Modern CPUs Likely Permanently Haunted by Spectre Security Flaws

Modern CPUs Likely Permanently Haunted by Spectre Security Flaws

Ever since the Spectre and Meltdown series of security flaws were disclosed, there have been questions about just how secure the modern CPUs we use can be. At the same time, the difference in which companies were exposed to which specific attacks created confusion about just how to weigh the evidence. Or, to put it bluntly — was Spectre really only a problem for Intel, with incidental exposure for other companies?

A group of Google researchers has an answer to this question, and it’s not one people are going to like. We quote:

Vulnerabilities from speculative execution are not processor bugs but are more properly considered fundamental design flaws, since they do not arise from errata. Troublingly, these fundamental design flaws were overlooked by top minds for decades. Our paper shows these leaks are not only design flaws, but are in fact foundational, at the very base of theoretical computation.

Modern CPUs Likely Permanently Haunted by Spectre Security Flaws

The research teams evaluated multiple ideas, including disabling speculative execution to the maximum degree possible via use of the LFENCE instruction, using timer mitigation strategies (adjusting the precision of various system timers), and the use of branchless masking, rather than relying on branch instructions to enforce what untrusted code is allowed to do. None of these solutions presents a complete fix to the problem. None of them could be counted on to provide security against all types of side-channel attacks, and even a combination of software and hardware best practices wasn’t able to guard against every type of exploit.

No Easy Fixes, No Quick Solutions

According to the researchers, the black-box state of microarchitectures and their reliance on closed-source IP represents a tremendous barrier to researching and resolving side channel exploits. It’s even harder to know how to design strategies for effective long-term mitigation in future products.

They write:

Computer systems have become massively complex in pursuit of the seemingly number-one goal of performance. We’ve been extraordinarily successful at making them faster and more powerful, but also more complicated, facilitated by our many ways of creating abstractions. The tower of abstractions has allowed us to gain confidence in our designs through separate reasoning and verification, separating hardware from software, and introducing security boundaries. But we see again that our abstractions leak, side-channels exist outside of our models, and now, down deep in the hardware where we were not supposed to see, there are vulnerabilities in the very chips we deployed the world over. Our models, our mental models, are wrong; we have been trading security for performance and complexity all along and didn’t know it.

The degree to which we did or didn’t “know” about these things seems to be a matter of interpretation. Certainly, the idea that speculative execution could represent a security threat has been conceptually known for decades. The increase in CPU transistor count with every product generation has generally been hailed as a good thing, even as it’s become harder to cool those transistors or run them at high clock speeds.

To-date, exploits targeting Spectre and Meltdown haven’t been seen in the wild. This seems like a case of “when,” rather than “if,” however — and the CPU industry players don’t want to be seen as ignoring these problems. At the same time, it’s not clear if they can ever be resolved without jettisoning speculative execution, and the tremendous performance benefits it delivers.

Continue reading

AMD’s Reliance on TSMC Isn’t Harming the Company’s Growth Prospects
AMD’s Reliance on TSMC Isn’t Harming the Company’s Growth Prospects

It has been difficult to buy high-end PC components for nearly six months. There are a number of reasons for this, including pandemic-related impacts, the related surge in demand for all computing hardware, and supply shortages. A lot of eyeballs have been trained on foundries like TSMC, to the point that national governments have put…

AMD Discloses a Spectre-Like Vulnerability in Zen 3 CPUs
AMD Discloses a Spectre-Like Vulnerability in Zen 3 CPUs

AMD has disclosed a potential security vulnerability on its Zen 3 CPUs with similarities to the Spectre attack from several years ago, but the company believes the risk is minimal.

Intel, Researchers Debate Whether New Spectre-Type Vulnerabilities Exist
Intel, Researchers Debate Whether New Spectre-Type Vulnerabilities Exist

Researchers are claiming to have found a new type of Spectre attack that bypasses all existing protections, but that framing isn't well supported.

LG Announces Monitor with Crazy 16:18 Aspect Ratio
LG Announces Monitor with Crazy 16:18 Aspect Ratio

LG's new panel eschews the ultrawide Zeitgeist for a monitor that's basically a really big square.