Boffins split on whether Spectre fix needs tweaked hardware

It's not like a recall is possible, says chip security expert


Analysis Processor security experts – including one cited in the Meltdown paper – are split on whether the resolution of the Spectre vulnerability may need to involve hardware modifications or the software defences being rolled out are adequate.

The Meltdown vulnerability, which by contrast is already comprehensively defended against, could become the focus of malware attacking the operations of processors on unpatched systems, experts warn.

"The theory behind Spectre and Meltdown is hard to understand," according to Anders Fogh, a security researcher at G-Data and expert in processor security. "If it was used in the past it was only in advanced attacks. Now that research has been released, Meltdown is likely to be abused by commodity malware relatively quickly."

Meltdown – like Spectre – is an information disclosure flaw that isn't by itself suited to remote code execution, so the concern is that it might be combined as part of other attacks and used to lift secrets such as passwords and cryptographic credentials from unpatched systems.

Meltdown is easy to exploit but relatively easy to patch. Spectre is tougher in both respects. Daniel Genkin, a postdoctoral researcher at the University of Pennsylvania and the University of Maryland, previously told El Reg that a lasting fix against Spectre would require a hardware redesign.

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

READ MORE

Fogh disputed this during a phone interview with El Reg, adding that mitigations already in place are increasing the difficulty of mounting an attack. "A processor recall is not possible anyway," he said. "The next step is getting customers to adopt patches."

Werner Haas, CTO at Cyberus Technology and a member of one of the three teams that independently discovered and reported Meltdown, told El Reg that achieving comprehensive protection against Spectre is far from straightforward and likely to involve an "ongoing process" involving a combination of software fixes and hardware modifications.

"The [Spectre] attack scenario is not as simple as user code reading kernel data, as it is conceivable to have cross-application attacks without OS involvement," Haas said. "On the other hand, branch prediction or speculation is such an integral part of high-performance CPUs that I lack the fantasy for a straightforward micro-architectural fix.

"So a generic solution as with Meltdown (either fix protection information processing in the pipeline, or change virtual memory handling in the OS) seems unlikely. As a consequence, I expect combined hardware/software mitigations with the caveat that plugging Spectre holes might become an ongoing process."

Defending against Spectre will involve trade-offs beyond the already widely reported processor performance hits, Haas added.

"I suspect we will see a compromise between legacy software support, energy efficiency goals, and security requirements. The three new capabilities (= MSRs) announced by Intel smell like testability features that help address some of the issues immediately. As such they are probably not ideally suited to counter Spectre attacks. Longer term, I wish there was a broader discussion on what kind of Branch Prediction Unit control would be useful."

Haas laments that security in processor design was not baked in from the beginning – expressing nostalgia for the days of RISC processor development.

"Generally speaking, I am a bit worried that security has been an afterthought with current designs. It might be top priority now but originally, security was more like nice-to-have. I dream (and made suggestions) of an architecture with security in its genes and thus closely follow the RISC-V development."

Chip vendor response scorecard

Anders Fogh was among the first to probe the security issues involved in speculative execution by modern processors and is an expert in the area even though he didn't directly contribute to either the Meltdown or Spectre research papers. He praised the response by vendors as "heroic".

"The response has been amazing both in terms of handling the complexity of the disclosure process and in getting patches out in time," Fogh told El Reg.

Vendor security staff as well as researchers deserve to be considered "heroes" who worked over many months since last June, skipping holidays in the process, to get mitigations out early in the new year. Many are now "all too understandably tired", Fogh reports.

Haas said the disclosure process had been less than ideal but praised Intel and ARM's overall response.

"Complaints about keeping the issues secret for too long do not take into account that the Meltdown patches were finalised only recently so we would have had tons of computers without protection for an extended period of time.

"I disapprove the secrecy with respect to implementation details, though. I know that there are trade secrets involved but on the other hand, at Cyberus Technology, we are forced to spend considerable resources on reverse engineering where we would prefer focusing on the solution space. There has to be a way to work jointly together instead of the one-way flow of information we experienced in our interaction with Intel."

Intel, Microsoft confess: Meltdown, Spectre may slow your servers

READ MORE

Haas is far more critical of AMD's handling of the problem.

"AMD's reaction has been a complete disappointment. I still have not figured out whether I should feel insulted by their claim about 'a highly knowledgeable team with detailed, non-public information about the processors targeted'.

"Well, of course we feel flattered by the first part, but I strongly reject the notion that we at Cyberus used any kind of internal details from our previous jobs at Intel! And calling 'Information Security is a Priority' while discounting the research findings three sentences later does not quite match in my eyes."

The Cyberus team's Meltdown discovery started as a hobby project at the security startup. Haas predicts Meltdown may inspire others to look for processor security flaws while noting that this work was already under way before the Meltdown/Spectre revelations.

"I would argue that it does not require Meltdown to motivate looking into low-level attacks," Haas said. "Just look at recent attacks against Intel's Management Engine or AMD's Platform Security Processor. But I do expect additional interest in exploring the corners of x86 execution. Successful research, however, likely requires more insight into the inner workings of a CPU than many security people have." ®

Similar topics

Broader topics


Other stories you might like

  • GPL legal battle: Vizio told by judge it will have to answer breach-of-contract claims
    Fine-print crucially deemed contractual agreement as well as copyright license in smartTV source-code case

    The Software Freedom Conservancy (SFC) has won a significant legal victory in its ongoing effort to force Vizio to publish the source code of its SmartCast TV software, which is said to contain GPLv2 and LGPLv2.1 copyleft-licensed components.

    SFC sued Vizio, claiming it was in breach of contract by failing to obey the terms of the GPLv2 and LGPLv2.1 licenses that require source code to be made public when certain conditions are met, and sought declaratory relief on behalf of Vizio TV owners. SFC wanted its breach-of-contract arguments to be heard by the Orange County Superior Court in California, though Vizio kicked the matter up to the district court level in central California where it hoped to avoid the contract issue and defend its corner using just federal copyright law.

    On Friday, Federal District Judge Josephine Staton sided with SFC and granted its motion to send its lawsuit back to superior court. To do so, Judge Staton had to decide whether or not the federal Copyright Act preempted the SFC's breach-of-contract allegations; in the end, she decided it didn't.

    Continue reading
  • US brings first-of-its-kind criminal charges of Bitcoin-based sanctions-busting
    Citizen allegedly moved $10m-plus in BTC into banned nation

    US prosecutors have accused an American citizen of illegally funneling more than $10 million in Bitcoin into an economically sanctioned country.

    It's said the resulting criminal charges of sanctions busting through the use of cryptocurrency are the first of their kind to be brought in the US.

    Under the United States' International Emergency Economic Powers Act (IEEA), it is illegal for a citizen or institution within the US to transfer funds, directly or indirectly, to a sanctioned country, such as Iran, Cuba, North Korea, or Russia. If there is evidence the IEEA was willfully violated, a criminal case should follow. If an individual or financial exchange was unwittingly involved in evading sanctions, they may be subject to civil action. 

    Continue reading
  • Meta hires network chip guru from Intel: What does this mean for future silicon?
    Why be a customer when you can develop your own custom semiconductors

    Analysis Here's something that should raise eyebrows in the datacenter world: Facebook parent company Meta has hired a veteran networking chip engineer from Intel to lead silicon design efforts in the internet giant's infrastructure hardware engineering group.

    Jon Dama started as director of silicon in May for Meta's infrastructure hardware group, a role that has him "responsible for several design teams innovating the datacenter for scale," according to his LinkedIn profile. In a blurb, Dama indicated that a team is already in place at Meta, and he hopes to "scale the next several doublings of data processing" with them.

    Though we couldn't confirm it, we think it's likely that Dama is reporting to Alexis Bjorlin, Meta's vice president of infrastructure hardware who previously worked with Dama when she was general manager of Intel's Connectivity group before serving a two-year stint at Broadcom.

    Continue reading
  • Lithium production needs investment to keep pace with battery demand
    Report says $42b will need to be poured into industry over next decade

    Growing demand for lithium for batteries means the sector will need $42 billion of investment to meet the anticipated level of orders by the end of the decade, according to a report.

    Lithium is used in batteries that power smartphones and laptops, but there is also rising use in electric vehicles which is putting additional pressure on supplies.

    The report, Benchmark Mineral Intelligence, predicts that demand will reach 2.4 million tons of lithium carbonate equivalent by 2030, roughly four times the 600,000 tons of lithium forecast to be produced this year.

    Continue reading
  • Cars in driver-assist mode hit a third of cyclists, all oncoming cars in tests
    Still think we're ready for that autonomous future?

    Autonomous cars may be further away than believed. Testing of three leading systems found they hit a third of cyclists, and failed to avoid any oncoming cars.

    The tests [PDF] performed by the American Automobile Association (AAA) looked at three vehicles: a 2021 Hyundai Santa Fe with Highway Driving Assist; a 2021 Subaru Forester with EyeSight; and a 2020 Tesla Model 3 with Autopilot.

    According to the AAA, all three systems represent the second of five autonomous driving levels, which require drivers to maintain alertness at all times to seize control from the computer when needed. There are no semi-autonomous cars generally available to the public that are able to operate above level two.

    Continue reading

Biting the hand that feeds IT © 1998–2022