In 2018, industry researchers and academics uncovered potentially fatal hardware flaws that make computers and other devices around the world more vulnerable to attack.
The researchers named the vulnerability Specter because the flaw was created in modern computer processors that were given speed through a technique known as the “Specter”). A “guesswork operation” in which the processor anticipates a command that may end up being executed and prepares it by following a predicted path to retrieve the command from memory. Specter attacks trick the processor into action. By order following the wrong path Even if the processor has recovered and completed the task properly. But hackers were able to gain access to confidential data as processors were headed the wrong way.
Since the discovery of Specter, the world̵7;s most talented computer scientists from industry and academia have been working on software, patches and hardware protection, ensuring they can protect the most vulnerable spots in the world. The process of executing speculation without slowing down the processing speed too much.
They have to go back to the drawing board.
A team of University of Virginia computer science researchers has uncovered the streak of attacks that destroy Specter’s defenses, meaning billions of computers and other devices around the world today are at the same risk as when Specter was once announced. first The team reported their findings to international chipmakers in April and will present new challenges at the Global Computer Architecture Conference in June.
Researchers led by Ashish Venkat, William Wulf Career Enhancement, assistant professor of computer science at UVA Engineering, have discovered a new way for hackers to exploit so-called “micro-op cache” that increases processing speed. By storing simple commands and allowing Processors to retrieve these data quickly and early in the speculative execution process, micro-op caches were built into Intel computers manufactured since 2011.
The Venkat team discovered that hackers were able to steal data when the processor extracted instructions from the micro-optic cache.
“Think of a fictional airport security situation where TSA allows you to enter without checking your boarding pass because (1) it’s fast and efficient and (2) you will be validated for boarding pass at the gate.” “Computer processors do a similar thing, predicting that the checks will pass and may eventually make recommendations in the pipeline. If the predictions are incorrect, those commands will be thrown out of the pipeline,” says Venkat. But it might be too late because of those pointers. It may leave side effects while waiting in the pipeline that an attacker can later exploit to infer a secret such as a password.
As all current Specter defenses protect the processor in the next phase of the predictive operation, it becomes useless in the face of a new attack by the Venkat team, two of the attacks the team discovers can steal access to information. Especially from Intel and AMD processors.
“Intel’s recommended protection against Specter, called LFENCE, places sensitive code in the waiting area until a security check is performed, then only sensitive code is allowed to operate,” Venkat said. It turns out that the walls of this waiting area have ears that our attacks take advantage of. We show how an attacker can hijack secrets through the micro-op cache as a covert channel. “
Venkat’s team is made up of three of his computer science graduate students, Ph.D. student Xida Ren, Ph.D. student Logan Moody, and graduate student Matthew Jordan.The UVA team collaborates with Dean Tullsen, Professor of the Department of Computer Science and Engineering at the University of California, San Diego and his Ph.D. Mohammadkazem Taram, a student in reverse engineering some of the undocumented features on Intel and AMD processors.
They detailed the discovery in their paper: “I See Dead? Ops: Leaking Secrets via Intel / AMD Micro-Op Caches”.
These newly discovered vulnerabilities are much more difficult to fix.
“In the case of earlier Specter attacks, developers have come up with a relatively easy way to defend against any attack without compromising on critical performance,” Moody said. Is that you are taking a higher performance penalty than your previous attacks.
“A patch that disables the micro-optics cache or stops speculative execution on older hardware can effectively reverse the critical performance innovation in the most modern Intel and AMD processors, and this is not possible.” Said Ren, lead author of the student.
“It’s unclear how to solve this problem in a way that is highly efficient on older hardware. But we have to make it work, ”says Venkat.“ Securing the micro-op cache is interesting research and we’re looking into it. ”
The Venkat team revealed the vulnerability to the product security team at Intel and AMD Ren and Moody spoke on technology at Intel Labs worldwide on April 27 to discuss the impact and potential fixes. Venkat expects computer scientists in academia and industry to work together as quickly as Specter to find solutions.
Team documents are accepted by The highly competitive International Symposium on Computer Architecture or ISCA, the annual ISCA conference is the premier platform for new ideas and research in computer architecture and will be held in June.
Venkat is also working closely with the processor architecture team at Intel Labs on other micro innovations through the National Science Foundation / Intel Partnership on Foundational Microarchitecture Research Program.
Venkat is poised to lead the UVA research team into this discovery. He has established a longstanding partnership with Intel that started in 2012 when he interned with the company while he was a graduate student in computer science at the University of California, San Diego.
This research, like many other projects that Venkat has led, was funded by the National Science Foundation and the Defense Advanced Research Projects Agency.
Venkat was also one of the university’s researchers who co-authored the paper with Mohammadkazem Taram and Tullsen, a UC San Diego collaborator who introduced more targeted microcode protection to Specter, as it is called contextual fencing, allows processors to instantly resolve code running with speculative fencing.
Introducing a handful of targeted microcode-based protections developed to stop Specter in the path of “Context-Sensitive Fencing: Securing Speculative Execution via Microcode Customization”, published at http://www.microcode.com. ACM International Conference on Architectural Support for Programming Languages and Operating Systems As of April 2019, this article was also selected as the Top Among Computer Architecture, Computer Security, and VLSI Design Conference Papers published in the six years between 2014 and 2019.
The team at the Venkat Specter, a new species, has even discovered, even breaking the context-conscious fencing mechanism outlined in Venkat’s award-winning paper, but in this kind of research, breaking down its own defenses is just a victory. That’s great again Each security update allows researchers to dig deeper into the hardware and uncover more bugs, something the Venkat research group did.