Diminisher: A Linux Kernel Based Countermeasure for TAA Vulnerability

Ameer Hamza; Maria Mushtaq; Khurram Bhatti; David Novo; Florent Bruguier; Pascal Benoit

doi:10.1007/978-3-030-95484-0_28

Diminisher: A Linux Kernel Based Countermeasure for TAA Vulnerability

Ameer Hamza
, Maria Mushtaq
, Khurram Bhatti
, David Novo
, Florent Bruguier
, Pascal Benoit

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

TSX Asynchronous Abort (TAA) vulnerability is a class of Side-Channel Attack (SCA) that allows an application to leak data from internal CPU buffers through asynchronous Transactional Synchronization Extension (TSX) aborts that are exploited by the recent Microarchitectural Data Sampling (MDS) attacks. Cross-core TAA attacks can be prevented through microcode updates where CPU buffers are flushed during Operating System (OS) context switching, but there is no solution to our knowledge that exists for hyper-threaded TAA attacks in which the attacker leaks data from sibling hardware threads through asynchronous abort. In this work, we have proposed Diminisher, a Linux kernel-based detection and mitigation solution for both hyper-threaded and cross-core TAA attacks. Diminisher can be logically divided into three phases, i.e., scheduling, detection, and mitigation. Diminisher is a lightweight tool to prevent TAA vulnerability. The novelty lies in the methodology that we propose enabling easy extensions to cover other hyper-threaded attacks for which no satisfactory solutions exist yet. Diminisher detects and mitigates the TAA attacks around 99% of the time at a low-performance overhead of 2.5%.

Original language	English
Title of host publication	Computer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE, 2021
Editors	Sokratis Katsikas, Costas Lambrinoudakis, Nora Cuppens, John Mylopoulos, Christos Kalloniatis, Weizhi Meng, Steven Furnell, Frank Pallas, Jörg Pohle, M. Angela Sasse, Habtamu Abie, Silvio Ranise, Luca Verderame, Enrico Cambiaso, Jorge Maestre Vidal, Marco Antonio Sotelo Monge
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	477-495
Number of pages	19
ISBN (Print)	9783030954833
DOIs	https://doi.org/10.1007/978-3-030-95484-0_28
Publication status	Published - 1 Jan 2022
Event	7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2021, 5th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2021, 4th International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2021, 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2021, 2nd Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2021 and 1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge, CDT and SECOMANE 2021 held in conjunction with 26th European Symposium on Research in Computer Security, ESORICS 2021 - Virtual, Online Duration: 4 Oct 2021 → 8 Oct 2021

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	13106 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2021, 5th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2021, 4th International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2021, 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2021, 2nd Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2021 and 1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge, CDT and SECOMANE 2021 held in conjunction with 26th European Symposium on Research in Computer Security, ESORICS 2021
City	Virtual, Online
Period	4/10/21 → 8/10/21

Keywords

Caches
Hyper-threading
Intel TSX
Intel’s x86 Architecture
Linux Kernel
Side-channel attacks

Access to Document

10.1007/978-3-030-95484-0_28

Cite this

Hamza, A., Mushtaq, M., Bhatti, K., Novo, D., Bruguier, F., & Benoit, P. (2022). Diminisher: A Linux Kernel Based Countermeasure for TAA Vulnerability. In S. Katsikas, C. Lambrinoudakis, N. Cuppens, J. Mylopoulos, C. Kalloniatis, W. Meng, S. Furnell, F. Pallas, J. Pohle, M. A. Sasse, H. Abie, S. Ranise, L. Verderame, E. Cambiaso, J. Maestre Vidal, & M. A. Sotelo Monge (Eds.), Computer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE, 2021 (pp. 477-495). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13106 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-95484-0_28

Hamza, Ameer ; Mushtaq, Maria ; Bhatti, Khurram et al. / Diminisher : A Linux Kernel Based Countermeasure for TAA Vulnerability. Computer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE, 2021. editor / Sokratis Katsikas ; Costas Lambrinoudakis ; Nora Cuppens ; John Mylopoulos ; Christos Kalloniatis ; Weizhi Meng ; Steven Furnell ; Frank Pallas ; Jörg Pohle ; M. Angela Sasse ; Habtamu Abie ; Silvio Ranise ; Luca Verderame ; Enrico Cambiaso ; Jorge Maestre Vidal ; Marco Antonio Sotelo Monge. Springer Science and Business Media Deutschland GmbH, 2022. pp. 477-495 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{44fef465cb7d4cf7957336e006d6feb6,

