RIDL: Rogue in-flight data load

Stephan Van Schaik; Alyssa Milburn; Sebastian Osterlund; Pietro Frigo; Giorgi Maisuradze; Kaveh Razavi; Herbert Bos; Cristiano Giuffrida

doi:10.1109/SP.2019.00087

RIDL: Rogue in-flight data load

Stephan Van Schaik, Alyssa Milburn, Sebastian Osterlund, Pietro Frigo, Giorgi Maisuradze, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

847 Downloads (Pure)

Abstract

We present Rogue In-flight Data Load (RIDL), a new class of speculative unprivileged and constrained attacks to leak arbitrary data across address spaces and privilege boundaries (e.g., process, kernel, SGX, and even CPU-internal operations). Our reverse engineering efforts show such vulnerabilities originate from a variety of micro-optimizations pervasive in commodity (Intel) processors, which cause the CPU to speculatively serve loads using extraneous CPU-internal in-flight data (e.g., in the line fill buffers). Contrary to other state-of-the-art speculative execution attacks, such as Spectre, Meltdown and Foreshadow, RIDL can leak this arbitrary in-flight data with no assumptions on the state of the caches or translation data structures controlled by privileged software. The implications are worrisome. First, RIDL attacks can be implemented even from linear execution with no invalid page faults, eliminating the need for exception suppression mechanisms and enabling system-wide attacks from arbitrary unprivileged code (including JavaScript in the browser). To exemplify such attacks, we build a number of practical exploits that leak sensitive information from victim processes, virtual machines, kernel, SGX and CPU-internal components. Second, and perhaps more importantly, RIDL bypasses all existing 'spot' mitigations in software (e.g., KPTI, PTE inversion) and hardware (e.g., speculative store bypass disable) and cannot easily be mitigated even by more heavyweight defenses (e.g., L1D flushing or disabling SMT). RIDL questions the sustainability of a per-variant, spot mitigation strategy and suggests more fundamental mitigations are needed to contain ever-emerging speculative execution attacks.

Original language	English
Title of host publication	2019 IEEE Symposium on Security and Privacy (SP 2019)
Subtitle of host publication	Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	88-105
Number of pages	18
ISBN (Electronic)	9781538666609
DOIs	https://doi.org/10.1109/SP.2019.00087
Publication status	Published - 19 May 2019
Event	40th IEEE Symposium on Security and Privacy, SP 2019 - San Francisco, United States Duration: 19 May 2019 → 23 May 2019

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
Volume	2019-May
ISSN (Print)	1081-6011

Conference

Conference	40th IEEE Symposium on Security and Privacy, SP 2019
Country/Territory	United States
City	San Francisco
Period	19/05/19 → 23/05/19

Funding

We would like to thank our shepherd, Hovav Shacham, and the anonymous reviewers for their valuable feedback. This work was supported by the European Union’s Horizon 2020 research and innovation programme under grant agreements No. 786669 (ReAct) and No. 825377 (UNI-CORE), by the United States Office of Naval Research (ONR) under contracts N00014-17-1-2782 and N00014-17-S-B010 “BinRec”, by Intel Corporation through the Side Channel Vulnerability ISRA, and by the Netherlands Organisation for Scientific Research through grants NWO 639.023.309 VICI “Dowsing”, NWO 639.021.753 VENI “PantaRhei”, and NWO 016.Veni.192.262. This paper reflects only the authors’ view. The funding agencies are not responsible for any use that may be made of the information it contains.

