MileSan: Detecting μ-Architectural Leakage via Differential HW/SW Taint Tracking

Summary

TL;DR MileSan is an RTL sanitizer that detects arbitrary exploitable information leakage by checking for the architecturally-observable differences between architectural and microarchitectural information flows. We built RandOS, a fuzzer that employs MileSan for program generation and leakage detection, and found 19 new leakages (of which 13 were assigned CVEs) across 5 RISC-V CPUs. Below is a video of RandOS discovering leakage using MileSan: VIDEO Motivation Microarchitectural performance optimizations introduce information flows inside CPU implementations that exceed those defined by the Instruction Set Architecture (ISA). Microarchitectural vulnerabilities, such as constant-time violations and various classes of transient execution attacks, are subsets of these excessive information flows. We observe that an exploitable microarchitectural leakage is an excessive information flow that can affect the time it takes for the CPU to execute a particular instruction, creating a timing covert channel. We thus desing MileSan, the first RTL sanitizer that detects exploitable microarchitectural leakage by checking for the architecturally-observable differences between architectural and microarchitectural information flows. The Overfitting Problem Existing pre-silicon microarchitectural fuzzers overfit in three fundamental ways: They overfit to particular microarchitectural structures by manually tagging the ones where information may leak from or to. The former misses out on other leaky structures, the latter may result in detecting unexploitable cases of information leakage. They overfit to particular vulnerabilities by bootstrapping program generation with seeds that trigger known vulnerabilities. They consequently fail to generate test cases that are sufficiently different to trigger new vulnerabilities. They overfit to particular classes of vulnerabilities by basing program generation on suitable templates. As such, they cannot trigger vulnerabilities that do not match...