title = "Diminisher: A Linux Kernel Based Countermeasure for TAA Vulnerability",

abstract = "TSX Asynchronous Abort (TAA) vulnerability is a class of Side-Channel Attack (SCA) that allows an application to leak data from internal CPU buffers through asynchronous Transactional Synchronization Extension (TSX) aborts that are exploited by the recent Microarchitectural Data Sampling (MDS) attacks. Cross-core TAA attacks can be prevented through microcode updates where CPU buffers are flushed during Operating System (OS) context switching, but there is no solution to our knowledge that exists for hyper-threaded TAA attacks in which the attacker leaks data from sibling hardware threads through asynchronous abort. In this work, we have proposed Diminisher, a Linux kernel-based detection and mitigation solution for both hyper-threaded and cross-core TAA attacks. Diminisher can be logically divided into three phases, i.e., scheduling, detection, and mitigation. Diminisher is a lightweight tool to prevent TAA vulnerability. The novelty lies in the methodology that we propose enabling easy extensions to cover other hyper-threaded attacks for which no satisfactory solutions exist yet. Diminisher detects and mitigates the TAA attacks around 99\% of the time at a low-performance overhead of 2.5\%.",

keywords = "Caches, Hyper-threading, Intel TSX, Intel{\textquoteright}s x86 Architecture, Linux Kernel, Side-channel attacks",

author = "Ameer Hamza and Maria Mushtaq and Khurram Bhatti and David Novo and Florent Bruguier and Pascal Benoit",

note = "Publisher Copyright: {\textcopyright} 2022, Springer Nature Switzerland AG.; 7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2021, 5th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2021, 4th International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2021, 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2021, 2nd Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2021 and 1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge, CDT and SECOMANE 2021 held in conjunction with 26th European Symposium on Research in Computer Security, ESORICS 2021 ; Conference date: 04-10-2021 Through 08-10-2021",

year = "2022",

month = jan,

day = "1",

doi = "10.1007/978-3-030-95484-0\_28",

language = "English",

isbn = "9783030954833",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "477--495",

editor = "Sokratis Katsikas and Costas Lambrinoudakis and Nora Cuppens and John Mylopoulos and Christos Kalloniatis and Weizhi Meng and Steven Furnell and Frank Pallas and J{\"o}rg Pohle and Sasse, \{M. Angela\} and Habtamu Abie and Silvio Ranise and Luca Verderame and Enrico Cambiaso and \{Maestre Vidal\}, Jorge and \{Sotelo Monge\}, \{Marco Antonio\}",

booktitle = "Computer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE, 2021",

}

Hamza, A, Mushtaq, M, Bhatti, K, Novo, D, Bruguier, F & Benoit, P 2022, Diminisher: A Linux Kernel Based Countermeasure for TAA Vulnerability. in S Katsikas, C Lambrinoudakis, N Cuppens, J Mylopoulos, C Kalloniatis, W Meng, S Furnell, F Pallas, J Pohle, MA Sasse, H Abie, S Ranise, L Verderame, E Cambiaso, J Maestre Vidal & MA Sotelo Monge (eds), Computer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE, 2021. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 13106 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 477-495, 7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2021, 5th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2021, 4th International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2021, 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2021, 2nd Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2021 and 1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge, CDT and SECOMANE 2021 held in conjunction with 26th European Symposium on Research in Computer Security, ESORICS 2021, Virtual, Online, 4/10/21. https://doi.org/10.1007/978-3-030-95484-0_28

Diminisher: A Linux Kernel Based Countermeasure for TAA Vulnerability. / Hamza, Ameer; Mushtaq, Maria; Bhatti, Khurram et al.
Computer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE, 2021. ed. / Sokratis Katsikas; Costas Lambrinoudakis; Nora Cuppens; John Mylopoulos; Christos Kalloniatis; Weizhi Meng; Steven Furnell; Frank Pallas; Jörg Pohle; M. Angela Sasse; Habtamu Abie; Silvio Ranise; Luca Verderame; Enrico Cambiaso; Jorge Maestre Vidal; Marco Antonio Sotelo Monge. Springer Science and Business Media Deutschland GmbH, 2022. p. 477-495 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 13106 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Diminisher

T2 - 7th Workshop on the Security of Industrial Control Systems and of Cyber-Physical Systems, CyberICPS 2021, 5th International Workshop on Security and Privacy Requirements Engineering, SECPRE 2021, 4th International Workshop on Attacks and Defenses for Internet-of-Things, ADIoT 2021, 3rd Workshop on Security, Privacy, Organizations, and Systems Engineering, SPOSE 2021, 2nd Cyber-Physical Security for Critical Infrastructures Protection, CPS4CIP 2021 and 1st International Workshop on Cyber Defence Technologies and Secure Communications at the Network Edge, CDT and SECOMANE 2021 held in conjunction with 26th European Symposium on Research in Computer Security, ESORICS 2021

