Side channel attacks exploit confidential information obtained from microarchitecture of general purpose computers, in other terms microprocessors. Maria Mushtaq, researcher in cybersecurity at Telecom Paris, explains how these attacks work and give suggestions to improve computer security.
What are the motivations that can lead to side channel attacks?
Maria Mushtaq: A side-channel attack is a security exploit that aims to gather information from or influence the program execution of a system by measuring or exploiting indirect effects of the system or its hardware rather than targeting the program or its code directly. The latest security vulnerabilities, like Spectre, Meltdown & AEPIC, have demonstrated that security cannot be considered as an afterthought anymore and side channel attacks are very robust and powerful. In matter of some microseconds, an attacker can take control of your whole system.
What are the consequences of these attacks on society?
MM : Almost everything in modern computing architectures today – from computational optimizations to storage elements and interfaces, from end-user applications to the operating system & hypervisor, and from microarchitecture to underlying hardware –is leading to the discovery of new Side Channel Attacks. This is a trend getting further momentum, and worse, a complete attack surface is not known yet. At societal scale, side channel attacks can cause electrical blackouts, failure of military equipment, breach of national secrets and nuclear defense mechanisms. These security threats can result into theft of valuable sensitive data like medical records.
What enable the deployment of side channel attacks?
MM : I believe that the fundamental reason for existence of these vulnerabilities is that the evolution of computing architecture under Moore’s law has been focused almost entirely on the performance enhancement and optimization over the past many decades. Security, however, has been often an afterthought all along.
How does a side channel attack work?
MM : Generally, side channel attacks exploits vulnerabilities in the implementation of hardware or software. For exampleif we talk about recently discovered attacks, such as Spectre, Meltdown, they manipulate speculative execution to modify the underlying microarchitectural state. Modern processors use speculative execution to anticipate the start of a calculation of an operation, in case it is necessary to execute (it optimizes processor performances). In other terms, CPUs try to anticipate the actions that will be required. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unreliable in how it executes, can access the victim’s memory and registers, and can perform operations with measurable side effects.
On the other side, Meltdown attack by-passes memory isolation by unprivileged out-of-order execution and then uses side channels to retrieve data from caches that are being brought in to the registers and caches but not committed due to generation of exception. The generation of exception allows to access to a part of the memory without authorization.
What is the state of the research on microarchitectural security against these attacks?
MM : As a research topic, micro-architectural security basically started with the discovery of some really nasty vulnerabilities which can be found in almost any modern processor. Several attacks have been demonstrated that exploit these vulnerabilities, and allow to leak sensitive data such as passwords or any other secret information stored on a computer. In the context of cloud computing, this poses a real threat. What is more, there is no easy fix for this problem, since the causes for the leakage are deeply rooted in the architecture of the affected processors. To-date, we do not have a perfect solution at hand, and we are still looking for good ways to avoid or detect micro-architectural attacks.
Why is it so difficult to protect against side channel attacks?
MM : Current practices and trends of side channel attacks have demonstrated that almost everything in modern processors (software and hardware) is under attack and solution of 100% secure designs are not available. To develop secure processors, It is important to choose the right threat models and right protections because side channel threats are of diverse nature. Every protection cannot be suitable for all type of vulnerabilities. On the other side, it is important to work on secure processors without losing a lot on performance, energy, area which are hard earned benefits we received in processor design in the last decade.
What are the current efforts to secure processors?
MM: The concept of trusted execution environment (TEE) is getting significant importance in modern design approaches for security.
Compared to the conventional ring-based privilege levels in general-purpose processors, the concept of TEE provides better handling of software privilege. However, there are two major concerns with TEE-based solutions. On the one hand, they are still based on the principle of reinforcing isolation by providing a secure area of the main processor to ensure end-to-end security by protecting the execution of authenticated code. Therefore, the cost for confidentiality, authenticity, privacy, system integrity and data access rights under TEE is still paid in terms of performance degradation that comes from isolation and dedicated use of resources. On the other hand, recent research has reported that the TEE-based designs, such as Intel’s SGX and ARM’s Truszone, are vulnerable to new attack vectors. RISC V is an excellent ISA initiative that is open-source and incorporates security as a design feature. Researchers, however, have provided information leakage models for RISC V as well.
In which directions we should look to secure processors?
MM: In the given context, I strongly believe research should focus on two-pronged methodology to address the security concerns in future computing systems: 1) In the short-term, it is essential to work on striking a balance between the performance requirements and needed security in conventional design in the absence of a secure-by-design solutions, and 2) in the long-term, there is need to work on proposing novel approaches that will help incorporating security as a design feature across multiple levels of computing stack.
[box type=”shadow” align=”” class=”” width=””]
An event on microarchitectural security
Maria Mushtaq and Telecom Paris organized the first IP Paris Winter school on microarchitectural security. The events will take place in Paris, the December 9, 2022 at FIAP. This event is dedicated to young researchers and gives the opportunity to meet researchers whose specialty is microarchitectural security.