cov ntaub ntawv hais txog chav kawm tshiab ntawm kev tawm tsam (Load Value Txhaj Tshuaj, ) ntawm qhov kev txiav txim siab ua tiav hauv Intel CPUs, uas tuaj yeem siv los xau cov yuam sij thiab cov ntaub ntawv zais cia los ntawm Intel SGX enclaves thiab lwm yam txheej txheem.
Ib chav kawm tshiab ntawm kev tawm tsam yog raws li kev tswj hwm ntawm tib lub microarchitectural qauv siv hauv kev tawm tsam (Microarchitectural Data Sampling), . Tib lub sijhawm, kev tawm tsam tshiab tsis raug thaiv los ntawm cov txheej txheem uas twb muaj lawm ntawm kev tiv thaiv Meltdown, Spectre, MDS thiab lwm yam kev tawm tsam zoo sib xws. Kev tiv thaiv LVI zoo yuav tsum hloov kho kho vajtse rau CPU. Thaum npaj kev tiv thaiv programmatically, los ntawm kev ntxiv LFENCE cov lus qhia los ntawm compiler tom qab txhua qhov kev khiav haujlwm ntawm lub cim xeeb thiab hloov RET cov lus qhia nrog POP, LFENCE thiab JMP, cov nyiaj siv ua haujlwm ntau dhau raug kaw - raws li cov kws tshawb fawb, kev tiv thaiv software tiav yuav ua rau txo qis. kev ua tau zoo los ntawm 2-19 zaug.
Ib feem ntawm qhov nyuaj ntawm kev thaiv qhov teeb meem yog offset los ntawm qhov tseeb hais tias qhov kev tawm tsam tam sim no ntau dua theoretical tshaj qhov ua tau zoo (kev tawm tsam yog qhov ua tau, tab sis nyuaj heev rau kev siv thiab tsuas yog rov tsim dua hauv kev sim hluavtaws).
Intel qhov teeb meem muaj ib tug nruab nrab ntawm kev txaus ntshai (5.6 tawm ntawm 10) thiab hloov kho lub firmware thiab SDK rau SGX ib puag ncig, uas nws tau sim los thaiv qhov kev tawm tsam uas siv kev ua haujlwm. Cov txheej txheem kev tawm tsam tam sim no tsuas yog siv tau rau Intel processors, tab sis qhov ua tau ntawm kev hloov LVI rau lwm cov txheej txheem uas Meltdown-chav tawm tsam tsis tuaj yeem txiav tawm.
Qhov teeb meem tau txheeb xyuas lub Plaub Hlis Ntuj dhau los los ntawm tus kws tshawb fawb Jo Van Bulck los ntawm University of Leuven, tom qab ntawd, nrog kev koom tes ntawm 9 tus kws tshawb fawb los ntawm lwm lub tsev kawm ntawv, tsib txoj kev tawm tsam tau tsim, txhua qhov tso cai rau muaj qhov tshwj xeeb ntxiv. . Kev ywj pheej, nyob rau lub Ob Hlis xyoo no, cov kws tshawb fawb los ntawm Bitdefender kuj ib qho ntawm LVI nres variants thiab qhia nws rau Intel. Qhov kev tawm tsam sib txawv yog qhov txawv los ntawm kev siv cov txheej txheem microarchitectural sib txawv, xws li qhov chaw cia khoom (SB, Khw Tsis Muaj), sau tsis tau (LFB, Kab Fill Buffer), FPU cov ntsiab lus hloov tsis tau thiab thawj theem cache (L1D), yav tas los siv. hauv kev tawm tsam xws li , , , , ΠΈ .
Lub ntsiab Lub LVI tiv thaiv MDS tawm tsam yog tias MDS tswj kev txiav txim siab ntawm cov ntsiab lus ntawm microarchitectural qauv uas tseem tshuav nyob rau hauv lub cache tom qab speculative txhaum tuav los yog thauj khoom thiab kev ua haujlwm, thaum
Kev tawm tsam LVI tso cai rau tus neeg tawm tsam cov ntaub ntawv tau muab tso rau hauv cov qauv tsim microarchitectural los cuam tshuam cov kev xav tom ntej ntawm tus neeg raug tsim txom cov cai. Siv cov kev tswj hwm no, tus neeg tawm tsam tuaj yeem rho tawm cov ntsiab lus ntawm cov ntaub ntawv ntiag tug hauv lwm cov txheej txheem thaum ua tiav qee cov cai ntawm lub hom phiaj CPU core.
