![]() ![]() We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel." "But it turns out the walls of this waiting area have ears, which our attack exploits. ![]() "Intel's suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute," Ashish Venkat, an assistant professor at the University of Virginia and a co-author of the study, said. Micro-op caches have been built into Intel-based machines manufactured since 2011. The new attack method exploits what's called a micro-operations (aka micro-ops or μops) cache, an on-chip component that decomposes machine instructions into simpler commands and speeds up computing, as a side-channel to divulge secret information. "Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wrong way." "A Spectre attack tricks the processor into executing instructions along the wrong path," the researchers said. The disclosure of Spectre and Meltdown opened a floodgates of sorts, what with endless variants of the attacks coming to light in the intervening years, even as chipmakers like Intel, ARM, and AMD have continually scrambled to incorporate defenses to alleviate the vulnerabilities that permit malicious code to read passwords, encryption keys, and other valuable information directly from a computer's kernel memory.Ī timing side-channel attack at its core, Spectre breaks the isolation between different applications and takes advantage of an optimization method called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets. Indeed, it's been more than three years, and there is no end to Spectre in sight.Ī team of academics from the University of Virginia and University of California, San Diego, have discovered a new line of attack that bypasses all current Spectre protections built into the chips, potentially putting almost every system - desktops, laptops, cloud servers, and smartphones - once again at risk just as they were three years ago. When Spectre, a class of critical vulnerabilities impacting modern processors, was publicly revealed in January 2018, the researchers behind the discovery said, "As it is not easy to fix, it will haunt us for quite some time," explaining the inspiration behind naming the speculative execution attacks. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |