Third, because the micro-op cache sits at the front of the pipeline, well before execution, certain defenses that mitigate Spectre and other transient execution attacks by restricting speculative cache updates still remain vulnerable to micro-op cache attacks.The Spectre vulnerability was discovered almost 4 years ago and it seemed to affect processors from intel, AMD and ARM. Second, these attacks are not detected by any existing attack or malware profile. "First, it bypasses all techniques that mitigate caches as side channels. "The micro-op cache as a side channel has several dangerous implications," the researchers said. To safeguard from the new attack, the researchers propose flushing the micro-ops cache, a technique that offsets the performance benefits gained by using the cache in the first place, leverage performance counters to detect anomalies in the micro-op cache, and partition it based on the level of privilege assigned to the code and prevent unauthorized code from gaining higher privileges. The silver lining here is that exploiting Spectre vulnerabilities is difficult. That is why we still need to secure the hardware" "The percentage of code that is written using Constant Time principles is in fact quite small. "Constant-time programming is not only hard in terms of the actual programmer effort, but also entails high performance overhead and significant deployment challenges related to patching all sensitive software," Venkat said in a statement shared with The Hacker News. Intel, in its guidelines for countering timing attacks against cryptographic implementations, recommends adhering to constant-time programming principles, a practice that's easier said than done, necessitating that software changes alone cannot adequately mitigate threats arising out of speculative execution. On AMD Zen microarchitectures, the micro-ops disclosure primitive can be exploited to achieve a covert data transmission channel with a bandwidth of 250 Kbps with an error rate of 5.59% or 168.58 Kbps with error correction, the researchers detailed. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel." "But it turns out the walls of this waiting area have ears, which our attack exploits. "Intel's suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute," Ashish Venkat, an assistant professor at the University of Virginia and a co-author of the study, said. Micro-op caches have been built into Intel-based machines manufactured since 2011. The new attack method exploits what's called a micro-operations (aka micro-ops or μops) cache, an on-chip component that decomposes machine instructions into simpler commands and speeds up computing, as a side-channel to divulge secret information. "Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wrong way." "A Spectre attack tricks the processor into executing instructions along the wrong path," the researchers said. The disclosure of Spectre and Meltdown opened a floodgates of sorts, what with endless variants of the attacks coming to light in the intervening years, even as chipmakers like Intel, ARM, and AMD have continually scrambled to incorporate defenses to alleviate the vulnerabilities that permit malicious code to read passwords, encryption keys, and other valuable information directly from a computer's kernel memory.Ī timing side-channel attack at its core, Spectre breaks the isolation between different applications and takes advantage of an optimization method called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets. Traditional security measures won't cut it in today's world. Beat AI-Powered Threats with Zero Trust - Webinar for Security Professionals
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |