Specter software mitigation techniques are not enough

Darkcrizt

4 minutes

specter-intel-patch-update

Recientemente a group of researchers working for Google have argued that it will be difficult to avoid errors related to Specter in the future, unless the CPUs are thoroughly serviced.

According to them, software-based mitigation techniques alone will not be enough. To avoid the exploitation of such hardware vulnerabilities, mitigation software solutions that they consider for the most part as incomplete.

About Spectrum

We must remember that it is thanks to Google that we know that critical vulnerabilities affecting modern chips and probably the entire semiconductor industry, they primarily affect 86-bit Intel x64 CPUs.

But these security flaws they also affect processors based on the ARM architecture (Samsung, Qualcomm, MediaTek, Apple, Huawei, etc.) toyes like the architecture of the CPU developed by IBM and to a lesser extent to the AMD processors.

Specter corresponds to the first two variants: 1 (Boundary Check Bypass) and 2 (Branch Bypass Injection) These critical vulnerabilities were discovered by the Mountain View company and exposed to the specific types of related attacks.

Specter basically breaks down the barrier between applications and allows an attacker to secretly obtain sensitive information. on running applications, even if they are protected.

Uncover one hole to cover another

Google researchers have discovered which the modern processor data cache timeout can be abused to illegally retrieve information from a computer.

This feature is used by most modern processors to optimize performance, but it can also cause serious security problems.

Google researchers were able to demonstrate that attackers can take advantage of this feature (also known as speculative execution) to exploit user-level processes by bypassing the MMU and reading the contents of kernel memory.

A computer that normally should have been inaccessible to them. This problem is material, that is, it refers to non-reconfigurable chips It would not be possible to use a patch through microcode to correct all variants of the various security vulnerabilities revealed during the last 14 months, especially for the Specter vulnerabilities.

To solve this problem effectively, it would be necessary to use a mapping table isolation technique or to design new processors with a revised architecture accordingly.

With a document distributed by ArXivResearchers at the Alphabet subsidiary are now ensuring that all processors that support speculative execution remain susceptible to various side channel attacks, despite mitigation measures that could be discovered in the future.

These failures must be corrected at all costs

According to them, To truly fix all current and future Specter-related bugs and the threat they pose, CPU designers must strive for offering new architectures for their microprocessors.

Intel said it will include hardware fixes for bugs of specific and known hardware in its future chips.

The problem, according to Google researchers, is that lSpecter-related bugs are considered a complete class and that, in addition, vulnerabilities related to speculative execution significantly favor side channel attacks.

Google researchers they proposed several possible solutions, These include the complete deactivation of the speculative execution functionality, as well as the precise attenuation of the delay and finally the "masking".

Google researchers They also pointed out that these mitigation measures are not without problems and that performance penalties are likely to apply if implemented.

Finally they They concluded by saying that Specter may be too good for his nameas it seems to be destined to haunt us for a long time.

Which underscores the fact that we've long focused on performance and complexity at the expense of security.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   luix said
    ago 5 years

    It may seem silly what I think, but is not a good measure to re-manufacture 32-bit processors for certain uses?

    Reply to luix
    1.    David naranjo said
      ago 5 years

      Thanks for comment. It's not silly you have a good point. The problem with this architecture are the limitations it has and one of them is the handling of RAM, since as you know it cannot do more than just 4 GB and well today with the demands of a society that is "virtualizing" it is not viable.

      Reply to David Naranjo
      1.    luix said
        ago 5 years

        4 GB without PAE support, which I think could be properly exploited.

        Reply to luix
      2.    George said
        ago 5 years

        The problem is that the 32-bit platform is also compromised. It is not a platform problem, it is a deployment problem to improve performance.

        As can be read in the article:
        The modern processor data cache timeout can be abused to illegally retrieve information from a computer.

        This feature is used by most modern processors to optimize performance, but it can also cause serious security problems.

        Reply to Jorge
        1.    luix said
          ago 5 years

          Thanks for the clarification. I understood that it did not affect the x32

          Reply to luix