Google researchers who investigate the scope and impact of the Specter attack have published a document claiming that Specter-like vulnerabilities, are likely to continue. Additionally, technological protection techniques against them will impose a high cost of performance. In any case, the researchers continue, the software will be inadequate ̵
The detection and development of the Meltdown and Specter attacks was undoubtedly the grand security story of 2018. and the related discoveries were made during the rest of the year. Both attacks rely on inconsistencies between the theoretical architectural behavior of the processor – the documented behavior that programmers depend on and write their programs against – and the actual behavior of the implementations.
In particular, modern processors perform speculative performance; they make assumptions about, for example, the value that is read from memory or whether if is true or false and allows their execution to be performed on the basis of these assumptions. If the assumptions are correct, speculated results are retained; if not, the speculated results are discarded and the processor redraws the calculations. Speculative execution is not an architectural feature of the processor; this is a conversion feature and is therefore supposed to be totally invisible to the running programs. When the processor rejects bad speculation, it must be as if speculation has never happened. the processor rejects speculated results, some evidence of bad speculation remains. For example, speculation can change the data stored in the cache of the processor. Programs can detect these changes by measuring the time to read memory values.
Meltdown attacks the chips of Intel, Apple and other manufacturers building some standard ARM models was a particularly unpleasant option. It allows a malicious program to retrieve data from the operating system kernel. Immediately after the discovery of Meltdown, changes were made to operating systems to hide most of the data from such malicious programs. Intel has made specific changes to its processors to cope with melting so the latest processors no longer need to activate these changes in the operating system. But the Spectre – the best idea ] the style of the attack, with many different variations and repetitions, proved to be more subtle. Various software techniques have been developed to prevent speculative execution of the sensitive code or to limit the information that can be revealed through speculative performance.
But in any case there were compromises; without limiting the protection against all Specter variants, so that a combination of techniques and techniques that can not be used indiscriminately should be used, there is a great challenge even to identify where discounts should be applied. In addition, Google has developed a generic Specter family attack that can not be overcome by any of the known mitigation techniques.
An important element of Specter attacks is the system to measure these cache changes. One of the ideas that people had to overcome is to make watches available for less accurate applications. The working theory is that if we have to measure cache differences that are several nanoseconds in length, the clock that has a resolution of, say, milliseconds, will be too rough. Researchers have developed a technique to amplify small time differences, and this amplification can prevent any attempt to make timers coarser. to protect yourself from Specter. It may be possible to mitigate the hardware, but at the moment it is an open question – unlike Meltdown, which had a clear resolution, Specter seems much more inherent in speculative performance. And the rejection of speculative performance is also not a very good option; this is a feature of every high-performance processor and with good reason – it provides a significant advantage for performance.
For now, applications trying to build a secure environment will have to rely on the safeguards of hardware – the defense between processes. For example, Chrome has been changed to prevent multiple domain content from running within the same process. This does not yet protect the Chrome sandbox itself from script attacks, but it means that a script can not attack content from other domains.
In the end, the study shows that Spectre is appropriately called. He will pursue both software and hardware developers for years and has no clear end.