Stories
Slash Boxes
Comments

SoylentNews is people

Spectre is Here to Stay: An Analysis of Side-Channels and Speculative Execution

posted by martyb on Saturday February 16 2019, @02:08PM   Printer-friendly
from the so-that-means...-we-are-screwed dept.

takyon writes:

Google security researchers have come to the conclusion that speculative execution attacks are here to stay without drastic changes to modern CPU architectures, such as removing speculative execution entirely.

Spectre is here to stay: An analysis of side-channels and speculative execution

Related:

Patch for Intel Speculative Execution Vulnerability Could Reduce Performance by 5 to 35% [Update: 2]
Qualcomm Joins Others in Confirming its CPUs Suffer From Spectre, and Other Meltdown News
Congress Questions Chipmakers About Meltdown and Spectre
What Impact Has Meltdown/Spectre Had on YOUR Systems?
Intel Admits a Load of its CPUs Have Spectre V2 Flaw That Can't be Fixed
Intel FPU Speculation Vulnerability Confirmed
New Spectre Variant SpectreRSB Targets Return Stack Buffer
Intel Discloses a Speculative Execution Attack in Software Guard eXtensions (SGX)
Intel 'Gags' Linux Distros From Revealing Performance Hit From Spectre Patches
MIT Researchers Claim to Have a Solution for Some Speculative Execution Attacks
Spectre, Meltdown Researchers Unveil 7 More Speculative Execution Attacks
New Side-Channel Leak: Researchers Attack Operating System Page Caches

Original Submission

 
This discussion has been archived. No new comments can be posted.
Spectre is Here to Stay: An Analysis of Side-Channels and Speculative Execution | Log In/Create an Account | Top | 36 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Azuma Hazuki on Saturday February 16 2019, @11:04PM (1 child)

    by Azuma Hazuki (5086) on Saturday February 16 2019, @11:04PM (#802228) Journal

    Something I'd been wondering since this came out: isn't the solution not to drop speculative execution entirely, but just to make sure parts of the chip can't read what they have no business reading?

    Ever since I learned what NUMA was, it's occurred to me that individual systems can look like an entire LAN in some ways. And with the ring bus, various DSPs, and now Infinity Fabric and its inevitable future kissing cousins, this analogy only looks set to become even stronger. As no network is secure without a firewall, access controls, and ideally some sort of IDS, maybe CPUs need to be designed this way too.

    And *properly* designed so that this stuff is default-deny; the *last* thing we need is some snooping ring-negative-one coprocessor like the IME on steroids controlling access, because when THAT inevitably gets owned, the entire security model is busted and we're back to square one.

    --
    I am "that girl" your mother warned you about...
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Sunday February 17 2019, @07:05AM

    by Anonymous Coward on Sunday February 17 2019, @07:05AM (#802401)

    Or just make cache cheaper and smaller.