Reload+Reload：利用 AMD SEV 上的快取及記憶體旁通道

江立中; Li-Chung Chiang

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/96460

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	黎士瑋	zh_TW
dc.contributor.advisor	Shih-Wei Li	en
dc.contributor.author	江立中	zh_TW
dc.contributor.author	Li-Chung Chiang	en
dc.date.accessioned	2025-02-18T16:14:29Z	-
dc.date.available	2026-02-05	-
dc.date.copyright	2025-02-18	-
dc.date.issued	2024	-
dc.date.submitted	2025-02-06	-
dc.identifier.citation	Guidelines for Mitigating Timing Side Channels Against Cryptographic Implementations. https://www.intel.com/content/www/us/en/developer/ articles/technical/software-security-guidance/secure-coding/ mitigate-timing-side-channel-crypto-implementation.html. Kernel Samepage Merging - The Linux Kernel documentation. https://docs.kernel.org/admin-guide/mm/ksm.html. Intel® Advanced Encryption Standard (AES) New Instructions Set, May 2010. https://www.intel.com/content/dam/doc/white-paper/ advanced-encryption-standard-new-instructions-set-paper.pdf. AMD SEV-SNP: Strengthening VM Isolation with Integrity Protection and More, Jan 2020. https://www.amd.com/content/ dam/amd/en/documents/epyc-business-docs/white-papers/ SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more. pdf. Processor Programming Reference (PPR) for AMD Family 19h Model 21h, Revision B0 Processors (PUB), Jun 2021. https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/ 56214-B0-PUB.zip. Intel®TrustDomainExtensions,Feb2022.https://cdrdv2.intel.com/v1/dl/ getContent/690419. SOFTWARE TECHNIQUES FOR MANAGING SPECULATION ON AMD PROCESSORS, May 2023. https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/tuning-guides/ software-techniques-for-managing-speculation.pdf. AMD64 Architecture Programmer's Manual Volume 2: System Programming, March 2024. https://www.amd.com/content/dam/amd/en/documents/ processor-tech-docs/programmer-references/24593.pdf. O. Acıiçmez, B. B. Brumley, and P. Grabher. New Results on Instruction Cache Attacks. In Cryptographic Hardware and Embedded Systems, CHES 2010, volume 6225 of Lecture Notes in Computer Science, page 110–124, Berlin, Heidelberg, 2010. Springer Berlin Heidelberg. A. K. M. M. Alam and K. Chen. Making Your Program Oblivious: A Comparative Study for Side-channel-Safe Confidential Computing. In 2023 IEEE 16th International Conference on Cloud Computing (CLOUD), pages 282–289, Los Alamitos, CA, USA, Jul 2023. IEEE Computer Society. AMDESE. linux. https://github.com/AMDESE/linux. AMDESE. qemu. https://github.com/AMDESE/qemu. J. Daemen and V. Rijmen. The Design of Rijndael. Springer-Verlag, Berlin, Heidel- berg, 2002. T. W. David Kaplan, Jeremy Powell. AMD MEMORY ENCRYPTION, Oc- tober 2021. https://www.amd.com/content/dam/amd/en/documents/ epyc-business-docs/white-papers/memory-encryption-white-paper. pdf. D.Gruss,C.Maurice,K.Wagner,andS.Mangard.Flush+Flush:AFastandStealthy Cache Attack. In Proceedings of the 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment - Volume 9721, DIMVA 2016, page 279–299, Berlin, Heidelberg, 2016. Springer-Verlag. D. Gruss, R. Spreitzer, and S. Mangard. Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches. In 24th USENIX Security Symposium (USENIX Security 15), pages 897–912, Washington, D.C., Aug. 2015. USENIX Association. Y. Guo, A. Zigerelli, Y. Zhang, and J. Yang. Adversarial Prefetch: New Cross-Core Cache Side Channel Attacks. In 2022 IEEE Symposium on Security and Privacy (SP), pages 1458–1473, 2022. R. V. Hogg, E. A. Tanis, and D. L. Zimmerm. Probability and Statistical Inference. 