A Little Less Speculation, a Little More Action: A Deep Dive into Fuchsia's Mitigations for Specific CPU Side-Channel Attacks

Conference:  BlackHat USA 2020



The presentation discusses the challenges of building a secure operating system in a world where architectural manuals provide less information. It highlights the mitigations implemented in the Zircon microkernel to address speculative execution side-channel vulnerabilities and introduces Safe Side, an open-source suite of programs to test side-channel mitigations.
  • Building a secure operating system is challenging due to the lack of information provided by architectural manuals
  • Mitigations have been implemented in the Zircon microkernel to address speculative execution side-channel vulnerabilities
  • Safe Side is an open-source suite of programs that can be used to test side-channel mitigations
  • Reading everything from reputable sources, looking at what Linux does, and testing are the three tactics found to be most effective in building mitigations
The speaker emphasizes the importance of testing mitigations, as it is often uncommon. Safe Side, an open-source suite of programs, was developed to test side-channel mitigations. The tests have already found impactful bugs, including a failure in Linux's mitigation for Spectre Variant 2 that broke isolation between Chrome renderer processes.


We know the story by now: researchers find a new side-channel attack and disclose it under embargo. Vendors build patches and ship them. We read about it on $TechSite and move on.But what happens if you show up after the party's over and want to understand and mitigate these problems in your own codebase? That's the problem faced by the Fuchsia team at Google, which is building a new open-source operating system based on a microkernel called Zircon. Fuchsia needs to handle user, kernel, and hypervisor attacks across x86 and ARM processors.In this talk, we will walk through how the Fuchsia team enumerated existing CPU side-channels, explored how they are mitigated in well-known operating systems, and undertook the engineering work of applying these mitigations to Fuchsia. We will also describe how Fuchsia is testing those mitigations to make sure they keep working.