Funders	Funder number
European Union's Horizon 2020
European Union’s Horizon 2020
NWO 016	016
NWO 639.021.753 VENI
NWO 639.021.753 VENI PantaRhei
NWO 639.023.309 VICI	639.023.309 VICI
NWO 639.023.309 VICI Dowsing
UNI-CORE
United States Office of Naval Research
Office of Naval Research	N00014-17-1-2782, N00014-17-S-B010
Intel Corporation
Horizon 2020 Framework Programme	825377, 786669
Nederlandse Organisatie voor Wetenschappelijk Onderzoek	NWO

Keywords

Side-channels
Speculative-execution-attacks

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/SP.2019.00087

RIDL_Rogue in-flight data loadFinal published version, 697 KBLicence: Article 25fa Dutch Copyright Act

Persistent URL (handle)

Persistent link

Cite this

Van Schaik, S., Milburn, A., Osterlund, S., Frigo, P., Maisuradze, G., Razavi, K., Bos, H., & Giuffrida, C. (2019). RIDL: Rogue in-flight data load. In 2019 IEEE Symposium on Security and Privacy (SP 2019): Proceedings (pp. 88-105). Article 8835281 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2019-May). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP.2019.00087

@inproceedings{b97cb30eee304695910316fa9246a1a2,

title = "RIDL: Rogue in-flight data load",

abstract = "We present Rogue In-flight Data Load (RIDL), a new class of speculative unprivileged and constrained attacks to leak arbitrary data across address spaces and privilege boundaries (e.g., process, kernel, SGX, and even CPU-internal operations). Our reverse engineering efforts show such vulnerabilities originate from a variety of micro-optimizations pervasive in commodity (Intel) processors, which cause the CPU to speculatively serve loads using extraneous CPU-internal in-flight data (e.g., in the line fill buffers). Contrary to other state-of-the-art speculative execution attacks, such as Spectre, Meltdown and Foreshadow, RIDL can leak this arbitrary in-flight data with no assumptions on the state of the caches or translation data structures controlled by privileged software. The implications are worrisome. First, RIDL attacks can be implemented even from linear execution with no invalid page faults, eliminating the need for exception suppression mechanisms and enabling system-wide attacks from arbitrary unprivileged code (including JavaScript in the browser). To exemplify such attacks, we build a number of practical exploits that leak sensitive information from victim processes, virtual machines, kernel, SGX and CPU-internal components. Second, and perhaps more importantly, RIDL bypasses all existing 'spot' mitigations in software (e.g., KPTI, PTE inversion) and hardware (e.g., speculative store bypass disable) and cannot easily be mitigated even by more heavyweight defenses (e.g., L1D flushing or disabling SMT). RIDL questions the sustainability of a per-variant, spot mitigation strategy and suggests more fundamental mitigations are needed to contain ever-emerging speculative execution attacks.",

keywords = "Side-channels, Speculative-execution-attacks",

author = "{Van Schaik}, Stephan and Alyssa Milburn and Sebastian Osterlund and Pietro Frigo and Giorgi Maisuradze and Kaveh Razavi and Herbert Bos and Cristiano Giuffrida",

year = "2019",

month = may,

day = "19",

doi = "10.1109/SP.2019.00087",

language = "English",

series = "Proceedings - IEEE Symposium on Security and Privacy",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "88--105",

booktitle = "2019 IEEE Symposium on Security and Privacy (SP 2019)",

address = "United States",

note = "40th IEEE Symposium on Security and Privacy, SP 2019 ; Conference date: 19-05-2019 Through 23-05-2019",

}

Van Schaik, S, Milburn, A, Osterlund, S, Frigo, P, Maisuradze, G, Razavi, K, Bos, H & Giuffrida, C 2019, RIDL: Rogue in-flight data load. in 2019 IEEE Symposium on Security and Privacy (SP 2019): Proceedings., 8835281, Proceedings - IEEE Symposium on Security and Privacy, vol. 2019-May, Institute of Electrical and Electronics Engineers Inc., pp. 88-105, 40th IEEE Symposium on Security and Privacy, SP 2019, San Francisco, United States, 19/05/19. https://doi.org/10.1109/SP.2019.00087

RIDL: Rogue in-flight data load. / Van Schaik, Stephan; Milburn, Alyssa; Osterlund, Sebastian et al.
2019 IEEE Symposium on Security and Privacy (SP 2019): Proceedings. Institute of Electrical and Electronics Engineers Inc., 2019. p. 88-105 8835281 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2019-May).

