Prevent Speculative Leaks – Norbert Manthey & Michael Kurth, Amazon Web Services
Prevent Speculative Leaks – Norbert Manthey & Michael Kurth, Amazon Web Services
In 2018, the speculative execution vulnerabilities CVE-2017-5753 (Spectre V1) and CVE-2017-575 (Meltdown) have become public. Since then, several other vulnerabilities have been revealed. For each vulnerability, mitigations have been proposed which allow to securely isolate hypervisor secret data from guests. As reported in XSA 289, several vulnerabilities can be chained to leak sensitive data. To mitigate the vulnerability chain, speculative barriers have to be placed in the hypervisor code. In this presentation, we will revisit the vulnerabilities and explain why some mitigations are not good enough to prevent data leakage. In Linux, the smatch tool allows to report code snippets that might allow to speculatively leak data. We extended the smatch tool to find issues of the same type in Xen’s code base. We will present code examples that have been identified with this tool for XSA 289.
For more info about the Xen Project, which is focused on advancing virtualization in a number of different commercial and open source applications, including server virtualization, Infrastructure as a services (IaaS), desktop virtualization, security applications, embedded and hardware appliances, and automotive/aviation, see: https://xenproject.org/ or for more videos.
by The Xen Project
linux foundation
