Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch...
Transcript of Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch...
![Page 1: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/1.jpg)
Predicting the Branch Predictors:
inception to secure predictors
Sarani Bhattacharya
COSIC, KU Leuven
![Page 2: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/2.jpg)
Branch Prediction
![Page 3: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/3.jpg)
Motivation of the work
Computer Architecture has evolved over the decade with performance improvisation being its sole motivation and objective.
In this work, we start with the security evaluation of one of the most important architectural component- the branch predictors.
It is also a difficult task to guess which particular design has been implemented in hardware- this requires basic reverse engineering.
There exists no security guidelines to sensitive cryptographic applications executing in multi-tenant or cloud environment. There still exists legacy codes like RELIC and texts books which suggest such implementation to be efficient, though being highly vulnerable to micro-architectural attacks.
![Page 4: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/4.jpg)
Observation 1
![Page 5: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/5.jpg)
Abrupt increase in branch miss observed by unprivileged
user due to exponentiations from privileged process
2
![Page 6: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/6.jpg)
Abrupt increase in branch miss observed by unprivileged
user due to exponentiations from privileged process
2
![Page 7: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/7.jpg)
Abrupt increase in branch miss observed by unprivileged
user due to exponentiations from privileged process
![Page 8: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/8.jpg)
Variation of branch-misses from HPCs with increase in branch
miss from 2-bit predictor algorithm on various platforms
![Page 9: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/9.jpg)
Secret Dependent Branching
![Page 10: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/10.jpg)
Effect of Compiler Optimization on
branching
![Page 11: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/11.jpg)
![Page 12: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/12.jpg)
![Page 13: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/13.jpg)
![Page 14: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/14.jpg)
Observation 2
![Page 15: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/15.jpg)
Reverse Engineering of Branch
Prediction
![Page 16: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/16.jpg)
![Page 17: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/17.jpg)
Deduce & Remove Attack on Blinded Scalar
Multiplication with Asynchronous perf ioctl Calls
![Page 18: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/18.jpg)
Overview
![Page 19: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/19.jpg)
Objective
![Page 20: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/20.jpg)
Principle
![Page 21: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/21.jpg)
Scenarios
![Page 22: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/22.jpg)
Understanding Branch Mispredictions
Existing DPA countermeasures on ECC
![Page 23: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/23.jpg)
Observation 3
![Page 24: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/24.jpg)
BTB structure and Collision
![Page 25: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/25.jpg)
Threat Model
![Page 26: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/26.jpg)
Always executes taken
branch which jumps to
target address TA_spySpy
Could execute a taken
or not-taken branch Victim
Measure
Measures the access
time of the target
address TA_spy
![Page 27: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/27.jpg)
Secure Predictors
Fortifying Branch Predictors to thwart
Micro-architectural Attacks
![Page 28: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/28.jpg)
Contributions
1. The primary contribution of this work is a secure design of branch
predictor: λ-confidence predictor which invalidates the direct
proportionality of branch mispredictions from known predictor
structures.
2. A hashed indexing scheme which is essential to prevent branch
collision based attacks on the shared table structures such as BTB and
PHT.
3. Performance comparison of the new predictor to state-of-art
predictors like Gshare and more recent TAGE-based predictors using
traces from SPEC-2006, server and multimedia benchmarks in terms of
MisPredictions per Kilo Instructions (MPKI) and misprediction penalty, to
demonstrate that the design do not compromise on performance.
4. Lastly, test for security on cryptographic implementations and the
design has lesser information leakage than predictors in literature.
![Page 29: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/29.jpg)
Why is it important to design secure
branch predictors ?
“Does making cryptographic implementations free from conditional
branching totally do away with the threat of micro-architectural
attacks caused due to the branch predictors?”
![Page 30: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/30.jpg)
Insecurity of Commercial Intel Systems
![Page 31: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/31.jpg)
InSecurity for TAGE based predictor structures
![Page 32: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/32.jpg)
How are TAGE predictors vulnerable
Initial branches, where there are no matched tags in any of the component
structures: This is the phase when the execution just starts and the index
decided by the program counter xored with none of the previous history,
do not match with any stored tags in the computed indices. In this part of
the execution, the predictions are made using the base predictor.
When there are some tags which match the existing history based tags and
some does not. In this case, the 3-bit predictor of the first component table
and the base predictor are most likely to provide the prediction.
Third case arises, for the final bits of execution which shows tag, index
match in multiple component tables of TAGE. But the final prediction is such
that in each of these component tables the 3-bit predictors provide the
final prediction.
![Page 33: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/33.jpg)
How are TAGE predictors vulnerable
![Page 34: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/34.jpg)
Aim of λ Predictor: Performance + Security
• Performance for Benchmark Programs
• Security for Sensitive Applications
![Page 35: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/35.jpg)
Adding Lambda confidence to generic
predictor model
![Page 36: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/36.jpg)
Effect of Lambda on Gshare
predictors
![Page 37: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/37.jpg)
Securing BTB from collision based attacks
![Page 38: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/38.jpg)
Results on values of Lambda
MPKIMisprediction Penalty
![Page 39: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/39.jpg)
Performance of λ + ISL-TAGE
![Page 40: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/40.jpg)
Inconclusive DOM results after introducing λ
Branch Prediction Attack on RSA-OAEP Randomized Padding Scheme
![Page 41: Sarani Bhattacharya · BTB structure and Collision. Threat Model. Always executes taken branch which jumps to Spy target address TA_spy Could execute a taken or not-taken branch Victim](https://reader035.fdocuments.in/reader035/viewer/2022071000/5fbcbf20608d866c687bcda7/html5/thumbnails/41.jpg)
THANK YOU FOR YOUR
ATTENTION!