Re: "HyperThreading considered harmful" in Security

Re: "HyperThreading considered harmful" in Security http://www.dslreports.com/forum/r13399120 en Sun, 29 Nov 2009 01:08:44 EDT Sun, 29 Nov 2009 01:08:44 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13431390 IGGY : According to one article I linked on my blog.

"The flaw only works on servers that have already been compromised through a separate attack, High said. And if a user's server has already been compromised, there are far easier and less time-consuming exploits that would allow a malicious attacker to gain control or a system or steal data, he said."

According to how I've read things. This is really only a concern to users who are running servers. Such as a business. All the articles I've read so far say this really isn't going to be an issue with home users.
--
Test Your Security Cable Diagnostics
Iggyz Blog ZoneAlarm Help]]> http://www.dslreports.com/forum/remark,13431390 Tue, 17 May 2005 18:26:49 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13408276 DracoFelis : Interesting paper.

However, I personally don't get too hung up about a complicated way to "attack" (or a complicated "covert channel") when there are much more simple and easy to exploit problems that are still wide open.

For example, it makes no sense for a malware author to go to the trouble of these fancy attacks, when they are in a position to just install a simple "key logger" to capture the user's typed in "pass phrase" (which is sadly, still the case with many machines out "in the real world"). Likewise if a malware author is able to launch a thread with full abilities to "debug" the thread that has the crypto libraries, again it's "game over".

And on the other end of the spectrum, the "timing attacks" described in this paper still need to run as tasks on the same machine (and at the same time) as the crypto. So they can also be blocked by not allowing "untrusted code" to run AT ANY PRIVILEGE level on such a machine.

That means that about the only people that really need to worry about such attacks are the ones that are "secure enough" that most of the simpler malware attacks (such as "key loggers" are blocked), but "open enough" that the miscreant has the ability to run code of their choice at some "less privileged" user level. While I'm sure that this describes some systems, I doubt it describes the majority of the systems in use.

Or to put it another way, the "threats" described in this paper amount to nothing more than partial (special case only) "privilege escalation" attacks)!

The reason I say this, is that if the malware has sufficient privileges, there are already much easier ways to compromise things (reading other process memory, key-logging, etc). Likewise these attacks are totally stopped, simply by keeping the malware off the machine completely. So IMHO the only thing this paper describes is a really complicated way to use "timing", and the joint cache of Hyper-threaded CPUs, to sometimes get info from a higher privileged program running at the same time. While I admit this is interesting from a theoretical standpoint, I'm really not going to lose much sleep over it until/unless we block many of the more serious (and easier to exploit) "privilege escalation" attacks that are rampant out there (such as the many ways to use "buffer overflows" to get super-user rights)!!!]]> http://www.dslreports.com/forum/remark,13408276 Sat, 14 May 2005 19:24:53 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13406460 dave : The dodgy part of the premise is that you're executing malicious code on your hyperthreaded machine.

OK, so _if_ you've got malware then your crypto keys can be deduced via cache interference, given a suitable skilled malware author.

On the other hand, if you've got malware, I suspect that from a practical point of view, there are easier ways it could steal your keys.

Cache interference sounds like a last-resort attack for a bad guy who can't find any easier software bugs to exploit. Oh for that day to arrive!

In other words, you should worry about the more likely attacks first.

(On the other hand, this is way more interesting to read about that some stupid bug made by a careless programmer).]]> http://www.dslreports.com/forum/remark,13406460 Sat, 14 May 2005 14:33:39 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13405803 Penguins : Looks like a bad premise dressed up in a lot of confusing language.
--
Pure magic in 2k of 6502.]]> http://www.dslreports.com/forum/remark,13405803 Sat, 14 May 2005 10:36:31 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13405547 Cudni : from
»www.securityfocus.com/archive/1/···-05-17/0
"..
IV. Workaround

Systems not using processors with Hyper-Threading Technology support are
not affected by this issue. On systems which are affected, the security
flaw can be eliminated by setting the "machdep.hlt_logical_cpus" tunable:

# echo "machdep.hlt_logical_cpus=1" >> /boot/loader.conf

The system must be rebooted in order for tunables to take effect.

Use of this workaround is not recommended on "dual-core" systems, as
this workaround will also disable one of the processor cores.

V. Solution

Disable Hyper-Threading Technology on processors that support it.

NOTE: It is expected that future work in cryptographic libraries and
operating system schedulers may remedy this problem for many or most
users, without necessitating the disabling of Hyper-Threading
Technology. Future advisories will address individual cases. ..."

