Google security researchers have come to the conclusion that speculative execution attacks are here to stay without drastic changes to modern CPU architectures, such as removing speculative execution entirely.
Spectre is here to stay: An analysis of side-channels and speculative execution
Related:
Patch for Intel Speculative Execution Vulnerability Could Reduce Performance by 5 to 35% [Update: 2]
Qualcomm Joins Others in Confirming its CPUs Suffer From Spectre, and Other Meltdown News
Congress Questions Chipmakers About Meltdown and Spectre
What Impact Has Meltdown/Spectre Had on YOUR Systems?
Intel Admits a Load of its CPUs Have Spectre V2 Flaw That Can't be Fixed
Intel FPU Speculation Vulnerability Confirmed
New Spectre Variant SpectreRSB Targets Return Stack Buffer
Intel Discloses a Speculative Execution Attack in Software Guard eXtensions (SGX)
Intel 'Gags' Linux Distros From Revealing Performance Hit From Spectre Patches
MIT Researchers Claim to Have a Solution for Some Speculative Execution Attacks
Spectre, Meltdown Researchers Unveil 7 More Speculative Execution Attacks
New Side-Channel Leak: Researchers Attack Operating System Page Caches
(Score: 2) by Azuma Hazuki on Saturday February 16 2019, @11:04PM (1 child)
Something I'd been wondering since this came out: isn't the solution not to drop speculative execution entirely, but just to make sure parts of the chip can't read what they have no business reading?
Ever since I learned what NUMA was, it's occurred to me that individual systems can look like an entire LAN in some ways. And with the ring bus, various DSPs, and now Infinity Fabric and its inevitable future kissing cousins, this analogy only looks set to become even stronger. As no network is secure without a firewall, access controls, and ideally some sort of IDS, maybe CPUs need to be designed this way too.
And *properly* designed so that this stuff is default-deny; the *last* thing we need is some snooping ring-negative-one coprocessor like the IME on steroids controlling access, because when THAT inevitably gets owned, the entire security model is busted and we're back to square one.
I am "that girl" your mother warned you about...
(Score: 0) by Anonymous Coward on Sunday February 17 2019, @07:05AM
Or just make cache cheaper and smaller.