# Hardware is the New Software: Finding Exploitable Bugs in Hardware Designs **Hardware Security @ UNC** Cynthia Sturton Allows user applications to access operating system memory #### Spectre Almost every modern processor is affected #### Foreshadow Can expose the cryptographic keys that protect the integrity of SGX enclaves [Date Prey] [Date Next] [Thread Prey] [Thread Next] [Date Index] [Thread Index] #### [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading - To: debian-user@lists.debian.org, debian-devel@lists.debian.org - · Subject: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading - From: Henrique de Moraes Holschuh < hmh@debian.org> - Date: Sun, 25 Jun 2017 09:19:36 -0300 #### The Cyrix 6x86 Coma Bug #### The Pentium F00F Bug by Robert R. Collins #### Hypervisor headaches: Hosts hosed by x86 exception bugs Microsoft, Xen, KVM et al need patches By Richard Chirgwin 13 Nov 2015 at 04:56 16 SHARE ▼ Various hypervisors and operating systems are scrambling to patch [Date Prey] [Date Next] [Thread Prey] [Thread Next] [Date Index] [Thread Index] #### [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading - To: debian-user@lists.debian.org, debian-devel@lists.debian.org - · Subject: [WARNING] Intel Skylake/Kaby Lake processors: broken hyper-threading - From: Henrique de Moraes Holschuh < hmh@debian.org> - Date: Sun, 25 Jun 2017 09:19:36 -0300 #### The Cyrix 6x86 Coma Bug #### The Pentium F00F Bug by Robert R. Collins 1997 #### Hypervisor headaches: Hosts hosed by x86 exception bugs Microsoft, Xen, KVM et al need patches By Richard Chirgwin 13 Nov 2015 at 04:56 16 SHARE ▼ Various hypervisors and operating systems are scrambling to patch 1998 ### Software Security - Buffer overflow - Integer overflow - Format string - SQL injection - Directory crawling - Cross-site scripting - Cross-site request forgery ### Software Security - Buffer overflow - Integer overflow - Format string - SQL injection - Directory crawling - Cross-site scripting - Cross-site request forgery - → stack smashing - → heap overflow - → return to libC - return oriented programming - jump oriented programming ## SAGE # fuzzing # program analysis # secure languages ### Hardware Security - Secure languages - Manual review ## Hardware Security Side channels Transient faults → Extract private keys How can we identify vulnerabilities and their exploits in hardware designs? How can we identify vulnerabilities and their exploits in hardware designs? property violations How can we identify vulnerabilities and their exploits in hardware designs? executable programs code How can we identify/ vulnerabilities and their exploits in hardware designs? ``` // Internal wires and regs wire [dw-1:0] from rfa; wire [dw-1:0] from_rfb; rf_addra; wire [aw-1:0] rf addrw; wire [aw-1:0] wire [dw-1:0] rf dataw; wire rf_we; 124 spr_valid; wire wire rf ena; wire rf_enb; rf_we_allow; - // Logic to restore output on RFA after debug unit has read out via SPR if. // Problem was that the incorrect output would be on RFA after debug unit // had read out - this is bad if that output is relied upon by execute // stage for next instruction. We simply save the last address for rf A and // and re-read it whenever the SPR select goes low, so we must remember // the last address and generate a signal for falling edge of SPR cs. // -- Julius // Detect falling edge of SPR select spr_du_cs; spr_cs_fe; // Track RF A's address each time it's enabled reg [aw-1:0] addra_last; always @ (posedge clk) if (rf_ena & !(spr_cs_fe | (du_read & spr_cs))) addra_last <= addra; always @ (posedge clk) spr_du_cs <= spr_cs & du_read; assign spr cs fe = spr du cs & ! (spr cs & du read); // SPR access is valid when spr cs is asserted and // SPR address matches GPR addresses assign spr valid = spr cs & (spr addr[10:5] == 'OR1200 SPR RF); // SPR data output is always from RF A 163 assign spr_dat_o = from_rfa; 164 165 🖃 // // Operand A comes from RF or from saved A register 168 assign dataa = from_rfa; 169 // Operand B comes from RF or from saved B register assign datab = from rfb; ``` # **Vulnerabilities:** An Analysis of **Exploitable Bugs** #### AMD Errata #776 ## Incorrect Processor Branch Prediction for Two Consecutive Linear Pages Under a highly specific and detailed set of internal timing conditions, the processor core may incorrectly fetch instructions Potential effect: unpredictable system behavior AMD Processors 2007–2013 28 security critical ## Classifying Exploitable Bugs # Manually Writing Security Properties Specification Documents (14): $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ **p:** Processor mode changes from low privilege to high privilege only by an exception or a reset. Specification Documents (14): $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ AMD Errata (3): $\phi$ $\phi$ Specification Documents (14): $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ AMD Errata (3): $\phi \phi \phi$ **\pi**: When a register changes, it must be specified as the target of the instruction. Specification Documents (14): $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ AMD Errata (3): $\phi \phi \phi$ Initial Evaluation (1): $\phi$ Specification Documents (14): $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ $\phi$ AMD Errata (3): $\phi \phi \phi$ Initial Evaluation (1): $\varphi$ $\varphi$ : The instruction does not change in the pipeline. # Security Property Specification #### ctrl: ### Example of Exploitable Bug ``` assign a_lt_b = comp_op[3] ? ((a[width - 1] & !b[width - 1]) | (!a[width - 1] & !b[width - 1] & result_sum[width - 1]) | (a[width - 1] & b[width - 1] & result_sum[width - 1])) : result_sum[width - 1]; ``` ## Example of Exploitable Bug ``` assign a_lt_b = comp_op[3] ? ((a[width - 1] & !b[width - 1]) | (!a[width - 1] & !b[width - 1] & result_sum[width - 1]) | (a[width - 1] & b[width - 1] & result_sum[width - 1])) : result_sum[width - 1]; (a < b);</pre> ``` 1. Known bugs → Demonstrate exploit → Security properties - 1. Known bugs → Demonstrate exploit → Security properties - 2. Machine learning → Additional security properties #### SCIFinder #### SCIFinder #### SCIFinder #### **Evaluation** How well does SCIFinder identify security properties? Will the generated properties find security vulnerabilities? #### OR1200 - 26GB trace data - 17 programs - full instruction coverage - 3 RISC architectures - processor core ## Properties Bug Driven - 54 properties from 17 bugs - 47% false discovery rate ## **Properties** #### Bug Driven - 54 properties from 17 bugs - 47% false discovery rate ### Properties #### **Bug Driven** - 54 properties from 17 bugs - 47% false discovery rate # $\begin{array}{c|c} \phi \phi \phi \\ \phi \phi \end{array}$ #### **Model Driven** - 33 additional properties - 27% false discovery rate ### Comparison to State of the Art ### Comparison to State of the Art # Finding and Exploiting Property Violations #### **Problem Statement** Given $\phi$ and a processor design • Can we find a violation of $\phi$ ? How do we reach the violating state? Can the violating state be exploited? # **Existing Tools** #### Simulation Based Testing # **Existing Tools** #### Simulation Based Testing #### **Problem Statement** Given $\phi$ and a processor design • Can we find a violation of $\phi$ ? How do we reach the violating state? Can the violating state be exploited? testing model checking ``` if (reset) count = 0; else count = count+1; if (count > 3) ERROR; ``` ``` symbolic state reset := r<sub>0</sub> count := c_0 ``` ``` if (reset) count = 0; else count = count+1; if (count > 3) ERROR; ``` ``` symbolic path condition state True reset := r<sub>0</sub> count := c_0 ``` ``` if (reset) count = 0; else count = count+1; if (count > 3) ERROR; ``` | path | symbolic | |-----------|-------------------------| | condition | state | | True | reset := r <sub>0</sub> | | | $count := c_0$ | ``` if (reset) count = 0; else count = count+1; if (count > 3) ERROR; ``` | path | symbolic | |-----------|-------------------------| | condition | state | | True | reset := r <sub>0</sub> | | | $count := c_0$ | $$r_0 = 0$$ ``` if (reset) count = 0; else count = count+1; if (count > 3) ERROR; ``` | path<br>condition | symbolic<br>state | |-------------------|--------------------------------------| | True | reset := $r_0$ count := $c_0$ | | $r_0 = 0$ | reset := $r_0$<br>count := $c_0 + 1$ | | | | ``` if (reset) count = 0; else count = count+1; if (count > 3) ERROR; ``` ``` if (reset) count = 0; else count = count+1; if (count > 3) ERROR; ``` one clock cycle #### **Backward Search** #### **Backward Search** #### **Backward Search** #### **Backward Search** instruction $i_{n-2}$ trigger: $$i_0, i_1, ..., i_{n-2}, i_{n-1}, i_n$$ If a sequence of inputs is returned, it will take the processor from the initial state to an error state. Internal and input signals are symbolic ### Coppelia ### Coppelia ### Coppelia #### Optimizations - Explore only legal instructions - Alternate depth-first and breadth-first searching - Cone of Influence analysis for slicing #### **Evaluating Optimizations** | Baseline | DFS + BFS | Cone of<br>Influence | |----------|-----------|----------------------| | > 19h | > 1.2h | 4m 12s | - Average CPU time to find bug - Considered only bugs triggerable with a single instruction #### **Evaluating Coppelia** Does Coppelia find bugs and generate their exploits? Will our approach find new bugs? • OR1200 • 31 known bugs • 31 known bugs - 35 propertiesSPECS - SecurityCheckers - SCIFinder - SPECS - SecurityCheckers - SCIFinder # Finding Bugs (ground truth: 31) - Mor1kx - PULPino - Mor1kx - PULPino #### **Properties** - SPECS - SecurityCheckers - SCIFinder - Mor1kx - PULPino **Properties** - SPECS - SecurityCheckers - SCIFinder 4 new bugs ## Finding New Bugs Mor1kx-Espresso new design PULPino-RI5CY new architecture! # Security validation of hardware designs can be done algorithmically #### Our Products So Far SCIFinder to produce security critical properties Coppelia to find and generate exploits for property violations Security properties for RISC processor designs ## Thank you Rui Zhang, Calvin Deutschbein, Natalie Stanley, Chris Griggs, Andrew Chi, Ryan Huang, Alyssa Byrnes, Matthew Hicks, Jonathan M. Smith, Sam T. King.