Cudni
--
When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth.
Help yourself so God can help you..it does exactly what it says on the sig]]> http://www.dslreports.com/forum/remark,13405547 Sat, 14 May 2005 09:45:34 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13404511 norwegian : Ive been thinking of updating to about 3.4 and good memory, but it doesn't help the sales pitch thats for sure
seeing as the 2.8 i have has negligable cache to say the least

its been obvious for a while about hardware firewalling: so in return does intel call back the so called bad chips i think not...

maybe it is time intel pulled their finger out if they want to knock back AMD and the new firewalled motherboard , but thats another question altogether, what would the 2 do together, a 2 tier firewall, bring on the detection system, it has long been a second thought ,what if you produce something that defends its self

as they seem to be going dual chip, what about 10 or 20 chips/processors, they still need a controller, maybe it should be on a separate pattern and if the user presets dont match, or keypad style install process,finger print install

but i remember a thread about about security chips here somewhere, but it always needs to be held by the owner, its everyone's basic right, software gives you a key to the program to run , why cant a chip use some principle to stop any external commands, just make the ad, a pack you can download that is clean but advertises, they could make more money out of it legal than illegal, but i guess if we dont have our toys, the ego hurts]]> http://www.dslreports.com/forum/remark,13404511 Sat, 14 May 2005 02:17:57 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13403763 Marilla :

said by Steve

:

There is no circumstance where thread #1 can read or write data cached by thread #2 - it can only make some guesses about which memory thread #2 is accessing. This revolves around subtle timing issues, not modifying memory.

Hence, my interest, and my headache!
--
Windows, Mac, Linux, BSD - just use the right tool for the right job... end the OS Politics!]]> http://www.dslreports.com/forum/remark,13403763 Fri, 13 May 2005 23:42:42 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13403754 ironwalker :

said by Dave1171

:

I smell revenue opportunity!

Fly-By-Night Software is pleased to announce its CacheCleaner utility. This advanced program guarantees to erase your processor's level 1 cache. It utilizes 23 Gutman passes for absolute security.

CacheCleaner should be used as part of basic computer maintenance, along with elementary procedures such as erasing the page file on shutdown, deleting Temporary Internet Files frequently, rejecting all cookies, and reformatting/reinstalling once a month.

Only $19.95 ($29.95 for the Professional version)

Too funny.:)
--
"LIVE FREE OR DIE" ... »www.rif.org/ ... Fiber Optics is the future of high-speed internet access. Stop by the BBR Fiber Optic]]> http://www.dslreports.com/forum/remark,13403754 Fri, 13 May 2005 23:40:42 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13403717 dave : I smell revenue opportunity!

]]> http://www.dslreports.com/forum/remark,13403717 Fri, 13 May 2005 23:34:11 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13401917 Kiwi : Perhaps that's why the 'J' chip was introduced, have no idea what happens with the 600 series though? Noticed the rather well done document that was linked, but that was before the aforementioned 500 'J' series.

»www.intel.com/cd/ids/developer/a···9308.htm

Cheers
--
2.66g/533fsb Intel CPU @ 3.48g 512meg Twinmos PC3700~466 DDR @ 2.8v -PCpower&Cooling 512. ATI 9500 Pro @ 9700 Pro @1.6v -- AMD ASUS A7N8X-E ~ 2500+ @3200 ATI 9500 Pro, Corsair 512LL.-- Aristotle.net]]> http://www.dslreports.com/forum/remark,13401917 Fri, 13 May 2005 19:13:57 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13399647 Steve :

said by Dave1171

:

In fact, almost anything can be used as a covert channel.

Yes, but that's not the danger here. He discussed covert channels to introduce his finding with a familiar topic, but the real danger is a crypto side-channel attack.

Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,13399647 Fri, 13 May 2005 14:00:17 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13399541 dave : Don't forget to turn off file system caching. The file system cache can be used as a covert channel.

In fact, almost anything can be used as a covert channel.]]> http://www.dslreports.com/forum/remark,13399541 Fri, 13 May 2005 13:45:53 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13399466 BeesTea :

said by Steve

:

No way.

I think this is beyond the pale of what one can do. I think it's going to be impossible for a Java application to do this,

Ditto.
--
$ /bin/whoami
nobody]]> http://www.dslreports.com/forum/remark,13399466 Fri, 13 May 2005 13:37:02 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13399459 novaflare : just used as a example. It how ever is probably possible to do so with spyware torjans or other apps you could trick the user in to downloading. And i only read part of it. Before posting reading more now. Ither way intel needs to take serious action to correct it.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channel open source dns server for *nix and windows »powerdns.com]]> http://www.dslreports.com/forum/remark,13399459 Fri, 13 May 2005 13:36:35 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13399406 Steve :

said by novaflare

:

Example run a java app on web site that stays active.

No way.