AU - Hamza, Ameer

AU - Mushtaq, Maria

AU - Bhatti, Khurram

AU - Novo, David

AU - Bruguier, Florent

AU - Benoit, Pascal

PY - 2022/1/1

Y1 - 2022/1/1

N2 - TSX Asynchronous Abort (TAA) vulnerability is a class of Side-Channel Attack (SCA) that allows an application to leak data from internal CPU buffers through asynchronous Transactional Synchronization Extension (TSX) aborts that are exploited by the recent Microarchitectural Data Sampling (MDS) attacks. Cross-core TAA attacks can be prevented through microcode updates where CPU buffers are flushed during Operating System (OS) context switching, but there is no solution to our knowledge that exists for hyper-threaded TAA attacks in which the attacker leaks data from sibling hardware threads through asynchronous abort. In this work, we have proposed Diminisher, a Linux kernel-based detection and mitigation solution for both hyper-threaded and cross-core TAA attacks. Diminisher can be logically divided into three phases, i.e., scheduling, detection, and mitigation. Diminisher is a lightweight tool to prevent TAA vulnerability. The novelty lies in the methodology that we propose enabling easy extensions to cover other hyper-threaded attacks for which no satisfactory solutions exist yet. Diminisher detects and mitigates the TAA attacks around 99% of the time at a low-performance overhead of 2.5%.

AB - TSX Asynchronous Abort (TAA) vulnerability is a class of Side-Channel Attack (SCA) that allows an application to leak data from internal CPU buffers through asynchronous Transactional Synchronization Extension (TSX) aborts that are exploited by the recent Microarchitectural Data Sampling (MDS) attacks. Cross-core TAA attacks can be prevented through microcode updates where CPU buffers are flushed during Operating System (OS) context switching, but there is no solution to our knowledge that exists for hyper-threaded TAA attacks in which the attacker leaks data from sibling hardware threads through asynchronous abort. In this work, we have proposed Diminisher, a Linux kernel-based detection and mitigation solution for both hyper-threaded and cross-core TAA attacks. Diminisher can be logically divided into three phases, i.e., scheduling, detection, and mitigation. Diminisher is a lightweight tool to prevent TAA vulnerability. The novelty lies in the methodology that we propose enabling easy extensions to cover other hyper-threaded attacks for which no satisfactory solutions exist yet. Diminisher detects and mitigates the TAA attacks around 99% of the time at a low-performance overhead of 2.5%.

KW - Caches

KW - Hyper-threading

KW - Intel TSX

KW - Intel’s x86 Architecture

KW - Linux Kernel

KW - Side-channel attacks

UR - https://www.scopus.com/pages/publications/85125247991

U2 - 10.1007/978-3-030-95484-0_28

DO - 10.1007/978-3-030-95484-0_28

M3 - Conference contribution

AN - SCOPUS:85125247991

SN - 9783030954833

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 477

EP - 495

BT - Computer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE, 2021

A2 - Katsikas, Sokratis

A2 - Lambrinoudakis, Costas

A2 - Cuppens, Nora

A2 - Mylopoulos, John

A2 - Kalloniatis, Christos

A2 - Meng, Weizhi

A2 - Furnell, Steven

A2 - Pallas, Frank

A2 - Pohle, Jörg

A2 - Sasse, M. Angela

A2 - Abie, Habtamu

A2 - Ranise, Silvio

A2 - Verderame, Luca

A2 - Cambiaso, Enrico

A2 - Maestre Vidal, Jorge

A2 - Sotelo Monge, Marco Antonio

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 4 October 2021 through 8 October 2021

ER -

Hamza A, Mushtaq M, Bhatti K, Novo D, Bruguier F, Benoit P. Diminisher: A Linux Kernel Based Countermeasure for TAA Vulnerability. In Katsikas S, Lambrinoudakis C, Cuppens N, Mylopoulos J, Kalloniatis C, Meng W, Furnell S, Pallas F, Pohle J, Sasse MA, Abie H, Ranise S, Verderame L, Cambiaso E, Maestre Vidal J, Sotelo Monge MA, editors, Computer Security. ESORICS 2021 International Workshops - CyberICPS, SECPRE, ADIoT, SPOSE, CPS4CIP, and CDT and SECOMANE, 2021. Springer Science and Business Media Deutschland GmbH. 2022. p. 477-495. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-95484-0_28