[ad_1]
Researchers from Google investigating the scope and impact of the specter of attackers and analysts who have identified the specter-like vulnerabilities that are likely to be a feature of the processors, and further, that software-based techniques for high-performance performance cost. In any case, the researchers continue, the software will be inadequate-some specter flaws do not appear to have any effective software-based defense. As such, Specter is going to be a feature of the computing landscape, with no straightforward resolution.
The discovery and development of the Meltdown and Specter attacks was undoubtedly the big security story of 2018. First revealed last January, new variants and related discoveries have been made throughout the rest of the year. Both approaches rely on discrepancies between the theoretical and the architectural behavior of a processor-the documented behavior that programs depend on their programs against-and the real behavior of implementations.
Specifically, modern processors perform speculative execution; they make assumptions about, for example, yew condition is true or false, and they allow their execution to run ahead based on these assumptions. If the assumptions are correct, the speculated results are kept; if it is not, the speculated results are discarded and the processor redoes the calculation. Speculative execution is not an architectural feature of the processor; it's a feature of implementations, and so it's supposed to be entirely invisible to running programs. When the discarded the speculation, it should be as if the speculation never happened.
Footsteps left behind
What the Meltdown and Specter Researchers find is that the speculative execution is not entirely invisible and that, when the processor discards the speculated results, some evidence of the bad speculation is left behind. For example, speculation can change the data held in the processor's cache. Can detect these changes by measuring the time to read values from memory.
With careful construction, an attacker can make the processor speculate based on some value of interest and use the cache changes to disclose what speculated value actually was. JavaScript is used as a proxy for this Web browser, and can be used in the context of a malicious code. Browser developers have assumed that they can build safe sandboxes within the browser process. Architecturally, those assumptions are sound. But reality has Specter, and it blows those assumptions out of the water.
The Meltdown attack, faced by chips from Intel, Apple, and other manufacturers building some standard ARM designs, was a particularly nasty variant of this. It has a malicious program to extract data from the operating system kernel. In the immediate aftermath of the discovery of Meltdown, changes were made to operating systems of most of their data from these malicious programs. Intel has made specific changes to its processors to address Meltdown, so its most recent processors no longer need to activate these operating-system changes.
An apt name
But Specter – which is best thought of as a particular style of attack, with many different variants and iterations-has proven more insidious. A variety of technical techniques has been devised to prevent the processor from executing sensitive data speculatively or limiting the information that can be disclosed through speculative execution.
Google's research found that these software measures leave a lot to be desired. Some measures, such as blocking all speculation after loading the values of memory, The JavaScript Engineers from Chrome, and indiscriminate use of this technique made performance drop to one third and one fifth of what it was without mitigation. Other mitigations were less punitive-for example, protecting array accesses from a certain kind of disclosure had a 10 percent performance cost.
But in every case there are trade-offs; No mitigation protected against all Variant variants, so it is a mix of techniques that can be used indiscriminately, there is a big challenge in even where mitigations should be applied. Moreover, Google devised a general-purpose specter-family attack that could not be defeated with any of the known mitigation techniques.
An important element of Spectrum attacks is a timing system to measure those cache changes. One of the ideas that people have had to do. The working theory is that, if you need to measure differences that are a few nanoseconds in length, a clock that has a resolution of, say, milliseconds will be too coarse. The researchers devised a technique for amplifying small timing differences, and this amplification can be used to make the timers coarser.
No end in sight
As such, the company concluded that we can not depend on software fixed to guard against Specter. Hardware mitigation may be possible, but this is presently an open question-unlike Meltdown, which has a clear resolution, Specter seems to be far more intrinsic to speculative execution. And speculative execution is not much of an option; it's a feature of every high-performance processor, and with good reason-it provides a substantial performance advantage.
For now, then, applications that will try to build secure environments are made by hardware-the protection between processes. For example, Chrome has been changed to not allow content from multiple domains to run within the same process. This still does not protect the Chrome sandbox itself, but it does not mean that it can not attack content from other domains.
All in all, the research shows that Specter was aptly named. It's going to haunt both software and hardware developers for years to come, and there's no clear end in sight.
[ad_2]
Source link