قالب وردپرس درنا توس
Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Google: The software will never be able to fix bugs like Specter

Google: The software will never be able to fix bugs like Specter



  Google: The software will never be able to correct Specter bugs

Google researchers who investigate the scope and impact of the Specter attack have published a document claiming that Specter-like vulnerabilities, are likely to continue. Additionally, technological protection techniques against them will impose a high cost of performance. In any case, the researchers continue, the software will be inadequate ̵

1; some of the shortcomings of Spectre do not seem to have any effective software protection. As such, Specter will continue to be a part of the computer landscape without clear resolution.

The detection and development of the Meltdown and Specter attacks was undoubtedly the grand security story of 2018. and the related discoveries were made during the rest of the year. Both attacks rely on inconsistencies between the theoretical architectural behavior of the processor – the documented behavior that programmers depend on and write their programs against – and the actual behavior of the implementations.

In particular, modern processors perform speculative performance; they make assumptions about, for example, the value that is read from memory or whether if is true or false and allows their execution to be performed on the basis of these assumptions. If the assumptions are correct, speculated results are retained; if not, the speculated results are discarded and the processor redraws the calculations. Speculative execution is not an architectural feature of the processor; this is a conversion feature and is therefore supposed to be totally invisible to the running programs. When the processor rejects bad speculation, it must be as if speculation has never happened. the processor rejects speculated results, some evidence of bad speculation remains. For example, speculation can change the data stored in the cache of the processor. Programs can detect these changes by measuring the time to read memory values.

With careful design, the striker can get the processor to speculate on some value of interest and use the cache changes to reveal what the speculated value is. This becomes particularly threatening in applications such as web browsers: malware JavaScript can use the data disclosed in this way to learn about the memory structure of the process it is running, and then uses this information to use other security gaps to execute any code. Browser developers have assumed that they can construct safe sandboxes in the browser process so that scripts can not learn about the memory layout of their content process. Architecturally these assumptions are healthy. But reality has Spectre, and it throws these assumptions out of the water.

Meltdown attacks the chips of Intel, Apple and other manufacturers building some standard ARM models was a particularly unpleasant option. It allows a malicious program to retrieve data from the operating system kernel. Immediately after the discovery of Meltdown, changes were made to operating systems to hide most of the data from such malicious programs. Intel has made specific changes to its processors to cope with melting so the latest processors no longer need to activate these changes in the operating system. But the Spectre – the best idea ] the style of the attack, with many different variations and repetitions, proved to be more subtle. Various software techniques have been developed to prevent speculative execution of the sensitive code or to limit the information that can be revealed through speculative performance.

The Google survey found that these software measures left much to be desired. Some measures, such as blocking all speculation after loading memory values, protect against many attacks but are too exhausting for use in practice. Researchers have experimented with modified versions of the V8 JavaScript engine from Chrome, and the indiscriminate use of this technique has made productivity declines between a third and a fifth of what was unmitigated. Other mitigations were less punitive – for example, the protection of access to arrays of a particular type of disclosure had a 10% cost of execution.

But in any case there were compromises; without limiting the protection against all Specter variants, so that a combination of techniques and techniques that can not be used indiscriminately should be used, there is a great challenge even to identify where discounts should be applied. In addition, Google has developed a generic Specter family attack that can not be overcome by any of the known mitigation techniques.

An important element of Specter attacks is the system to measure these cache changes. One of the ideas that people had to overcome is to make watches available for less accurate applications. The working theory is that if we have to measure cache differences that are several nanoseconds in length, the clock that has a resolution of, say, milliseconds, will be too rough. Researchers have developed a technique to amplify small time differences, and this amplification can prevent any attempt to make timers coarser. to protect yourself from Specter. It may be possible to mitigate the hardware, but at the moment it is an open question – unlike Meltdown, which had a clear resolution, Specter seems much more inherent in speculative performance. And the rejection of speculative performance is also not a very good option; this is a feature of every high-performance processor and with good reason – it provides a significant advantage for performance.

For now, applications trying to build a secure environment will have to rely on the safeguards of hardware – the defense between processes. For example, Chrome has been changed to prevent multiple domain content from running within the same process. This does not yet protect the Chrome sandbox itself from script attacks, but it means that a script can not attack content from other domains.

In the end, the study shows that Spectre is appropriately called. He will pursue both software and hardware developers for years and has no clear end.


Source link