Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Wednesday March 06 2019, @06:40AM   Printer-friendly
from the Intel-illness dept.

Submitted via IRC for Bytram & AzumaHazuki

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

Speculative execution, the practice of allowing processors to perform future work that may or may not be needed while they await the completion of other computations, is what enabled the Spectre vulnerabilities revealed early last year.

In a research paper distributed this month through pre-print service ArXiv, "SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks," computer scientists at Worcester Polytechnic Institute in the US, and the University of Lübeck in Germany, describe a new way to abuse the performance boost.

The researchers [...] have found that "a weakness in the address speculation of Intel's proprietary implementation of the memory subsystem" reveals memory layout data, making other attacks like Rowhammer much easier to carry out.

The researchers also examined Arm and AMD processor cores, but found they did not exhibit similar behavior.

"We have discovered a novel microarchitectural leakage which reveals critical information about physical page mappings to user space processes," the researchers explain.

"The leakage can be exploited by a limited set of instructions, which is visible in all Intel generations starting from the 1st generation of Intel Core processors, independent of the OS and also works from within virtual machines and sandboxed environments."

The issue is separate from the Spectre vulnerabilities, and is not addressed by existing mitigations. It can be exploited from user space without elevated privileges.

[...] "The root cause of the issue is that the memory operations execute speculatively and the processor resolves the dependency when the full physical address bits are available," said Moghimi. "Physical address bits are security sensitive information and if they are available to user space, it elevates the user to perform other micro architectural attacks."

[...] SPOILER, the researchers say, will make existing Rowhammer and cache attacks easier, and make JavaScript-enabled attacks more feasible – instead of taking weeks, Rowhammer could take just seconds. Moghimi said the paper describes a JavaScript-based cache prime+probe technique that can be triggered with a click to leak private data and cryptographic keys not protected from cache timing attacks.

Mitigations may prove hard to come by. "There is no software mitigation that can completely erase this problem," the researchers say. Chip architecture fixes may work, they add, but at the cost of performance.


Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Wednesday March 06 2019, @08:52AM

    by Anonymous Coward on Wednesday March 06 2019, @08:52AM (#810637)

    There is also one more protection: Don't write crappy software so it can run on a slower hardware.
    Is it hard to abandon resource-hungry frameworks?
    Or optimize algorithm after it's developed?
    Using definitions for debugging to make release a release, not a console "cat-on-a-keyboard" text generator?
    Or maybe not using the two weeks old computer a rich boss bought to devs, but testing software on an average or even a bit below average machine?
    Finally, not being afraid of assembly optimization. This boosts performance in low-level C code beautifully (e.g. in OS) and it repays. The problem is that we are not teaching programmers, but libraries users. People use programming languages without knowledge how the computer works. In "Applied Computer Science" course in quite good European university, there is only one semester-long course of assembler... and it's x86 assembler :(. The "Elementary CS" course starts with C++. When students have "Control systems" course, they get intentionally weak devices, with 1K of ram for example. It's fun watching them trying to cram a whole C++ objects there because using registers, state machine approach or global storage... has been forbidden in courses when they were using a high-end computers.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1