rau nyob rau hauv txoj cai ntawm tus neeg raug tsim txom txheej txheem tshwj xeeb sequences ntawm code (gadgets) nyob rau hauv uas tus attacker-tswj tus nqi yog loaded, thiab loading tus nqi no ua rau muaj kev zam (xws li, rho menyuam los yog pab) muab pov tseg, pov tseg qhov tshwm sim thiab rov ua raws li cov lus qhia. Thaum qhov kev zam tau ua tiav, lub qhov rai speculative tshwm thaum lub sijhawm cov ntaub ntawv ua tiav hauv cov khoom siv xau. Hauv particular, tus processor pib ua ib daim code (gadget) nyob rau hauv speculative hom, ces txiav txim siab tias qhov kev kwv yees tsis raug cai thiab rolls rov qab cov hauj lwm rau lawv cov qub lub xeev, tab sis cov ntaub ntawv ua tiav thaum lub sij hawm speculative tua yog tso rau hauv lub L1D cache. thiab microarchitectural buffers thiab muaj nyob rau retrieval los ntawm lawv nrog siv paub txoj kev los txiav txim cov ntaub ntawv residual los ntawm peb-tog channel.
Qhov "pab" kev zam, tsis zoo li qhov "fault", yog ua haujlwm sab hauv los ntawm lub processor yam tsis tau hu rau software handlers. Kev pab tuaj yeem tshwm sim, piv txwv li, thaum A (Accessed) lossis D (Dirty) me ntsis hauv lub cim xeeb nplooj ntawv xav tau hloov kho. Qhov teeb meem tseem ceeb hauv kev ua kom muaj kev tawm tsam ntawm lwm cov txheej txheem yog yuav ua li cas pib qhov tshwm sim ntawm kev pab los ntawm kev tswj tus neeg raug tsim txom txheej txheem. Tam sim no tsis muaj txoj hauv kev txhim khu kev qha los ua qhov no, tab sis nws muaj peev xwm tias lawv yuav pom yav tom ntej. Qhov muaj peev xwm ua tiav qhov kev tawm tsam tam sim no tau lees paub tsuas yog rau Intel SGX enclaves, lwm qhov xwm txheej yog theoretical lossis rov tsim dua hauv cov xwm txheej hluavtaws (yuav tsum tau ntxiv qee yam khoom siv rau cov cai)
Muaj peev xwm tawm tsam vectors:
- Cov ntaub ntawv xau los ntawm cov qauv kernel mus rau tus neeg siv cov txheej txheem. Lub Linux ntsiav kev tiv thaiv tawm tsam Spectre 1 kev tawm tsam, nrog rau SMAP (Tus Thawj Saib Xyuas Kev Tiv Thaiv Kev Tiv Thaiv Kev Tiv Thaiv) kev tiv thaiv, txo qis qhov tshwm sim ntawm LVI nres. Ntxiv kev tiv thaiv ntxiv rau cov ntsiav yuav tsim nyog yog tias yooj yim LVI txoj kev tawm tsam raug txheeb xyuas yav tom ntej.
- Cov ntaub ntawv xau ntawm cov txheej txheem sib txawv. Qhov kev tawm tsam yuav tsum muaj qee yam ntawm cov cai hauv daim ntawv thov thiab lub ntsiab lus ntawm ib txoj hauv kev rau kev cuam tshuam rau hauv cov txheej txheem phiaj xwm.
- Cov ntaub ntawv xau los ntawm tus tswv tsev ib puag ncig mus rau cov qhua system. Qhov kev tawm tsam tau muab cais ua qhov nyuaj heev, yuav tsum tau ua ntau yam nyuaj-rau-ua cov kauj ruam thiab kev kwv yees ntawm kev ua haujlwm hauv qhov system.
- Cov ntaub ntawv xau ntawm cov txheej txheem hauv cov qhua sib txawv. Qhov kev tawm tsam vector yog ze rau kev teeb tsa cov ntaub ntawv tawm ntawm cov txheej txheem sib txawv, tab sis tseem yuav tsum tau ua kom muaj kev cuam tshuam los ntawm kev sib cais ntawm cov qhua.
Tshaj tawm los ntawm cov kws tshawb fawb nrog rau kev ua qauv qhia ntawm lub hauv paus ntsiab lus ntawm kev tawm tsam, tab sis lawv tseem tsis tau tsim nyog rau kev tawm tsam tiag. Thawj qhov piv txwv tso cai rau koj mus rau redirect speculative code execution nyob rau hauv tus txheej txheem neeg raug tsim txom, zoo ib yam li rov qab-oriented programming (, Rov-Oriented Programming). Hauv qhov piv txwv no, tus neeg raug tsim txom yog txheej txheem tshwj xeeb uas muaj cov khoom siv tsim nyog (siv kev tawm tsam rau cov txheej txheem thib peb yog qhov nyuaj). Qhov piv txwv thib ob tso cai rau peb cuam tshuam nrog kev suav thaum lub sijhawm AES encryption hauv Intel SGX enclave thiab teeb tsa cov ntaub ntawv xau thaum lub sijhawm kwv yees ua tiav cov lus qhia kom rov qab tau tus nqi ntawm tus yuam sij siv rau kev encryption.
Tau qhov twg los: opennet.ru