Flip Feng Shui:Hammering a Needle in the Software Stack
Kaveh Razavi Ben Gras Erik BosmanBart Preneel1 Cristiano Giuffrida Herbert Bos
August 10, 2016
1
Teaser
I OpenSSH compromise
I apt-get compromise by GPG signature forgery
I No software bug
I Weak assumptions
I Demo!
1
Contribution
Flip Feng Shui is a novel exploitation structure
I Hardware glitch
I Memory massaging primitive
Makes the glitch
I Easy to target precisely
I Reliable
We demonstrate FFS = Rowhammer + Memory Deduplication
2
Outline
Flip Feng Shui At Work
Flip Feng Shui Mechanics
OpenSSH Attack
GPG/APT Updates Attack Demo
Notification, Conclusion & Further Resources
3
Outline
Flip Feng Shui At Work
Flip Feng Shui Mechanics
OpenSSH Attack
GPG/APT Updates Attack Demo
Notification, Conclusion & Further Resources
4
Outline
Flip Feng Shui At Work
Flip Feng Shui Mechanics
OpenSSH Attack
GPG/APT Updates Attack Demo
Notification, Conclusion & Further Resources
5
Outline
Flip Feng Shui At Work
Flip Feng Shui Mechanics
OpenSSH Attack
GPG/APT Updates Attack Demo
Notification, Conclusion & Further Resources
6
Outline
Flip Feng Shui At Work
Flip Feng Shui Mechanics
OpenSSH Attack
GPG/APT Updates Attack Demo
Notification, Conclusion & Further Resources
7
Section 1
Flip Feng Shui At Work
8
Flip Feng ShuiI Flip one bit per page in a co-hosted victim VM
I Whenever you know its contents
I Organised bitflip
I DRAM glitch
I Breaks CPU virtualization isolation
9
Section 2
Flip Feng Shui Mechanics
10
Flip Feng Shui Mechanics
I Co-hosted VMs
I Memory deduplication
I Rowhammer
I RSA
11
Memory deduplication
12
Memory deduplication
13
Memory deduplication
14
Memory deduplication
15
Memory deduplication
16
Rowhammer
I Causes charge to leak in DRAM
I DRAM row activations cause flips
17
Rowhammer
I Causes charge to leak in DRAM
I DRAM row activations cause flips
18
Rowhammer
I Causes charge to leak in DRAM
I DRAM row activations cause flips
19
Rowhammer
I Causes charge to leak in DRAM
I DRAM row activations cause flips
20
Rowhammer
I Causes charge to leak in DRAM
I DRAM row activations cause flips
21
Rowhammer
I Causes charge to leak in DRAM
I DRAM row activations cause flips
22
Rowhammer
I Causes charge to leak in DRAM
I DRAM row activations cause flips
23
Rowhammer
I Causes charge to leak in DRAM
I DRAM row activations cause flips
24
Rowhammer
I Causes charge to leak in DRAM
I DRAM row activations cause flips
25
Memory deduplication + Rowhammer = FFS
26
Memory deduplication + Rowhammer = FFS
27
Memory deduplication + Rowhammer = FFS
28
Memory deduplication + Rowhammer = FFS
I FFS breaks COW
29
RSA
I Public key cryptosystem
I Two keys: public and private
I Compute secret private from factorization
30
FFS - What now?Break weakened RSA.
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
0 10 20 30 40 50
Fact
ori
zati
on S
ucc
ess
Pro
babili
ty
Available Templates
1024-bit Moduli2048-bit Moduli4096-bit Moduli
31
Section 3
OpenSSH Attack
32
authorized keys file
Looks like this:ssh -rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXy7MdVToVAvKB0/Xven/kqBzfRZm+GITl6sB0u+Aa3/ UTC3x+eKjB2jf +48 kTP7AvsdbSwg9Q5upN77xX3mNGwwj1RUQpOPPc99XH09M84iCydE +9 smYseySfbJQnrov5Ricz2Z18Neuy5ZUH/Ldrf1NSwWoo5NZL6tj0E9JvZurMPPk2EqEyHltEFC6OetJwEfaPq9kOglmzFtBWLHR4dF1796JeVkFiWcmMaykAoN+JRF2nMlayPlUxdWR0JwxZ2cJ9la/QLXvv8x0tsORGP9ZG5BWqOcD781evuSS3i91BNg6Osl7mlxo6Mc3oUbew/7 ddV08WjdRBn7iQF9WN beng@mymachine
I RSA public key
I Attacker writes this to memory
I We need the private key
33
OpenSSH FFS attack
34
OpenSSH FFS attack
35
OpenSSH FFS attack
36
OpenSSH FFS attack
37
OpenSSH Attack
0
0.2
0.4
0.6
0.8
1
0 2 4 6 8 10 12
CD
F
Attack time (mins)
successful attacks
I Could retry
38
Section 4
GPG/APT Updates Attack Demo
39
GPG/APT Updates
I With FFS we flip /etc/apt/sources.list
I With FFS we flip /etc/apt/trusted.gpg
I Use computed private key
I Long term RSA Ubuntu signing keys
40
Section 5
Notification, Conclusion & Further
Resources
41
NotificationI Notified: Red Hat, Oracle, Xen, VMware, Debian,
Ubuntu, OpenSSH, GnuPG, some hosting companies
I Thank you NCSC
I GnuPG commit
42
Conclusion
I Flip Feng Shui breaks isolation
I Co-hosting VMs is risky
I Disable memory dedup
https://www.vusec.net/projects/flip-feng-shui
43