An Invention of MIT Builds Memory Walls to Protect Against Fusion and Spectrum Attacks



[ad_1]

The researchers created a new system that can reduce the risk of memory-based attacks, such as Meltdown and Specter.

Discovered for the first time in January, these vulnerabilities existed since 1995 in most Intel processors, alongside AMD and ARM processors. Security issues can provide the environment necessary to conduct timing attacks due to modern CPU design issues.

In the cases of Meltdown and Spectrum, cyberattackers can exploit the operation of memory processes in firmware. Processors do not remain inactive; they calculate innumerable decisions and complete tasks in nanoseconds – and in order to enhance the power of this material, the engineers used what is called a speculative execution.

In other words, the processors are able to execute instructions while they wait for memory. Once the memory facet is ready, unnecessary instructions are removed.

Speed ​​is optimized, but the design trick has also created a way for attackers to create speculative CPU execution code, potentially leading to memory access and data leaks.

Vulnerabilities affect everything from consumer PCs to cloud service providers around the world, with many industry analysts believing that new chip design is the only way to properly protect against these sync attacks, while maintaining high levels of security. of performance for which they were designed.

Patches have been developed to protect against Meltdown and Specter from vendors such as Apple, Microsoft and the Linux team deploying these patches. However, hardware performance vulnerable to Meltdown / Specter attacks is sometimes slowed down.

Intel, for example, has released security patches that, according to the company, make the processors "immune" to both attacks.

However, researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSINA) believe that the security solution can be improved for future chips.

"These attacks have fundamentally changed our understanding of the reliability of a system and forced us to reconsider where we are spending security resources," says Ilia Lebedev, researcher and PhD student. student at MIT CSAIL. "They showed that we had to pay a lot more attention to the microarchitecture of the systems."

To read: SpecterRSB: a new attack targets the processor's back stack buffers

Lebedev and his team at MIT CSAIL are working on a system they believe is a more effective alternative to protecting the modern PC architecture against synchronization attacks. This invention has been shown to be safer than Intel 's "cache allocation technology" (CAT).

In 2016, Intel used CAT technology. Like the kitchen, MIT CSAIL says that although the Intel solution has chefs working in different sections – in memory – and that they all know their own recipes and ingredients, leaks of the recipe can still occur.

The team's solution, on the contrary, builds walls between chefs, their ingredients and recipes, and prevents communication that could lead to information leaks.

The "leaders", in this case, are "protection domains" that are isolated by "secure partitioning" in the cache memory.

CNET: According to report, stolen Apple IDs would be used in a series of digital payments theft in China

The counterpart system, titled DAWG (Dynamically Allocated Way Guard) in an Intel CAT trick, divides the cache into several compartments.

In a document describing the research, the team explained how their system manages to completely isolate the programs through the cache, preventing data leaks and securing the channel currently used for timing attacks.

In testing, the team stated that they found that the performance of the DAWG was not only comparable to that of the CAT, but also required "minimal" changes to modern systems.

"We believe that it is an important step forward in giving IT architects, cloud providers and other IT professionals a better way to improve their business." Allocate resources in an efficient and dynamic way, "said Vladimir Kiriansky, lead author of the document. "It sets clear limits for where sharing should and should not take place so that programs containing sensitive information can keep this data reasonably secure."

See also: Meeting with Norman, the world's first "psychopathic" AI

The team warned that DAWG was not yet a quick fix for the Meltdown and Spectrum type attacks, but that in terms of improving the way vendors are currently protecting the material Anything that requires little modification and may not affect CPU performance is well worth it.

TechRepublic: Survey: How does your company manage cyberwar and cybersecurity?

MIT CSAIL is currently working on refining DAWG to stop all types of speculative execution attacks we are aware of.

"There is a tension between performance and security that impresses a community of architecture designers who have always tried to share as much as possible in as many places as possible," said Lebedev. "On the other hand, if security was the only priority, we would have separate computers for each program we wish to run, so that no information can ever leak, which is obviously DAWG is part of a growing job, trying to reconcile these two opposing forces. "

The research will be presented next week at the IEEE / ACM International Microarchitecture Symposium (MICRO) in the city of Fukuoka, Japan.

Previous and related coverage

[ad_2]
Source link