Vulnerabilities found by researchers at the University of Virginia and the University of California at San Diego leak data through micro-op caches designed to speed up processing by storing simple commands and allowing processor get them quickly and early in the speculative implementation process.
It is worrying that researchers point out that mitigation of these new vulnerabilities is not currently known.
We’ll look at how our readers use VPN in a future in-depth report. We would love to hear your views on the survey below. It won’t take more than 60 seconds of your time.
The group announced its findings to both Intel and AMD in April, and will present the findings now at next month’s International Computer Architecture Symposium (ISCA).
Harder to alleviate
The Venkat team found that hackers can steal data when the processor retrieves commands from the micro-op cache.
“Think of a hypothetical airport security scenario where the TSA lets you in without checking your boarding pass because (1) it’s fast and efficient, and (2) you are checked with a pass at the gate anyway,” Venkat said.
“The computer processor does something similar. It predicts that it will pass the inspection and can issue instructions to the pipeline. Ultimately, if the forecast is wrong, it will throw these instructions off the pipeline, ”Venkat says.
He adds that by the time the processor decides to reject the instructions, it may be too late, as these instructions may leave “side effects” in the preparation that an attacker can exploit to infer confidential information such as passwords.
Venkat adds that current mitigations will not be able to protect against this new attack vector, as all current Specter defenses will be triggered at a later stage of speculative implementation.
In addition, researchers believe that this new attack using micro-op caching will be more difficult to mitigate.
“Patches that disable micro-op caching or stop speculative performance on legacy hardware would effectively restore critical performance innovations on most modern Intel and AMD processors, and that’s just not possible,” notes senior student author Ren.
Through Tom’s hardware