I think this is beyond the pale of what one can do. I think it's going to be impossible for a Java application to do this, because aside from the fact that it doesn't have access to the CPU instructions required to do this kind of hyper-highresolution timing, Java has so much overhead that it's going to confound any efforts at measuring these timing differences.

But getting a buffer over run is similar to a hardware security flaw realy.

Hmmm, did you actually read the paper?

There is no circumstance where thread #1 can read or write data cached by thread #2 - it can only make some guesses about which memory thread #2 is accessing. This revolves around subtle timing issues, not modifying memory.

Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,13399406 Fri, 13 May 2005 13:32:00 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13399344 novaflare : wel steve it may also be possible for a remopte user to do the same. Example run a java app on web site that stays active. Then you might be able to exploit the flaw remotly. And take your pick of other threads. It would be hard as hell but probably doable. Ive never delt with a hardware securit flaw before. But getting a buffer over run is similar to a hardware security flaw realy. Essentialy what your doing is putting things in to ram area from one programs area to another programs area of ram. So it should be at least possible to do the same with a cpus cache.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channel open source dns server for *nix and windows »powerdns.com]]> http://www.dslreports.com/forum/remark,13399344 Fri, 13 May 2005 13:23:18 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13399150 ironwalker : Thanks all,I read further and what cudini provided and I should be fine.The fix for FreeBSD was taken care of already.]]> http://www.dslreports.com/forum/remark,13399150 Fri, 13 May 2005 12:54:39 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13399146 Steve : I think this is really nothing to worry, though I'm not any kind of hardware security expert.

Unless I'm reading it wrong, it requires that the high-security thread and the low security thread be running at the same time, and this looks like a really hard thing to coordinate. User programs have only limited ability to interact with the scheduler, and I don't think they have any way of requesting "Run me at the same time you run $PROCESS".

I won't go farther than "It looks like a stretch to me", because all kinds of clever people have come up with all kinds of clever ideas to do surprising things.

But the "vendor notifications" seem a little weak to me, like "Well, this is nothing but I guess we have to say something"

said by SCO's advisory for Unixware:

The proper solution is to disable Hyper-Threading, unless you are certain that (1) no authorized users of your system have the ability to run a malicious program, and (2) it is not possible for any unauthorized users to access the system.

If there are unauthorized users and/or those who run malicious programs on the system, all kinds of bad effects are possible, though I'm not going to discount the danger of getting a private key swiped.

But I think I required a bit more evidence to believe this is anything to worry about.

Steve
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,13399146 Fri, 13 May 2005 12:53:05 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13399120 Marilla : My head is spinning! :o

Interesting, though headache-inducing, read!]]> http://www.dslreports.com/forum/remark,13399120 Fri, 13 May 2005 12:49:20 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13399083 Cudni : Interesting and even with planetary alignment not impossible to achieve :)

from vendor statements it looks some action will be/is taken
»www.daemonology.net/hyperthreadi···harmful/

Cudni
--
When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth.
Help yourself so God can help you..it does exactly what it says on the sig]]> http://www.dslreports.com/forum/remark,13399083 Fri, 13 May 2005 12:43:21 EDT Re: "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13399068 ironwalker : So if this is indeed true,can it be fixed, being a piece hardware thats flawed? If not...i want my money back on all the dual core xeons I have.
Bummer. ]]> http://www.dslreports.com/forum/remark,13399068 Fri, 13 May 2005 12:40:49 EDT "HyperThreading considered harmful" http://www.dslreports.com/forum/remark,13398971 Steve : Colin Percival has released a paper that discusses the security dangers of HyperThreading.

said by the paper:

Hyper-Threading, as currently implemented on Intel Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, and Xeon processors, suffers from a serious security flaw. This flaw permits local information disclosure, including allowing an unprivileged user to steal an RSA private key being used on the same machine. Administrators of multi-user systems are strongly advised to take action to disable Hyper-Threading immediately; single-user systems (i.e., desktop computers) are not affected.

The gist is that the two processor cores share a cache, and though one thread can't access the other thread's data, it can evict the other thread's data from the cache, causing timing differences that can be measured.

He first talks about using this as a low-bandwidth covert channel between two cooperating threads, allowing a high-security thread to leak information to a low-security thread.

This leads into a cryptanalytical side channel attack on (for instance) OpenSSL, where one thread can steal a private key referenced by the other thread.

This looks like an enormous stretch, requiring unlikely planetary alignment, but the author surely appears to have given this a lot of thought, and I think he claims to have a proof of concept.

Cache Missing for Fun and Profit
--
Stephen J. Friedl • Unix Wizard • Microsoft Security MVP • Tustin, California USA • my web site]]> http://www.dslreports.com/forum/remark,13398971 Fri, 13 May 2005 12:28:20 EDT