Speculative meltdown

  • Consumers need to be aware that these flaws are critical and can be used to steal data
  • Everyone needs to update their devices and apply patches as soon as they can

 

Speculative meltdown

 

Speculative meltdownALL the magic of the modern age is made possible by the fact that computers are capable of doing calculations really fast, like billions of computations a second fast.

These calculations are typically handled by a single chip inside your digital devices – the microprocessor – that is essentially the brains of all modern computing devices.

It is a complicated bit of machinery that is capable of doing more than just simple arithmetic.

We have added many capabilities to the microprocessor as our needs changed over the years. Most of the time, we don’t really care about how they work.

However, they have been in the news lately due to the discovery of Meltdown and Spectre attacks.

These attacks are not purely theoretical attacks. The researchers who worked on these flaws have posted videos that show the attacks in action – stealing data from another application; and dumping memory from another application – both actions are supposed to be impractical to do.

It can even be remotely exploited. A rogue website can load malicious javascript into a users’ browser to steal data from the operating system or other application running in the system by breaking out of the sandbox that usually prevents websites from accessing data outside the browser.

While these attacks have been classified into three distinct variants, all exhibit similar features.

These security flaws exploit speculative execution on a microprocessor, to create side-channels that bypass security mechanisms used to protect data in the memory.

For decades, we have been obsessed with how fast microprocessors run as it improves our overall experience with our devices.

Everyone knows that a faster microprocessor is better. Therefore, microprocessors have been designed to eke out every last drop of performance by using different forms of speculative execution.

An example of speculative execution happens when a software needs to make a decision.

When a driver in a car arrives at a road junction, the driver will stop for a bit, consider the traffic conditions at the junction e.g. traffic lights and other vehicles, then decide and drive down either the left or right path. This is slow because the driver needs to stop, think, and decide, before driving down a path.

Speculative execution allows us to do something quite magical. The car (microprocessor) takes a guess and rolls down one path, speculatively, while the driver (application) stops at the junction to consider. After the driver thinks and makes a decision, either the driver gets teleported into the car (correct guess), or the car returns back to the junction (incorrect guess) and takes the other path.

Ultimately, both the driver and the car goes down the correct path. However, the odometer (side-channel) on the car has a different value depending on the accuracy of the guess. Imagine that the driver had a jealous spouse (malicious code). Just by looking at the value of the odometer later, the spouse is able to tell whether the guess was accurate.

This could allow the spouse to infer the traffic conditions at the junction without the need to be physically present in the car at the junction, especially if the spouse could tune the car to naturally roll left at junctions.

Unfortunately, speculative capabilities in a microprocessor are hardware designed to be transparent to the software, meaning that it cannot be controlled by software as there isn’t a switch to turn it on/off.

However, it can be influenced by software and that is why these flaws can only be mitigated, and not eliminated from existing systems.

However, mitigation comes at a cost.

There have been announcements from all the major microprocessor makers. ARM has comprehensively identified each processor model affected.

AMD has staked the claim that their processors are minimally affected or immune to these attacks.

However, Intel is trying hard to contain the fallout – their CEO offloaded as much stock as he possibly could prior to the public announcement, while Linux Torvalds (creator of Linux) is furious at Intel, accusing them of being ‘committed to selling you shit forever and ever’.

In the short term, consumers need to be aware that these flaws are critical and can be used to steal private data.

Therefore, everyone needs to update their devices and apply patches as soon as they can. This applies to anything that we use on a daily basis – PCs, laptops, tablets and phones.

The good news is that for most consumers, the impact of these patches will be insignificant. Gamers will be minimally affected as games have a graphics bottleneck. Similarly, networking/streaming applications are limited by broadband speeds and not the microprocessor.

The ones most affected by these critical flaws are businesses.

RedHat reported a measurable regression of up to 20% for database and file-heavy workloads with Meltdown patches applied on a bare-metal server while cautioning that virtualisation will make things worse. Similar results are being reported by Microsoft.

One company, Epic Games, showed a 30% regression and blamed the patches for their on-line game – Fortnite – slowing down.

This means a potential 25%-50% increase in cost for some businesses. Therefore, it comes as no surprise that Intel has already been hit with three class action lawsuits as nearly all their microprocessors from the last two decades are vulnerable to these critical flaws and the software workarounds needed could increase costs significantly.

But it may not stop there.

While we may rely on operating system patches to mitigate the Meltdown problem, the Spectre problem is a bit more troublesome.

The popular GCC compiler has published patches to avoid compiling code with speculative execution, while WebKit (Chrome and Safari engines) has rewritten a lot of their code to workaround speculative execution. Nvidia has released new drivers with patches applied.

It goes without saying that if software has to be recompiled and/or rewritten to avoid/workaround speculative execution, it may take a performance hit.

A benchmark shows that Redis suffers a 5% regression with Meltdown patches and an additional 10% regression when recompiled with Spectre patches applied. Apache web servers show up to a 20% regression with both patches applied.

In addition, major software publishers may need to redesign, rewrite, recompile and retest their software products and this will incur significant man-power cost. Thus, the true cost of these flaws may not be known for years to come.

Disclaimer: At Aeste we have our own microprocessor designs that are immune to Meltdown and Spectre attacks.

Dr Shawn Tan is a chartered engineer who has been programming since the late-80s. Having read law, he minds his own business at Aeste. A former academic and research fellow, he designs open-source microprocessors for fun. He can be reached via Twitter/Facebook as @sybreon.

 

 
Keyword(s) :
 
Author Name :
 

By commenting below, you agree to abide by our ground rules.

Subscribe to SNAP
Download Digerati50 2018-2019 PDF

Digerati50 2018-2019

Get and download a digital copy of Digerati50 2018-2019