9th Edition. Pearson, 2015. G. Irazoqui, T. Eisenbarth, and B. Sunar. Cross Processor Cache Attacks. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, page 353–364, Xi'an China, May 2016. ACM. G. Irazoqui, M. S. Inci, T. Eisenbarth, and B. Sunar. Wait a Minute! A fast, Cross-VM Attack on AES. In Research in Attacks, Intrusions and Defenses, pages 299– 319, Cham, 2014. Springer International Publishing. D. Kaplan. PROTECTING VM REGISTER STATE WITH SEV-ES, February 2017. https://www.amd.com/content/dam/amd/en/documents/epyc-business-docs/white-papers/ Protecting-VM-Register-State-with-SEV-ES.pdf. T. Kim, M. Peinado, and G. Mainar-Ruiz. STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud. In 21st USENIX Security Symposium (USENIX Security 12), pages 189–204, Bellevue, WA, Aug. 2012. USENIX Association. P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom. Spectre Attacks: Exploiting Speculative Execution. In 2019 IEEE Symposium on Security and Privacy (SP), pages 1–19, 2019. M. Li, L. Wilke, J. Wichelmann, T. Eisenbarth, R. Teodorescu, and Y. Zhang. A Systematic Look at Ciphertext Side Channels on AMD SEV-SNP. In 2022 IEEE Symposium on Security and Privacy (SP), pages 337–351, 2022. M. Li, Y. Zhang, and Z. Lin. CROSSLINE: Breaking ”Security-by-Crash” Based Memory Isolation in AMD SEV. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS ’21, page 2937–2950, New York, NY, USA, 2021. Association for Computing Machinery. M. Li, Y. Zhang, Z. Lin, and Y. Solihin. Exploiting Unprotected I/O Operations in AMD’s Secure Encrypted Virtualization. In 28th USENIX Security Symposium (USENIX Security 19), pages 1257–1272, Santa Clara, CA, Aug. 2019. USENIX Association. M. Li, Y. Zhang, H. Wang, K. Li, and Y. Cheng. CIPHERLEAKS: Breaking Constant-time Cryptography on AMD SEV via the Ciphertext Side Channel. In 30th USENIX Security Symposium (USENIX Security 21), pages 717–732. USENIX Association, Aug. 2021. M. Li, Y. Zhang, H. Wang, K. Li, and Y. Cheng. TLB Poisoning Attacks on AMD Secure Encrypted Virtualization. In Annual Computer Security Applications Conference, page 609–619, Virtual Event USA, Dec. 2021. ACM. M. Lipp, V. Hadžić, M. Schwarz, A. Perais, C. Maurice, and D. Gruss. Take A Way: Exploring the Security Implications of AMD’s Cache Way Predictors. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS ’20, page 813–825, New York, NY, USA, 2020. Association for Computing Machinery. S. Liu, S. Kanniwadi, M. Schwarzl, A. Kogler, D. Gruss, and S. Khan. Side-Channel Attacks on Optane Persistent Memory. In 32nd USENIX Security Symposium (USENIX Security 23), pages 6807–6824, Anaheim, CA, Aug. 2023. USENIX Association. S. Mangard, E. Oswald, and T. Popp. Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer-Verlag, Berlin, Heidelberg, 2007. M. Morbitzer, S. Proskurin, M. Radev, M. Dorfhuber, and E. Q. Salas. SEVerity: Code Injection Attacks against Encrypted Virtual Machines. In 2021 IEEE Security and Privacy Workshops (SPW), pages 444–455, 2021. D. Mukhopadhyay and R. S. Chakraborty. Hardware security: design, threats, and safeguards. CRC Press, 2015. P. Pessl, D. Gruss, C. Maurice, M. Schwarz, and S. Mangard. DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks. In 25th USENIX Security Symposium (USENIX Security 16), pages 565–581, Austin, TX, Aug. 