Intel Proposes New Type of Memory to Fix Speculative Execution Flaws

Intel Proposes New Type of Memory to Fix Speculative Execution Flaws

Ever since the disclosure of side-channel attacks like Spectre and Meltdown, the semiconductor industry in general and Intel in particular have been grappling with the security problems this class of attacks creates. While these ongoing attacks have mostly been discussed in terms of what they mean for Intel, the security implications of side-channel attacks go beyond any single company. Thus far, many of the countermeasures deployed against Spectre and its ill-spawned children have been specific to the attacks they were intended to counter. Security researchers vastly prefer to lock down systems against entire classes of attack rather than having to fix each individual problem as it occurs, and a team of researchers at Intel STORM (Strategic Offensive Research and Mitigation) have proposed a means of doing so using a new type of memory they call Speculative Access Protected Memory.

Certain memory ranges would be defined as SAPM-protected memory. (PDF) When the CPU detects a memory access targeting this protected RAM, it begins processing instructions in strict serial fashion and refuses to engage in speculative execution until the SAPM-targeting instruction has been retired. Applications would be free to store secret data in SAPM as required, but there would only be a performance penalty for reading this information when it’s actually accessed.

Intel believes this approach is not only possible but preferable. The following chart from Microsoft’s Security Response Center is an older one, from March 2018. It predates the disclosure of a number of additional speculative execution vulnerabilities. The reason I’m showing it is that it illustrates how complex the mitigation strategies against just Spectre and Meltdown potentially were, to say nothing of attacks discovered since or additional methods that may be found in the future.

Image by the Microsoft Security Response Center
Image by the Microsoft Security Response Center

Intel’s white paper also refers extensively to the discussion framework adopted by the MSRC, which conceptualizes speculative execution attacks as containing a front-end and a back-end component. In Microsoft’s framing, the front-end of a speculative execution side-channel attack is what varies from attack method to attack method. The back-end of the attacks discovered to date has been largely similar in all cases and involves a “cache-based covert channel.” The back-end, Intel writes: “transforms the speculatively loaded secret into a secret-dependent cache-line loading that is measurable using timing side-channel analysis. The back-end needs to be executed speculatively AFTER the speculative load of the secret.”

The SAPM approach would address Spectre, Meltdown, L1TF (Foreshadow) and SSB. It would not guard against RIDL or MDS, though the real-world risk of these approaches is quite limited. To the best of our knowledge, no real-world attacks leveraging Spectre, Meltdown, or any of the associated speculative execution vulnerabilities have ever been spotted in the wild, and some of these attack methods are intrinsically difficult to take advantage of, even in ideal circumstances. Just because you can trick a CPU into disclosing speculatively executed information does not mean you can trick it into disclosing useful information. Thus far, we have not seen any black hats using these tactics to exfiltrate data.

The STORM team has released their paper as a proposal for the community, so we’ll see what other developers think of it. If this tactic works, it could significantly narrow the total attack surface presented by Spectre-style attacks. While other kinds of side-channel exploits are possible — side-channel attacks, by their intrinsic nature, cannot be entirely prevented — eliminating cache-based methods would still represent a significant improvement. Nothing in the proposal is specific or unique to Intel, so this solution could be deployed by any firm that found it a useful mitigation strategy.

Continue reading

Google Pixel Slate Owners Report Failing Flash Storage
Google Pixel Slate Owners Report Failing Flash Storage

Google's product support forums are flooded with angry Pixel Slate owners who say their devices are running into frequent, crippling storage errors.

Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021
Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021

The 888 comes with a new CPU design, integrated 5G, and a massive GPU boost. It's shaping up to be the most significant update to Qualcomm's flagship system-on-a-chip (SoC) in years.

Current x86 vs. Apple M1 Performance Measurements Are Flawed
Current x86 vs. Apple M1 Performance Measurements Are Flawed

There's an intrinsic difference between x86 and ARM CPU designs that makes comparing performance difficult — and it didn't get noticed in the initial wave of coverage.

A File Sharing App With 1 Billion Downloads Has a Major Security Flaw
A File Sharing App With 1 Billion Downloads Has a Major Security Flaw

Trend Micro says SHAREit is a security nightmare that could allow intruders to sneak a peek at your data or even install malware. Perhaps most troublingly, the developers have not responded to Trend Micro's warnings.