Modern CPUs Likely Permanently Haunted by Spectre Security Flaws

Ever since the Spectre and Meltdown series of security flaws were disclosed, there have been questions about just how secure the modern CPUs we use can be. At the same time, the difference in which companies were exposed to which specific attacks created confusion about just how to weigh the evidence. Or, to put it bluntly — was Spectre really only a problem for Intel, with incidental exposure for other companies?

A group of Google researchers has an answer to this question, and it’s not one people are going to like. We quote:

Vulnerabilities from speculative execution are not processor bugs but are more properly considered fundamental design flaws, since they do not arise from errata. Troublingly, these fundamental design flaws were overlooked by top minds for decades. Our paper shows these leaks are not only design flaws, but are in fact foundational, at the very base of theoretical computation.

The research teams evaluated multiple ideas, including disabling speculative execution to the maximum degree possible via use of the LFENCE instruction, using timer mitigation strategies (adjusting the precision of various system timers), and the use of branchless masking, rather than relying on branch instructions to enforce what untrusted code is allowed to do. None of these solutions presents a complete fix to the problem. None of them could be counted on to provide security against all types of side-channel attacks, and even a combination of software and hardware best practices wasn’t able to guard against every type of exploit.

No Easy Fixes, No Quick Solutions

According to the researchers, the black-box state of microarchitectures and their reliance on closed-source IP represents a tremendous barrier to researching and resolving side channel exploits. It’s even harder to know how to design strategies for effective long-term mitigation in future products.

They write:

Computer systems have become massively complex in pursuit of the seemingly number-one goal of performance. We’ve been extraordinarily successful at making them faster and more powerful, but also more complicated, facilitated by our many ways of creating abstractions. The tower of abstractions has allowed us to gain confidence in our designs through separate reasoning and verification, separating hardware from software, and introducing security boundaries. But we see again that our abstractions leak, side-channels exist outside of our models, and now, down deep in the hardware where we were not supposed to see, there are vulnerabilities in the very chips we deployed the world over. Our models, our mental models, are wrong; we have been trading security for performance and complexity all along and didn’t know it.

The degree to which we did or didn’t “know” about these things seems to be a matter of interpretation. Certainly, the idea that speculative execution could represent a security threat has been conceptually known for decades. The increase in CPU transistor count with every product generation has generally been hailed as a good thing, even as it’s become harder to cool those transistors or run them at high clock speeds.

To-date, exploits targeting Spectre and Meltdown haven’t been seen in the wild. This seems like a case of “when,” rather than “if,” however — and the CPU industry players don’t want to be seen as ignoring these problems. At the same time, it’s not clear if they can ever be resolved without jettisoning speculative execution, and the tremendous performance benefits it delivers.

Modern CPUs Likely Permanently Haunted by Spectre Security Flaws

No Easy Fixes, No Quick Solutions

Continue reading

Google Pixel Slate Owners Report Failing Flash Storage

Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021

Current x86 vs. Apple M1 Performance Measurements Are Flawed

A File Sharing App With 1 Billion Downloads Has a Major Security Flaw