Meltdown and Spectre Vulnerabilities Information

Page 19 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.


So does AMD gaining market share.
 

goldstone77

Honorable
Aug 22, 2012
2,220
3
11,965
85
SafeSpec: Banishing the Spectre of a Meltdown with Leakage-Free Speculation
https://arxiv.org/pdf/1806.05179.pdf
https://arxiv.org/abs/1806.05179

Speculative execution which is used pervasively in modern CPUs can leave side effects in the processor caches and other structures even when the speculated instructions do not commit and their direct effect is not visible. The recent Meltdown and Spectre attacks have shown that this behavior can be exploited to expose privileged information to an unprivileged attacker. In particular, the attack forces the speculative execution of a code gadget that will carry out the illegal read, which eventually gets squashed, but which leaves a side-channel trail that can be used by the attacker to infer the value. Several attack variations are possible, allowing arbitrary exposure of the full kernel memory to an unprivileged attacker. In this paper, we introduce a new model (SafeSpec) for supporting speculation in a way that is immune to side-channel leakage necessary for attacks such as Meltdown and Spectre. In particular, SafeSpec stores side effects of speculation in a way that is not visible to the attacker while the instructions are speculative. The speculative state is then either committed to the main CPU structures if the branch commits, or squashed if it does not, making all direct side effects of speculative code invisible. The solution must also address the possibility of a covert channel from speculative instructions to committed instructions before these instructions are committed. We show that SafeSpec prevents all three variants of Spectre and Meltdown, as well as new variants that we introduce. We also develop a cycle accurate model of modified design of an x86-64 processor and show that the performance impact is negligible. We build prototypes of the hardware support in a hardware description language to show that the additional overhead is small. We believe that SafeSpec completely closes this class of attacks, and that it is practical to implement.
Interesting!
 
Jul 20, 2017
607
0
980
0
Everything I have read said these issues are exclusively on computers using intel cpus, but the first post in here doesn't seem to even mention intel and says most everyone is affected.
 


It comes down to how SMT is handled by CPU architecture; Intel is the obvious company to look at first due to it's dominant market share, but SMT is used by pretty much everyone at this point. I'd be shocked if everyone else doesn't have a holes similar to the one that just got disclosed.
 

goldstone77

Honorable
Aug 22, 2012
2,220
3
11,965
85


If you start with the first post and read till now, you will find a time line of events. If you want to know more about which variants that effect AMD, and the mitigation they have a "AMD Processor Security Updates" page.
https://www.amd.com/en/corporate/security-updates
 

8350rocks

Distinguished


10 Gbps is not ultra common outside of massive data centers though, and probably will not be widespread for at least another decade outside of data centers/cloud computing.

Now...does that mean it is irrelevant? Absolutely not! However, this is something that most consumers do not have to worry about on their personal machines for ages...
 


Famous last words: "Don't worry; we'll deal with it later."

Usually followed shortly by

"Well, we didn't think things would get THAT bad."
 

audiospecaccts

Upstanding
Oct 13, 2018
149
0
210
14


on chip security doesn't mean anything when the storage of the encryption cypher can be copied.
Just like dark webbing a server.
1. break into storage.
2. copy all encryption cyphers
3. install them on the remote dark-web server and connect it through a vpn
4. the darkweb server attaches to the victim server at root IP. since the private key is the same, any logged in sessions will be seen (just like if you remote destop into that browser window)


This gets around all known firewalls btw....


I've been spying on the dark web and observing what they do when they take over a system. Its not one guy. its several. The ones that copy SSL certificates post them for the others to continue.



I had the opportunity to talk to one of the anons out there, and he told me very disturbing things that one of the writers of the XML language actually built in security holes so others can access all hardware that is connected to the internet. He also said one of the engineers of the SSL is in league with them and that is why the system doesn't issue the certificate to a server exclusively (like to processor serial number, or Uuid of the drive).


It was quite disturbing to me when they released the Mac address on chip and thinking of the slight possibility it could end up with more than one processor with the same mac address, and the networking anomaly that would fallow. (that would be 1/2 of the attack tcp packet, the other would be the Ip ).

Just like those ones that pass objects (I think they are pictures, but could be SSL Certs) on any web site they both go to, they have each others IP, but they maliciously use the web server to mitigate the mac address for their "discrete" file sharing. The web server is oblivious to this activity, and only can be observed though packet inspection at the server because the data goes directly into network routing instead of being logged.



 


Affects all OS's that aren't patched. This is a hardware problem, first and foremost.
 

Eximo

Titan
Herald
And a widespread hardware problem. Once the concept was well known everyone started hunting. And since most chip designers adopted similar performance enhancing methods, there are side channel attacks for most processors.
 

audiospecaccts

Upstanding
Oct 13, 2018
149
0
210
14
It may be the reason why I had to disable enhanced processor features for my audio studio machines to keep them from drifting out of real time (the real time latency would slowly increase) or on larger projects, the program would just crash if any of them were enabled.

on the same parallel, it was about the year 2000 I had to start doing this to machines.
 
Nov 20, 2018
2
0
10
0
I think this is why we will see hyper-threading go away. I7-9700k doesn't support it. I think it's a nightmare for intel to try to fix, if it can ever be truly "patched." Best way to deal with the security issue is to eliminate it in the future completely.
 


SMT isn't fundamentally insecure; at it's lowest level it's just another set of CPU Registers and the HW necessary to schedule an additional thread. The problem is Intel in particular seems to have taken a LOT of security liberties in order to increase performance.

It's also possible Intel ditched HTT on it's highest end parts due to increasing core count or production/thermal issues.
 

goldstone77

Honorable
Aug 22, 2012
2,220
3
11,965
85
Hyper Threading isn't the problem, it's speculative execution. No one wants to give up the performance enhancements that speculative execution provides, so it will require a fundamental change in the current process. All these proposed hardware fixes do not change how information is being processed. New variants continue to pop up, and they are not being addressed by manufacturers.
 


To be fair, who would buy a processor that's secure, but has a 30% performance penalty?
 


The e-commerce market may well just have to eat the performance hit and buy a larger number of weaker servers with speculative execution disabled, particularly if these sorts of side-channel attacks lead to massive data breaches and disabling speculative execution becomes part of PCI compliance or something like that. On the consumer level it would be a harder sell, as consumers aren't as high profile a target and getting their info isn't as valuable as say stealing Amazon's credit card database and most people might be more inclined to simply deal with the security risk, or if they're really worried, do highly sensitive stuff like banking and so on on a separate device that is more secure, if a bit slower overall.
 

Similar threads


ASK THE COMMUNITY

TRENDING THREADS