SoylentNews is people
SoylentNews
Back at the start of the year, a set of attacks that leveraged the speculative execution capabilities of modern high-performance processors was revealed. The attacks were named Meltdown and Spectre. Since then, numerous variants of these attacks have been devised. In tandem, a range of mitigation techniques has been created to enable at-risk software, operating systems, and hypervisor platforms to protect against these attacks.
A research team—including many of the original researchers behind Meltdown, Spectre, and the related Foreshadow and BranchScope attacks—has published a new paper disclosing yet more attacks in the Spectre and Meltdown families. The result? Seven new possible attacks. Some are mitigated by known mitigation techniques, but others are not. That means further work is required to safeguard vulnerable systems.
The previous investigations into these attacks have been a little ad hoc in nature: examining particular features of interest to provide, for example, a Spectre attack that can be performed remotely over a network or Meltdown-esque attack to break into SGX enclaves. The new research is more systematic, looking at the underlying mechanisms behind both Meltdown and Spectre and running through all the different ways the speculative execution can be misdirected.
(Score: 2) by bzipitidoo on Monday November 19 2018, @05:19PM (2 children)
I certainly understand not doing Mil stuff. The military boys are wont to make unreasonable demands, and think they're not asking for all that much. Formal verification of a computer system, yes, it's possible to do that, but at what price? Even when money is not an issue, it can still take years to verify a system, by which time it is hopelessly obsolete. Really, you'd have to start from scratch. No, OpenBSD is not good enough. Make your own microkernel based OS. But then, you're losing out on years of OS refinement and performance tuning, and what can happen with that is that even if it is secure, it is hopelessly impractical because it is far too slow. All the worse if it's only certified to run on verified secure processors which are no longer manufactured due to obsolescence. Then they turn around and demand that it run what they know, which is Windows. They want formally verified, secure Windows, and they want MS Office.
However, under the hood, x86 has been RISC for years. Since the Pentium, each x86 instruction is implemented with a few instructions of microcode on the underlying RISC processor. Think the 486 was the last x86 CPU that implemented the instruction set directly in hardware.
Proving that "it works", AKA, that there are no bugs, is not at all orthogonal to security. I'd go as far as saying that security is a poor focus, and that a better way to more secure computer systems is to concentrate on eliminating bugs. And I don't mean the custom of endlessly rolling out patches to deal with the bug du jour, I mean designing the systems to entirely avoid whole classes of bugs. Like with these Spectre and Meltdown problems. Perhaps it's impractical to eschew speculation altogether, would be too much of a performance hit. But, is it really so burdensome for the hardware to make permission checks before doing the speculative execution?
(Score: 2) by RamiK on Monday November 19 2018, @07:59PM
Sure just load and... Oh wait...
(400 cycles later)
Ah shit.
compiling...
(Score: 0) by Anonymous Coward on Tuesday November 20 2018, @12:38AM
Pentium 90 was the last true CISC chip from Intel*. RISC was introduced with the Pentium Pro and continued with the PII.
*ISTR There being other x86 CISC chips after that from other manufacturers, but they didn't sell well and have been abandoned.