Automated tools to detect microarchitectural attacks

At Black Hat MEA 2022, Moritz Lipp (Security Researcher at Amazon Web Services) and Daniel Weber (PhD Student, CISPA HelmHoltz Center for Information Security) presented the tools they’ve developed – along with the rest of their research team – to automate the process of detecting attacks in the microarchitecture of modern CPUs.

“Since 2018, we’ve known that security flaws in computer chips can affect billions of devices,” Weber said, “meaning that hackers can leak sensitive information directly by abusing the hardware instead of relying on any software vulnerability.”

But detecting these attacks is a huge task.

How microarchitectural attacks might work

Lipp asked us to imagine that we have a CPU, and it’s working as expected. There are no bugs in the software, no vulnerabilities – the software and operating system are fully secure.

So how could an attacker get into a system that’s fully secure?

“The interesting thing,” he said, “is the information can still leak through side effects. For instance, the power consumption; or the temperature of the CPU while it performs computation; and also the execution time.”

All of these side effects can leak information about what the hardware is doing.

So from an attacker perspective, you would observe the device. You’d collect, evaluate, observe, and monitor the data in order to gather the secrets. Weber pointed out that while CPUs contain many microarchitectural elements, most programmers don’t pay much attention to them. Because they’re considered to be transparent, and they just work. But CPU vendors still optimise elements in their microarchitectures – and those optimisations play an important role in the performance of a CPU.

For example, one optimisation is CPU Cache, which stores copies of memory requests in order to speed up access after the first request.

Lipp said:

“Just by observing this, we can build powerful attacks.”

The Flush+Reload attack — in which the attacker maps the shared library (the shared memory, in cache) into their own memory process. So any data in the shared library will be cached for both the victim and the attacker.

“Now, when the victim is running this process, eventually it will access this certain address — which means this address will be loaded back into the CPU cache. Now the only thing the attacker needs to do is measure how long it takes for the victim to load the data.”

By observing this, an attacker can leak cryptographic keys; or leak information on co-located virtual machines; or monitor function calls of other applications; or build covert communication channels.

Manual detection of these attacks is extremely labour intensive

The above example, as Weber then pointed out, describes the leakage of only one instruction. But there are thousands of instructions – so how do you find an attack like this?

Until recently, you’d have to take all of the documentation you could find, and read through it. Through this reading you’d gain an understanding of how the microarchitecture might be implemented, and then you’d develop and test ideas about how it could be compromised. And each time a new CPU is released by a vendor, you’d have to start that process again from the beginning.

“And eventually you’ll find an attack,” Lipp said.

But through extensive research, the team have developed a system to automate the search for undocumented behaviour in microarchitecture.

Weber said, “We can actually automate side channel discovery. We can also automate transient-execution attack discovery such as meltdown-type attacks, and we can also automatically detect unknown MSRs and try to have an educated guess about what they are doing.”

These tools scale far more efficiently than manual detection efforts, and they’re extensible – they can scan many more variants and identify very minor changes.

“We’ve seen that automated approaches are very fruitful ways to achieve different things,” Lipp added. “On the one hand we don’t necessarily need, or can compliment manual efforts to find unknown attack variants. More importantly we can also use those tools for regression testing in an automated way. And in the way they’re implemented, they’re extensible for new building blocks, new techniques; and if a new architecture comes out you can port them and try the same approaches there.”

The team has made these tools open source

So you can try them yourself.

Find them on GitHub:

https://github.com/D4nielMoghimi/medusa

https://github.com/CISPA/osiris

https://github.com/IAIK/msrevelio

And join us at Black Hat MEA 2023 to discover the latest in security research and open source tooling.