2016. USENIX Association. A. Rane, C. Lin, and M. Tiwari. Raccoon: Closing Digital Side-Channels through Obfuscated Execution. In 24th USENIX Security Symposium (USENIX Security 15), pages 431–446, Washington, D.C., Aug. 2015. USENIX Association. B. Schluter, S. Sridhara, A. Bertschi, and S. Shinde. WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP. In 2024 IEEE Symposium on Security and Privacy (SP), pages 4220–4238, Los Alamitos, CA, USA, May 2024. IEEE Computer Society. The OpenSSL Project. OpenSSL: The Open Source toolkit for SSL/TLS. www.openssl.org, April 2003. tianocore. edk2. https://github.com/tianocore/edk2. V. van der Veen and B. Gras. DramaQueen: Revisiting Side Channels in DRAM. In Workshop on DRAM Security (DRAMSec), 2023. W. Wang, M. Li, Y. Zhang, and Z. Lin. PwrLeak: Exploiting Power Reporting Interface for Side-Channel Attacks on AMD SEV. In Detection of Intrusions and Malware, and Vulnerability Assessment, volume 13959 of Lecture Notes in Computer Science, page 46–66, Cham, 2023. Springer Nature Switzerland. L. Wilke, J. Wichelmann, M. Morbitzer, and T. Eisenbarth. SEVurity: No Security Without Integrity: Breaking Integrity-Free Memory Encryption with Minimal Assumptions. In 2020 IEEE Symposium on Security and Privacy (SP), pages 1483– 1496, 2020. L. Wilke, J. Wichelmann, A. Rabich, and T. Eisenbarth. SEV-Step: A Single-Stepping Framework for AMD-SEV. IACR Transactions on Cryptographic Hardware and Embedded Systems, 2024(1):180–206, Dec. 2023. Z. Wu, Z. Xu, and H. Wang. Whispers in the hyperspace: High-speed covert channel attacks in the cloud. In 21st USENIX Security Symposium (USENIX Security 12), pages 159–173, Bellevue, WA, Aug. 2012. USENIX Association. Y. Xu, W. Cui, and M. Peinado. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. In 2015 IEEE Symposium on Security and Privacy, pages 640–656, 2015. Y. Yarom and K. Falkner. FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack. In 23rd USENIX Security Symposium (USENIX Security 14), pages 719–732, San Diego, CA, Aug. 2014. USENIX Association. R. Zhang, L. Gerlach, D. Weber, L. Hetterich, Y. Lü, A. Kogler, and M. Schwarz. CacheWarp: Software-based fault injection using selective state reset. In 33rd USENIX Security Symposium (USENIX Security 24), pages 1135–1151, Philadelphia, PA, Aug. 2024. USENIX Association. Z. N. Zhao, A. Morrison, C. W. Fletcher, and J. Torrellas. Binoculars: Contention-Based Side-Channel Attacks Exploiting the Page Walker. In 31st USENIX Security Symposium (USENIX Security 22), pages 699–716, Boston, MA, Aug. 2022. USENIX Association.	-
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/96460	-
dc.description.abstract	為了支援加密的虛擬機器，AMD 提供 Secure Encrypted Virtualization（SEV）功能。在 SEV 中， CPU cache 含有未加密的資料，SEV 藉由在 cache lines 加上標籤來隔離不同 address space identifiers（ASIDs）的實體的 cache 存取。我們逆向了支援 SEV 的 AMD EPYC 處理器，發現存取不同標籤的 cache lines 會觸發 cache flush。另外，我們發現在不同 AISDs 的實體並行執行 memory 存取時會有 memory contention 的行為，無論 cache 是否啟用。我們的發現適用於所有版本的 SEV，包含 SEV，SEV-ES，以及 SEV-SNP。針對 cache flush 以及 memory contention 的行為，我們分別構造出兩種 Reload+Reload（RR）attacks：Reload+Reload-flush-set（RRFS）以及 Reload+Reload-memory-block（RRMB）。為了展現出 hypervisor 使用 RR attacks 攻擊 VMs 的可行性，我們使用 RRFS 作為 Spectre attack 中的隱蔽通道來洩漏出機密資訊，此外，我們使用 RRMB 破解出 AES-128 的密鑰。	zh_TW