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - RIDL: Rogue in-flight data load

AU - Van Schaik, Stephan

AU - Milburn, Alyssa

AU - Osterlund, Sebastian

AU - Frigo, Pietro

AU - Maisuradze, Giorgi

AU - Razavi, Kaveh

AU - Bos, Herbert

AU - Giuffrida, Cristiano

PY - 2019/5/19

Y1 - 2019/5/19

N2 - We present Rogue In-flight Data Load (RIDL), a new class of speculative unprivileged and constrained attacks to leak arbitrary data across address spaces and privilege boundaries (e.g., process, kernel, SGX, and even CPU-internal operations). Our reverse engineering efforts show such vulnerabilities originate from a variety of micro-optimizations pervasive in commodity (Intel) processors, which cause the CPU to speculatively serve loads using extraneous CPU-internal in-flight data (e.g., in the line fill buffers). Contrary to other state-of-the-art speculative execution attacks, such as Spectre, Meltdown and Foreshadow, RIDL can leak this arbitrary in-flight data with no assumptions on the state of the caches or translation data structures controlled by privileged software. The implications are worrisome. First, RIDL attacks can be implemented even from linear execution with no invalid page faults, eliminating the need for exception suppression mechanisms and enabling system-wide attacks from arbitrary unprivileged code (including JavaScript in the browser). To exemplify such attacks, we build a number of practical exploits that leak sensitive information from victim processes, virtual machines, kernel, SGX and CPU-internal components. Second, and perhaps more importantly, RIDL bypasses all existing 'spot' mitigations in software (e.g., KPTI, PTE inversion) and hardware (e.g., speculative store bypass disable) and cannot easily be mitigated even by more heavyweight defenses (e.g., L1D flushing or disabling SMT). RIDL questions the sustainability of a per-variant, spot mitigation strategy and suggests more fundamental mitigations are needed to contain ever-emerging speculative execution attacks.

AB - We present Rogue In-flight Data Load (RIDL), a new class of speculative unprivileged and constrained attacks to leak arbitrary data across address spaces and privilege boundaries (e.g., process, kernel, SGX, and even CPU-internal operations). Our reverse engineering efforts show such vulnerabilities originate from a variety of micro-optimizations pervasive in commodity (Intel) processors, which cause the CPU to speculatively serve loads using extraneous CPU-internal in-flight data (e.g., in the line fill buffers). Contrary to other state-of-the-art speculative execution attacks, such as Spectre, Meltdown and Foreshadow, RIDL can leak this arbitrary in-flight data with no assumptions on the state of the caches or translation data structures controlled by privileged software. The implications are worrisome. First, RIDL attacks can be implemented even from linear execution with no invalid page faults, eliminating the need for exception suppression mechanisms and enabling system-wide attacks from arbitrary unprivileged code (including JavaScript in the browser). To exemplify such attacks, we build a number of practical exploits that leak sensitive information from victim processes, virtual machines, kernel, SGX and CPU-internal components. Second, and perhaps more importantly, RIDL bypasses all existing 'spot' mitigations in software (e.g., KPTI, PTE inversion) and hardware (e.g., speculative store bypass disable) and cannot easily be mitigated even by more heavyweight defenses (e.g., L1D flushing or disabling SMT). RIDL questions the sustainability of a per-variant, spot mitigation strategy and suggests more fundamental mitigations are needed to contain ever-emerging speculative execution attacks.

KW - Side-channels

KW - Speculative-execution-attacks

UR - http://www.scopus.com/inward/record.url?scp=85072932636&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072932636&partnerID=8YFLogxK

U2 - 10.1109/SP.2019.00087

DO - 10.1109/SP.2019.00087

M3 - Conference contribution

AN - SCOPUS:85072932636

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 88

EP - 105

BT - 2019 IEEE Symposium on Security and Privacy (SP 2019)

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 40th IEEE Symposium on Security and Privacy, SP 2019

Y2 - 19 May 2019 through 23 May 2019

ER -

RIDL: Rogue in-flight data load

Abstract

Publication series

Conference

Funding

Keywords

UN SDGs

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this