STE WILLIAMS

Intel has claimed its future processors – shipping as early as the second half of this year – will be free of the security design flaws it totally told you not to fret about.

Over the past couple of months, it has been incredible watching Chipzilla revise its position, in public and behind the scenes, over and over again.

In public statements and private briefings to reporters and analysts, it has shifted from claiming these bugs are overblown and not a problem, to admitting they are a problem but are easy to mitigate, to confessing they are not so easy to mitigate but at least there are no ill effects, to conceding there are some ill effects but it’s nothing to worry about, to finally confirming: the issues are so embarrassing, we’ve redesigned our processors to address the design blunders.

Spooky bugs

Meltdown and Spectre are both processor-level vulnerabilities that make it possible for code running in user-mode – which might include malware on a system or even malicious JavaScript served through rogue ads – to read from portions of protected kernel memory or other applications’ memory, snaffling passwords and other sensitive information in the process.

Meltdown breaks the isolation between user applications and the operating system. Spectre, which is harder to exploit but also more dangerous, breaks the isolation between different applications.

Essentially, the design blunders are the result of engineers putting speed over security. The CPU cores can be tricked into revealing the contents of private memory to another process, when there ought to be mechanisms in place to prevent this leakage of information. Modern processors do include such access checks, but they can be bypassed.

Meltdown primarily affects Intel processors. Spectre – so named because it involves flaws in the speculative execution technology that speeds the work of most modern processors – affects a much larger range of processor makers including AMD and Arm. Smartphones, servers and cloud services as well as PCs were at risk of attack.

Operating system developers and cloud service providers have released and rolled out patches to defend against both Meltdown and Spectre while the world waits for silicon designers to address the security shortcomings.

Today we’re told Intel’s upcoming desktop and server processors won’t be vulnerable to Meltdown and one of the two Spectre variants. Specifically, Meltdown and Spectre Variant 2 will be fixed in hardware, whereas Spectre Variant 1 will be fixed in software. Meltdown allows a software nasty to access kernel and thus other applications’ memory. Spectre Variant 2 can be exploited by malware to read kernel memory, and Spectre Variant 1 allows evil code to snoop on application memory – typically, JavaScript in one browser tab spying on another tab. Variant 1 can be fixed by patching programs to thwart Spectre-based attacks.

Chipzilla has, we’re told, redesigned its processor architecture to introduce “partitioning” to prevent malware from exploiting the data-leaking vulnerabilities to steal passwords and other sensitive information from applications, hypervisors, and operating systems.

Assuming the fixes work. Intel has cocked that up recently in its microcode workarounds for Spectre.

“These changes will begin with Intel’s next generation Xeon Scalable processors, as well as 8th Generation Intel Core processors expected to ship in the second half of 2018,” Intel said on Thursday.

In other words: patch your systems, or buy new chips to avoid that faff. There’s no word yet on whether or not the tweaks to the chip circuitry will affect performance, nor the technical details of the changes. Each chip generation introduces a modest speed-up over the previous generation: the upcoming chips may not offer much of a performance increase this time around due to these necessary redesigns.

“Think of this partitioning as additional ‘protective walls’ between applications and user privilege levels to create an obstacle for bad actors,” Intel chief exec Brian Krzanich said earlier today.

Krzanich added that Intel has now released microcode updates for all of its products launched in the past five years that require Spectre and Meltdown workarounds. These should be available from operating system and motherboard makers.

Infosec expert Professor Alan Woodward, of the University of Surrey in England, commented: “It looks as though Intel accept that whilst they can fix variant one with software updates, the other two remain a threat. They’re going to have to change their architecture but it’s a bit light in detail.

“They talk of partitioning, which is good as the whole problem was being able to access data to which your app was not supposed to have access. However, what’s not clear is quite how this will work and if it will completely defeat this type side channel attack.”

Prof Woodward added that it will be interesting to see what this hardware approach does to execution speed. CPU performance was impaired by earlier software patches, some of which proved problematic to apply.

“The unsaid part is of course that existing hardware will continue to have some vulnerability. Some of this might be mitigated but it’s not going to be removed,” he concluded. ®

Sponsored:
Minds Mastering Machines – Call for papers now open

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/03/15/intel_spectre_mitigation/