Specter: Google researchers investigating the scope and impact of Specter attacks have published a document (PDF) which confirms that Specter-type vulnerabilities will continue to exist on computers and that software-using techniques will result in a very high cost of performance.
Regardless of the cost, according to the research, the software will be inadequate, because some of the specter defects are not repaired with such changes.
The discovery and development of Meltdown and Specter attacks was undoubtedly one of them greatest in security history of computers. It was first unveiled last January, and since then new variations have been appearing throughout the year.
Below we will try, as much as we can explain the vulnerabilities, but also why software changes can not help. If you do not understand something, do not be disappointed, let's explain it below.
Both attacks are based on the discrepancies between the theoretical behavior of a processor and the documented behavior that depends on the developers and how they write their programs to determine the actual behavior of the applications.
In particular, all modern processors do something we call the theoretical execution (from speculative execution).
What does this mean; They make assumptions.
For example, consider a value read from hypothetic memory. If the case is true or false permits or does not allow execution of a command respectively. If the assumptions are correct, the theoretical results are retained. If not, the theoretical results are discarded and the processor repeats the calculation.
The theoretical execution is not an architectural feature of the processor. It is a feature of implementations and so it is supposed to be completely invisible to the applications running on your computer. When the processor rejects an incorrect case, it should be as if it never happened.
What Meltdown and Specter detects are that the theoretical execution is not completely invisible, and that when the processor rejects the results, some evidence from the wrong assumptions remains behind.
For example, speculation can change the data stored in the cache of the processor. There are therefore applications that can detect these changes by measuring the time to read the values from the memory.
Specter: attack and countermeasures
Browser developers assume that they can build secure sandboxes to run a browser's processes. This way, scripts from malicious domains will not be able to learn about the memory layout and the processes that are running. Architecturally, these assumptions are correct. But the reality of Specter, came and landed too many.
Meltdown and Specter: Diversity
The Meltdown attack, which targeted and targeted its chips IntelOf Apple and other manufacturers, was a particularly unpleasant variation of the above. Vulnerability allows a malicious program to extract data from the operating system kernel. Immediately after the discovery of Meltdown, changes have been made to operating systems to hide their data from such malicious programs.
However, Specter's vulnerability has so many different variations to date (and are still being discovered) that it makes it much more insidious. So developers try using various software development techniques to prevent data leakage in the processor or simply limit the information that can be revealed through the theoretical execution of the processor.
Google research has shown that these software-based measures are half-measures in essence. Some of them, such as blocking all cases after the values are loaded from memory, protect against many attacks, but they are too weak in the system to be used in practice.
Here, let us mention that whatever measures they have taken, they have not discovered anything that protects absolutely. According to the researchers, a combination of techniques should be used and this will have cumulative effects on performance.
And now what;
So the company came to the conclusion that we can not protect against Specter vulnerability with software repairs. Appropriate measures should also be taken in hardware, but this scares why requires upgrades in millions of systems.
At present, applications that are trying to build secure environments based on guarantees provided by hardware to protect between processes.
For example, o Chrome has changed code to prevent content from running multiple domains in the same process. This still does not protect itself Chrome sandbox from a scripts attack, but ensures that a script cannot be attacked by multiple domains. Whatever we do, it's a kind of protection…
Overall, research shows that Specter will employ software developers, hardware manufacturers and end users for years to come.