Stories
Slash Boxes
Comments

SoylentNews is people

Spectre is Here to Stay: An Analysis of Side-Channels and Speculative Execution

posted by martyb on Saturday February 16 2019, @02:08PM   Printer-friendly
from the so-that-means...-we-are-screwed dept.

takyon writes:

Google security researchers have come to the conclusion that speculative execution attacks are here to stay without drastic changes to modern CPU architectures, such as removing speculative execution entirely.

Spectre is here to stay: An analysis of side-channels and speculative execution

Related:

Patch for Intel Speculative Execution Vulnerability Could Reduce Performance by 5 to 35% [Update: 2]
Qualcomm Joins Others in Confirming its CPUs Suffer From Spectre, and Other Meltdown News
Congress Questions Chipmakers About Meltdown and Spectre
What Impact Has Meltdown/Spectre Had on YOUR Systems?
Intel Admits a Load of its CPUs Have Spectre V2 Flaw That Can't be Fixed
Intel FPU Speculation Vulnerability Confirmed
New Spectre Variant SpectreRSB Targets Return Stack Buffer
Intel Discloses a Speculative Execution Attack in Software Guard eXtensions (SGX)
Intel 'Gags' Linux Distros From Revealing Performance Hit From Spectre Patches
MIT Researchers Claim to Have a Solution for Some Speculative Execution Attacks
Spectre, Meltdown Researchers Unveil 7 More Speculative Execution Attacks
New Side-Channel Leak: Researchers Attack Operating System Page Caches

Original Submission

 
This discussion has been archived. No new comments can be posted.
Spectre is Here to Stay: An Analysis of Side-Channels and Speculative Execution | Log In/Create an Account | Top | 36 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by hendrikboom on Monday February 18 2019, @04:09PM

    by hendrikboom (1125) Subscriber Badge on Monday February 18 2019, @04:09PM (#803013) Homepage Journal

    This kind of problem was known to some already in the 70's. Security was a concern.

    During a discussion about a proposed secure OS that would be capable of "letting the CIA and the KGB safely use the same machine", someone raised the prospect that one process could leak data by using memory in such a way as to encode bits by making the machine's paging system alternatively thrash or not, while another process would measure performance and thus read the bits.

    The difference is that everything is now faster, making this practical.

    -- hendrik

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2