New Attacks Slaughter All Spectre Defenses - silversurfer - 04 May 21
Quote:All defenses against Spectre side-channel attacks can now be considered broken, leaving billions of computers and other devices just as vulnerable today as they were when the hardware flaw was first announced three years ago.
A paper published on Friday by a team of computer scientists from the University of Virginia and the University of California, San Diego, describes how all modern AMD and Intel chips with micro-op caches are vulnerable to this new line of attack, given that it breaks all defenses. That includes all Intel chips that have been manufactured since 2011, which all contain micro-op caches.
The vulnerability in question is called Spectre because it’s built into modern processors that perform branch prediction. It’s a technique that makes modern chips as speedy as they are by performing what’s called “speculative execution,” where the processor predicts instructions it might end up executing and prepares by following the predicted path to pull the instructions out of memory. If the processor stumbles down the wrong path, the technique can leave traces that may make private data detectable to attackers. One example is when data accesses memory: if the speculative execution relies on private data, the data cache gets turned into a side channel that can be squeezed for the private data through use of a timing attack.
The new line of attacks exploits the micro-op cache: an on-chip structure that speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process, as the team explains in a writeup from the University of Virginia. Even though the processor quickly realizes its mistake and does a U-turn to go down the right path, attackers can get at the private data while the processor is still heading in the wrong direction.
Om Moolchandani, co-founder, CTO, CISO and research team leader at Accurics, said that this is going to be a widespread problem. “Any x86 type multi-core processor could be affected: essentially all modern 32- and 64-bit PC processors and the vast majority of typical server hardware,” he told Threatpost in an email on Monday. Non-x86 processors such as ARM, MIPS, and RISC V, etc. aren’t expected to be affected.
Read more: New Attacks Slaughter All Spectre Defenses | Threatpost
|