we demonstrate proof-of-concept attacks against the OpenSSH server, creating oracles for determining four host key bits, and against an application performing encryption using the OpenSSL library, creating an oracle which can differentiate a bit of the plaintext through gadgets in libcrypto and glibc.

• The paper introduces SMoTherSpectre, revealing how port contention in SMT processors can be exploited for information leakage during speculative execution.
• It demonstrates proof-of-concept attacks on OpenSSH and OpenSSL, using precise timing to extract bits of secret data.
• The research challenges cache-centric defenses and calls for new security measures to mitigate vulnerabilities in shared processor resources.

Overview of SMoTherSpectre: Exploiting Speculative Execution through Port Contention

The paper, "SMoTherSpectre: Exploiting Speculative Execution through Port Contention," explores the exploitation of speculative execution, focusing on non-cache-based side channels to leak sensitive information. The authors introduce SMoTherSpectre, a speculative code-reuse attack leveraging port contention in Simultaneous MultiThreaded (SMT) processors to bypass conventional defenses. The paper provides a comprehensive characterization of the SMoTher side channel and demonstrates real-world applicability by targeting systems like OpenSSH and OpenSSL.

Key Contributions

1. SMoTher Side Channel Characterization:
   • The paper pioneers the precise characterization of port contention as a side channel. This involves accurately measuring the contention caused by simultaneous execution on shared execution units in SMT processors.
   • Through detailed experiments, the authors establish the conditions under which SMoTher-differentiability arises, allowing attackers to discern between instruction sequences based on port utilization differences.
2. SMoTherSpectre: A Novel Attack Vector:
   • SMoTherSpectre utilizes Branch Target Injection (BTI) to steer speculative execution to desired gadgets without requiring the injection of malicious code.
   • The paper underscores the attack's primary advantage: its independence from known vulnerable code paths and cache-based side channels, broadening the landscape of exploitable applications.
3. Real-world Proof-of-Concept Attacks:
   • The authors demonstrate the feasibility of SMoTherSpectre by conducting proof-of-concept attacks on OpenSSH's host key and OpenSSL's encryption context. These attacks reveal bits of secret data by timing instruction sequences through SMoTher side channels.
   • They highlight the scalability of the attack, leveraging multiple SMoTher gadgets to extract different bits of vulnerable information.

Implications and Future Directions

The paper's findings suggest that reliance on cache-centric defenses against speculative execution attacks may be insufficient in environments that support SMT. The introduction of SMoTherSpectre reveals that non-cache-based side channels, such as port contention, are viable vectors for information leakage.

Theoretically, the results encourage deeper exploration into microarchitectural subtleties that could be exploited similarly and the development of defenses that encompass these broader attack surfaces. Practically, the work advocates for heightened scrutiny of SMT's implications on security, potentially motivating revisions to CPU architecture to limit shared resource vulnerabilities.

As a forward-looking speculation, this research could prompt advancements in both side-channel analysis and secure processor design. Future developments might include architectural changes to manage execution resource allocation or intelligent scheduling to mitigate shared resource contention. The work invites further investigation into combining speculative execution vulnerabilities with other microarchitectural side channels to uncover additional layers of risk.

Overall, this paper contributes significantly to the understanding of speculative execution vulnerabilities, presenting both a novel attack methodology and a foundation for future research in securing processor architectures against complex microarchitectural threats.