-
Remote Scheduler Contention Attacks
Authors:
Stefan Gast,
Jonas Juffinger,
Lukas Maar,
Christoph Royer,
Andreas Kogler,
Daniel Gruss
Abstract:
In this paper, we investigate unexplored aspects of scheduler contention: We systematically study the leakage of all scheduler queues on AMD Zen 3 and show that all queues leak. We mount the first scheduler contention attacks on Zen 4, with a novel measurement method evoking an out-of-order race condition, more precise than the state of the art. We demonstrate the first inter-keystroke timing atta…
▽ More
In this paper, we investigate unexplored aspects of scheduler contention: We systematically study the leakage of all scheduler queues on AMD Zen 3 and show that all queues leak. We mount the first scheduler contention attacks on Zen 4, with a novel measurement method evoking an out-of-order race condition, more precise than the state of the art. We demonstrate the first inter-keystroke timing attacks based on scheduler contention, with an F1 score of $\geq$ 99.5 % and a standard deviation below 4 ms from the ground truth. Our end-to-end JavaScript attack transmits across Firefox instances, bypassing cross-origin policies and site isolation, with 891.9 bit/s (Zen 3) and 940.7 bit/s (Zen 4).
△ Less
Submitted 10 April, 2024;
originally announced April 2024.
-
QSDsan: An Integrated Platform for Quantitative Sustainable Design of Sanitation and Resource Recovery Systems
Authors:
Yalin Li,
Xinyi Zhang,
Victoria L. Morgan,
Hannah A. C. Lohman,
Lewis S. Rowles,
Smiti Mittal,
Anna Kogler,
Roland D. Cusick,
William A. Tarpeh,
Jeremy S. Guest
Abstract:
Sustainable sanitation and resource recovery technologies are needed to address rapid environmental and socioeconomic changes. Research prioritization is critical to expedite the development and deployment of such technologies across their vast system space (e.g., technology choices, design and operating decisions). In this study, we introduce QSDsan - an open-source tool written in Python (under…
▽ More
Sustainable sanitation and resource recovery technologies are needed to address rapid environmental and socioeconomic changes. Research prioritization is critical to expedite the development and deployment of such technologies across their vast system space (e.g., technology choices, design and operating decisions). In this study, we introduce QSDsan - an open-source tool written in Python (under the object-oriented programming paradigm) and developed for the quantitative sustainable design (QSD) of sanitation and resource recovery systems. As an integrated platform for system design, process modeling and simulation, techno-economic analysis (TEA), and life cycle assessment (LCA), QSDsan can be used to enumerate and investigate the opportunity space for emerging technologies under uncertainty, while considering contextual parameters that are critical to technology deployment. We illustrate the core capabilities of QSDsan through two distinct examples: (i) evaluation of a complete sanitation value chain that compares three alternative systems; and (ii) dynamic simulation of the wastewater treatment plant described in the benchmark simulation model no. 1 (BSM1). Through these examples, we show the utility of QSDsan to automate design, enable flexible process modeling, achieve rapid and reproducible simulations, and to perform advanced statistical analyses with integrated visualization. We strive to make QSDsan a community-led platform with online documentation, tutorials (explanatory notes, executable scripts, and video demonstrations), and a growing ecosystem of supporting packages (e.g., DMsan for decision-making). This platform can be freely accessed, used, and expanded by researchers, practitioners, and the public alike, ultimately contributing to the advancement of safe and affordable sanitation technologies around the globe.
△ Less
Submitted 7 March, 2022;
originally announced March 2022.
-
Domain Page-Table Isolation
Authors:
Claudio Canella,
Andreas Kogler,
Lukas Giner,
Daniel Gruss,
Michael Schwarz
Abstract:
Modern applications often consist of different security domains that require isolation from each other. While several solutions exist, most of them rely on specialized hardware, hardware extensions, or require less-efficient software instrumentation of the application.
In this paper, we propose Domain Page-Table Isolation (DPTI), a novel mechanism for hardware-enforced security domains that can…
▽ More
Modern applications often consist of different security domains that require isolation from each other. While several solutions exist, most of them rely on specialized hardware, hardware extensions, or require less-efficient software instrumentation of the application.
In this paper, we propose Domain Page-Table Isolation (DPTI), a novel mechanism for hardware-enforced security domains that can be readily used on commodity off-the-shelf CPUs. DPTI uses two novel techniques for dynamic, time-limited changes to the memory isolation at security-critical points, called memory freezing and stashing. We demonstrate the versatility and efficacy of DPTI in two scenarios: First, DPTI freezes or stashes memory to support faster and more fine-grained syscall filtering than state-of-the-art seccomp-bpf. With the provided memory safety guarantees, DPTI can even securely support deep argument filtering, such as string comparisons. Second, DPTI freezes or stashes memory to efficiently confine potentially untrusted SGX enclaves, outperforming existing solutions by 14.6%-22% while providing the same security guarantees. Our results show that DPTI is a viable mechanism to isolate domains within applications using only existing mechanisms available on modern CPUs, without relying on special hardware instructions or extensions
△ Less
Submitted 21 November, 2021;
originally announced November 2021.
-
Dynamic Process Isolation
Authors:
Martin Schwarzl,
Pietro Borrello,
Andreas Kogler,
Kenton Varda,
Thomas Schuster,
Daniel Gruss,
Michael Schwarz
Abstract:
In the quest for efficiency and performance, edge-computing providers eliminate isolation boundaries between tenants, such as strict process isolation, and instead let them compute in a more lightweight multi-threaded single-process design. Edge-computing providers support a high number of tenants per machine to reduce the physical distance to customers without requiring a large number of machines…
▽ More
In the quest for efficiency and performance, edge-computing providers eliminate isolation boundaries between tenants, such as strict process isolation, and instead let them compute in a more lightweight multi-threaded single-process design. Edge-computing providers support a high number of tenants per machine to reduce the physical distance to customers without requiring a large number of machines. Isolation is provided by sandboxing mechanisms, e.g., tenants can only run sandboxed V8 JavaScript code. While this is as secure as a sandbox for software vulnerabilities, microarchitectural attacks can bypass these sandboxes.
In this paper, we show that it is possible to mount a Spectre attack on such a restricted environment, leaking secrets from co-located tenants. Cloudflare Workers is one of the top three edge-computing solutions and handles millions of HTTP requests per second worldwide across tens of thousands of web sites every day. We demonstrate a remote Spectre attack using amplification techniques in combination with a remote timing server, which is capable of leaking 120 bit/h. This motivates our main contribution, Dynamic Process Isolation, a process isolation mechanism that only isolates suspicious worker scripts following a detection mechanism. In the worst case of only false positives, Dynamic Process Isolation simply degrades to process isolation. Our proof-of-concept implementation augments a real-world cloud infrastructure framework, Cloudflare Workers, which is used in production at large scale. With a false-positive rate of only 0.61%, we demonstrate that our solution vastly outperforms strict process isolation in terms of performance. In our security evaluation, we show that Dynamic Process Isolation statistically provides the same security guarantees as strict process isolation, fully mitigating Spectre attacks between multiple tenants.
△ Less
Submitted 10 October, 2021;
originally announced October 2021.