How Spectre Mitigations Affect Real-Time Capabilities of Virtualized Mixed-Criticality Systems on Modern AMD Processors

  • Type: Bachelor thesis
  • State: finished
  • Supervisor: Ralf Ramsauer
  • Student: Andrej Utz
  • Submission date: 09. Aug 2019

Introduction

With the disclosure of the Spectre hardware vulnerabilities the guarantee for data boundaries inside the modern microprocessors, and therefore their computational ’Root of Trust’, was lost. The caches of a Central Processing Unit (CPU) can be abused to leak sensitive information [1]. Depending on the Spectre variant, a local attacker can extract data from an application, kernel or hypervisor. Because Spectre exploits speculative execution, a vital feature for high performance of modern CPUs, a fix needs to happen in the hardware design phase and will probably take years. Software fixes are required to mitigate those exploit in order to protect data that is processsed inside billions of vulnerable CPUs in the field. These mitigations have already been implemented for most common CPU architectures and operating systems (OSs). However, they often come at a performance cost of up to 25%, depending on the type of workload [2]. Since their integration into OSs, many benchmark results were published which show that cost in real world scenarios. Benchmarks mostly focused concentrated on consumer spaces or data centers, more critical environments, like industrial systems with real-time requirements, were mostly neglected.

With the rise of Industry 4.0 and Internet of Things (IoT), a significant number of machines – industrial, scientific or in public transport – require increasingly more interconnection and sophisticated control. Additionally, those machines many of those components require real-time capabilities. Integrating Human-Machine Interfaces (HMIs) introduces soft real-time hardware components, thus creating a mixed-criticality system. The ubiquity of microchips with Symmetric Multiprocessing (SMP) makes consolidation of hardware components with various criticality levels into a single System-on-a-Chip (SoC) possible by using virtualized environments. Beside efficiency, single-target development and reduced production cost, a virtualized system allows hardware partitioning and coexistence between a general purpose OS and bare-metal applications. The use of speculative execution to meet performance requirements, their safety role in everyday life and the openness due to inter-networking considerably mark them as excellent targets for attacks using Spectre. As such, the mitigation of those attacks by system software may be inevitable, but in doing so, the real-time capabilities, and therefore safety, is endangered. This thesis evaluates the impact of the mitigations on real-time systems.

References

[1] Yuval Yarom and Katrina Falkner. “FLUSH+ RELOAD: a high resolution, low noise, L3 cache side-channel attack”. In: 23rd USENIX Security Symposium (USENIX Security 14). 2014, pp. 719–732.

[2] Michael Larabel. Spectre/Meltdown/L1TF/MDS Mitigation Costs On An Intel Dual Core + HT Laptop. Phoronix Media. 2019-05-21. url: https://www.phoronix.com/scan.php?page=news_item&px=Spec-Melt-L1TF-MDS-Laptop-Run (visited on 2019-07-25).