Image: SHUTTERSTOCK / MARKUSENES
2018-01-12 11:52:27 UTC
Now that patches on recently discovered Spectrum and Meltdown vulnerabilities have been widely deployed, Google has detailed how it managed to manage these threats on its cloud services such as Gmail and Search before the public knows it. Tip: It was not easy.
In a long blog post Ben Treynor Sloss, vice president of Google’s 24/7 operations, explains how hard these security holes have been, and how long it has been Google needed to solve them. but that was the Google Project Zero team that had discovered them.
According to Sloss, Specter and Meltdown are actually three different vulnerabilities, one of which – a variant of Spectrum – was particularly difficult to protect. One solution involved disabling some processor features, which would inevitably lead to slower performance.
“For months, hundreds of Google engineers and other companies have worked tirelessly to understand these new vulnerabilities and find ways to mitigate them,” he writes.
Finally, the software engineer Paul Turner created Retpoline software that does the work without slowing down the machines to which it is applied.
Sloss said that in December, all Google Cloud Platform services were protected against all variants of these vulnerabilities. The company has deployed this solution through its infrastructure and has opened it so that others can also benefit from it.
“This set of vulnerabilities was perhaps the most difficult and difficult to solve in a decade, requiring changes at many levels of the software stack and extensive industry collaboration.