dc.description.abstract	AMD provides the Secure Encrypted Virtualization (SEV) extension to support encrypted virtual machines (VMs). In SEV, CPU caches contain unencrypted VM data. SEV tags cache lines to isolate cache accesses from different entities with their unique address space identifiers (ASIDs). In this work, we reverse-engineered AMD EPYC processor with SEV support. We found that access to cache lines with a mismatched tag triggers cache flushing. We also discovered memory contention behaviors when entities with different ASIDs concurrently access the same memory region, independent of cache configuration (enabled/disabled). Our findings apply to all versions of SEV, including SEV, SEV-ES, and SEV-SNP. We formulated two Reload+Reload (RR) attacks based on respectively to the flushing and contention behaviors: Reload+Reload-flush-set (RRFS) and Reload+Reload-memory-block (RRMB). We demonstrated the feasibility of a hypervisor carrying out RR attacks against its hosted VMs. We used RRFS to build a covert channel for a Spectre attack against a SEV VM to leak secret data. Additionally, we used RRMB to extract the AES-128 secret key from a SEV VM.	en
dc.description.provenance	Submitted by admin ntu (admin@lib.ntu.edu.tw) on 2025-02-18T16:14:29Z No. of bitstreams: 0	en
dc.description.provenance	Made available in DSpace on 2025-02-18T16:14:29Z (GMT). No. of bitstreams: 0	en
dc.description.tableofcontents	致謝 iii 摘要 v Abstract vii Contents ix List of Figures xi Chapter 1 Introduction 1 Chapter 2 Background 5 2.1 AMD Secure Encrypted Virtualization 5 2.2 Caches 6 Chapter 3 Reverse-Engineering Cache Flush Effect 7 3.1 Experimental Setup 7 3.2 Cache Flush Experiment 8 3.3 Discussion 11 Chapter 4 Contention-based Memory Side Channel 13 4.1 Single Memory Block Experiment 13 4.2 Multiple Memory Blocks Experiment 16 4.3 Remarks 17 Chapter 5 Attack 19 5.1 Threat Model 19 5.2 Locating SPA of the Target Data 20 5.3 Attack Formulation 21 5.3.1 Reload+Reload-flush-set (RRFS) Attack 21 5.3.2 Reload+Reload-memory-block (RRMB) Attack 22 Chapter 6 Case Studies 25 6.1 AES Attack 25 6.1.1 Attack Overview 25 6.1.2 Employing RRMB 27 6.1.3 Evaluation 30 6.2 Spectre Attack 31 6.2.1 Employing RRFS 31 6.2.2 Evaluation 32 Chapter 7 Discussion 33 7.1 Covert Channel Performance 33 7.2 Noise Resilience 35 Chapter 8 Related Work 37 Chapter 9 Countermeasures 39 Chapter 10 Conclusion 41 Reference 43	-
dc.language.iso	en	-
dc.subject	快取	zh_TW
dc.subject	記憶體競爭	zh_TW
dc.subject	旁通道攻擊	zh_TW
dc.subject	逆向工程	zh_TW
dc.subject	AMD SEV	zh_TW
dc.subject	Memory Contention	en
dc.subject	AMD SEV	en
dc.subject	Reverse-Engineering	en
dc.subject	Side-channel Attacks	en
dc.subject	Cache	en
dc.title	Reload+Reload：利用 AMD SEV 上的快取及記憶體旁通道	zh_TW
dc.title	Reload+Reload: Exploiting Cache and Memory Contention Side Channel on AMD SEV	en
dc.type	Thesis	-
dc.date.schoolyear	113-1	-
dc.description.degree	碩士	-
dc.contributor.oralexamcommittee	陳君朋;吳家麟;雷欽龍;黃俊穎	zh_TW
dc.contributor.oralexamcommittee	Jiun-Peng Chen;Ja-Ling Wu;Chin-Laung Lei;Chun-Ying Huang	en
dc.subject.keyword	AMD SEV,逆向工程,旁通道攻擊,快取,記憶體競爭,	zh_TW
dc.subject.keyword	AMD SEV,Reverse-Engineering,Side-channel Attacks,Cache,Memory Contention,	en
dc.relation.page	50	-
dc.identifier.doi	10.6342/NTU202500283	-
dc.rights.note	同意授權(限校園內公開)	-
dc.date.accepted	2025-02-06	-
dc.contributor.author-college	電機資訊學院	-
dc.contributor.author-dept	資訊工程學系	-
dc.date.embargo-lift	2026-02-05	-
顯示於系所單位：	資訊工程學系

文件中的檔案：

檔案	大小	格式
ntu-113-1.pdf 授權僅限NTU校內IP使用（校園外請利用VPN校外連線服務）	2.64 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。