How the Meltdown Vulnerability Fix Was Invented
A major security breach has appeared that would affect all Intel microprocessors since at least 2011, some ARM processors and according to Intel perhaps those of # 39; others. Unusually, the exploit, called Meltdown takes advantage of the hardware of the processors rather than a software flaw, so that it bypasses the security systems built into the main systems of D & P. # 39; s operating.
Manufacturers of these operating systems are running to solve a problem, according to The Register who reported the effort for the first time on Tuesday. Restoring the operating system will almost certainly result in some performance reductions in some systems during some uses. But the fact that there is a solution is due in large part to the safety researchers at the Graz University of Technology in Austria, who were not aware of the vulnerability until last month.
Daniel Gruss and his colleagues in Graz specialize in side channel attacks, ways to exploit systems using data from the physical implementation of a system rather than from a computer. 39, a software flaw. In 2016, they examined ways to harden the core of an operating system – the core – against such attacks, and proposed a system they called KAISER. KAISER prevents IT processes in user applications from accessing kernel memory space, which can, for example, give access to your login information or a cryptographic key that you want to protect. It does this by strictly separating the kernel memory space in the processor cache. This may sound simple, but the peculiarities of the x86 architecture, on which most PC and server processors rest, make it a non-trivial task. They published a document on this subject in July 2017 .
“We thought that would be a good countermeasure for generally hardening systems,” Gruss told Spectrum. But there was no particular feat against which he defended himself. “It’s a good design and if you have a good design for something, it will protect you.”
Then things became strange. “From October, we heard Intel making efforts to merge a KAISER patch into the upstream kernel, which surprised us,” he says. “We were not aware of any attack.” They then got wind of Amazon working on an implementation and became more suspicious. “We thought there must be something.”
At one point, they came across a post by Anders Fogh . He had attempted to read protected kernel data using a whim of how modern processors stay busy waiting for slow computing processes to get their data. In such situations, the processors perform speculative execution. In other words, they start working on what they expect should be the next task, rejecting the result if they misunderstood. Fogh failed to make the attack work, but colleagues Gruss, Michael Schwarz and Moritz Lipp, did it.
With researchers from Rambus, the University of Adelaide, the University of Pennsylvania and Cyberus Technology, they formalized the attack on the appellant ] Meltdown . On a website dedicated to the attack, they say: “Meltdown breaks the most basic isolation between user applications and the operating system.This attack allows a program to access to the memory, and thus also to the secrets, of other programs and the operating system. “
A related attack, which they call Spectrum is potentially broader because it “breaks the isolation between different applications.” It allows an attacker to cheat programs without error, which follow best practices, disclosing their secrets, “according to the website.
Unfortunately, Kaiser is not a general solution for Specter, which is thankfully more difficult to remove than Meltdown.
We’re worried about whether KAISER will slow down computers and how much. Gruss and his colleagues tested it on an Intel Skylake processor and recorded a performance loss of less than 1%. However, they have seen larger numbers on older processors, and performance varies depending on what the processor does. For example, a program that needs to handle large amounts of small files will likely slow down, as it must frequently interface with the kernel, says Gruss
Intel seems to agree that: “Any impact on performance depends on the workload, and, for the average user, should not be significant and will be mitigated over time.”
AMD Comment Requester E-mail has not been returned by time of publication.
Google, who discovered the problem independently, listed what is vulnerable, what is not, and how to solve problems in a blog post .
ARM says some of its high-end Cortex A processors are vulnerable, but its Cortex-M products, which are widely used in low-power IoT systems, are not. The complete list and some technical details are here .
The statement of Intel is here.
The Graz Group site published an article on Meltdown Spectrum and KAISER
And here, thanks to the Graz gang, Meltdown is in action:
And here are the passwords: