Since 2018, an almost endless series of attacks widely known as the Specter has prompted Intel and AMD to fight to develop defenses to mitigate vulnerabilities that allow malware to extract passwords and hack. other sensitive information directly from silicon. Now, researchers say they have developed a new attack that shatters most, if not all, of these on-chip defenses.
Specter gets its name from its abuse of speculative execution, a feature of virtually all modern processors that predicts future instructions that processors might receive, and then follows a path that instructions are likely to follow. By using code that forces a processor to execute instructions on the wrong path, Specter can extract confidential data that would have been accessed if the processor had continued on the wrong path. These feats are known as transient executions.
Since Specter was first described in 2018, new variants have appeared almost every month. In many cases, the new variants have forced chipmakers to develop new or augmented defenses to mitigate attacks.
A key Intel protection known as LFENCE, for example, prevents more recent instructions from being sent to runtime before the previous ones. Other hardware and software solutions widely known as “fencing” build digital fences around secret data to protect against transient execution attacks that would allow unauthorized access.
Researchers at the University of Virginia said last week they found a new transient execution variant that breaks virtually every on-chip defenses Intel and AMD have implemented to date. The new technique works by targeting an on-chip buffer that caches “micro-operations,” which are simplified commands derived from complex instructions. By allowing the processor to retrieve commands quickly and early in the speculative execution process, micro-op caches improve processor speed.
Researchers are the first to use the micro-ops cache as a secondary channel or as a means of observing confidential data stored in a vulnerable computer system. By measuring the timing, power consumption, or other physical properties of a targeted system, an attacker can use a secondary channel to infer data that would otherwise be prohibited.
“Micro-op caching as a secondary channel has several dangerous implications,” the researchers wrote in an academic article. “First, it bypasses all techniques that mitigate caches as secondary channels. Second, these attacks are not detected by any existing attack or malware profile. Third, because the micro-op cache is at the front of the pipeline, long before execution, some defenses that mitigate Specter and other transient execution attacks by limiting speculative cache updates remain vulnerable to micro-op cache attacks. “
The paper continues:
Most of the existing solutions based on invisible speculation and fencing aim to mask the unintended vulnerable side effects of speculative execution that occur at the backend of the processor pipeline, rather than inhibiting the source of speculation at the front. -end. This makes them vulnerable to the attack we describe, which discloses secrets that have been speculatively accessed through a front-end front-end channel, before a transient instruction has a chance to be sent for execution. This escapes a whole series of existing defenses. Additionally, due to the relatively small size of the micro-op cache, our attack is significantly faster than existing Specter variants which rely on seeding and scanning multiple cache sets to pass secret information, and is considerably more stealthy, as it uses the micro-op cache as its only disclosure primitive, introducing less data / instruction cache access, let alone failures.
There has been some setback since the researchers published their paper. Intel disagreed that the new technique shatters defenses already in place to protect against transient executions. In a statement, company officials wrote:
Intel reviewed the report and informed researchers that existing mitigation measures were not bypassed and that this scenario is addressed in our secure coding guidance. Software that follows our advice already has accidental channel protections, including the uop cache crash channel. No further mitigation or guidance is necessary.
Transient execution uses malicious code to exploit speculative execution. The exploits, in turn, bypass limit checks, authorization checks, and other security measures built into applications. Software that follows Intel’s secure encoding guidelines is resistant to such attacks, including the variant introduced last week.
Key to Intel’s advice is the use of constant-time programming, an approach where code is written to be independent of secrecy. The technique researchers introduced last week uses code that embeds secrets into predictors in the CPU branch, and as such does not follow Intel’s recommendations, a company spokesperson said. background.
AMD did not provide a response in time to be included in this article.
Another rebuff came in a blog post written by Jon Masters, an independent researcher in computer architecture. He said the document, particularly the cross-domain attack it describes, is “interesting read” and “potential concern”, but that there are ways to fix the vulnerabilities, possibly by disabling the micro cache. -operations when crossing the privilege barrier.
“The industry had a huge issue on its hands with Specter, and as a direct result, a lot of effort was put into separating privileges, isolating workloads, and using different contexts,” Masters wrote. “Some cleanup may be required in light of this latest article, but mitigating measures are available, albeit always at a cost in performance.”
Not that easy
Ashish Venkat, professor in the Department of Computer Science at the University of Virginia and co-author of last week’s article, agreed that constant-time programming is an effective way to write applications that are immune to channel attacks. secondary, including those described. by last week’s newspaper. But he said that the exploited vulnerability resides in the CPU and therefore should receive a microcode fix.
He also said that most of today’s software remains vulnerable because it doesn’t use constant-time programming, and there’s no indication when that will change. He also echoed Masters’ observation that the code approach slows down applications.
Constant-time programming, he told me, “is not only extremely difficult in terms of the actual effort of the programmer, but also involves significant deployment challenges of fixing all the sensitive software that doesn’t. have never been written. It is also generally used exclusively for small, specialized security routines due to the performance overhead. “
Venkat said the new technique was effective against all Intel chips designed since 2011. He told me that in addition to being vulnerable to the same cross-domain exploit, AMD processors are also susceptible to attack separately. It leverages the simultaneous multithreading design because the micro-op cache of AMD processors is competitively shared. As a result, attackers can create a cross-threaded secret channel that can transmit secrets with a bandwidth of 250 Kbps and an error rate of 5.6%.
There are serious risks associated with transient execution, but at the moment they are mostly theoretical as they are rarely, if ever, actively exploited. Software engineers, on the other hand, have a lot more to worry about, and this new technique should only increase their concerns.