To eliminate Specter and Meltdown, you may have to create a completely new type
Is it true that Meltdown and Specter are too fundamental to release a patch for them? One expert thinks so.
How to identify and fix such errors as Specter and Meltdown? This issue was the hottest topic among microprocessor enthusiasts this year. At one of the main academic events in the industry, the Hot Chips conference, experts agreed that the final solution to the problem may require - yes, even more talk.
At a meeting in Cupertino, Professor Mark Hill of the University of Wisconsin was asked to speculate about the consequences of attacks on third-party channels or attacks on the speculative execution of commands from modern processors that are manufactured by ARM, Intel, and others. He listed solutions such as specialized kernels, resetting the cache when changing the context and business ideas like increasing fees for exclusive virtual machines.
But the real answer, he said, and other speakers, will be the improvement of cooperation between software developers and equipment - and, perhaps, a complete reworking of today's microprocessors.
As the whole chip industry got a blow in the background,
Information about Meltdown and Specter was unexpectedly disclosed at the end of 201? shortly before these vulnerabilities were supposed to be formally, quietly unveiled at CES in January 2018. They were discovered by the zero-day vulnerability search team from Google, Google Project Zero. Attacks take advantage of the ability of modern microprocessors, such as speculative execution of commands, when the processor, in fact, "guesses" which branch of instructions it is necessary to perform. Paul Turner, the engineer and the head of the core backbone of Google developers, who attended the conference, said that none of the members of Project Zero warned about the opening of their colleagues; they learned about this with all.
For 20 years, microprocessor developers believed that an incorrect "guess" simply discards data without creating security risks. They were wrong, and they proved the attacks by external channels.
From a practical point of view, this means that one tab of the browser can view the content of another browser, or one virtual machine might look into another. This prompted processors manufacturers, in particular, Intel, together with Microsoft, to release fixing programs, or patches. This is the most effective way to protect your PC from Specter, Meltdown, or any other subsequent attacks, such as Foreshadow.
Fortunately, checking such information takes time - in some cases, quite a lot. NetSpectre, capable of remotely exploiting the Specter vulnerability, can be used to break into a cloud service or a remote machine. On the one hand, data can flow no faster than 1 bit per minute, as John Hennessy, the famous microprocessor developer, a member of the board of directors of Alphabet, says. On the other hand, the average time between hacking the server and detecting this fact is 100 days, he added - which can give the vulnerability time to work.
Intel's next-generation processors will probably not be able to completely fix the first version of the Specter, Hennessy said, despite the fact that the development of measures to eliminate this defect will begin this fall, in the project of the new Xeon processor, Cascade Lake.
Patch or remodel?
ARM, Intel, AMD and other industry giants can correct the problem by taking the necessary measures quickly, Hill added. But to completely eliminate the problem, more fundamental changes may be required, he said.
"In the long run, the question is how to properly describe this process in order to potentially completely eliminate the problem," Hill said. "Or we will have to treat her like crimes that we just try to restrain."
Speculative execution of commands is one of the reasons why the microprocessor, and consequently the PC, achieved record sales, noted John Masters, the architect of computer systems from Red Hat. But this performance was regarded as a "magic black box," he said, without the appropriate questions from users or customers. This genie has already been released from the bottle. Eliminate the speculative implementation - and this will slow the CPU down to twenty times, Hill said.
Among Hill's solutions, isolation of the branch prediction element, addition of randomization, implementation of improved equipment protection. One solution may be to add slower and safer execution modes; another - the separation of the mechanism for executing commands between "fast cores" and "safe cores". He also proposed business solutions, among which the increase in the cost of virtual machines - instead of sharing hardware resources between several virtual machines, a cloud provider could provide exclusive access. Finally, Hill noted that attacks like Specter can also lead to a revival of accelerators: fixed-purpose logic optimized for one task and not relying on speculation.
But a fundamental solution to this problem would be a complete redesign of the architecture, Hill said. The computer architecture determines how the processor performs a set of program instructions using arithmetic devices, floating point devices, and others. Today's chips were designed to meet the requirements of the original model. But if the basic architectural model has a fundamental flaw, he said, it may be time for a new model. In other words, Specter and Meltdown are not bugs, but drawbacks in the design of modern chips, which may require a new model.
As a result, the conference participants agreed on simple truths, such as the fact that the equipment must be developed, remembering the software, and vice versa - and both sides should enhance security. "It often happens that the equipment developers create some kind of fine machine, and we stop talking about it, or the software developers say - well, it's iron, I have something before it. It's time to stop it, "Masters said.
It may be interesting
Thttps://clubessay.com/here is definately a great deal to know about this subject. I like all of the points you've made.
VK Mobile ChallengE is best challange I have ever seen. Thanks for sharing such awesome news.
I was just browsing through the internet looking for some information and came across your blog. I am impressed by the information that you have on this blog. It shows how well you understand this subject. Bookmarked this page, will come back for more.
Situs QQ Online
Situs QQ Online
After reading your article I was amazed. I know that you explain it very well. And I hope that other readers will also experience how I feel after reading your article.
Situs QQ Online
Situs QQ Online