Since 2018, an almost endless series of attacks, widely known as Specter, have kept Intel and AMD engaged in developing defenses to mitigate vulnerabilities that allow malware to pick passwords and other sensitive information directly out of silicon. Now researchers say they have devised a new attack that breaks most ̵
Specter got its name from the abuse of speculative execution, a feature of almost all modern CPUs that predicts the future instructions that the CPUs may receive and then follows a path that the instructions are likely to follow. By using code that forces a CPU to execute instructions along the wrong path, Specter can extract confidential data that would have been accessed if the CPU continued down the wrong path. These exploits are called transient executions.
Since Specter was first described in 2018, new varieties have appeared almost every month. In many cases, the new variants have required chip manufacturers to develop new or reinforced defenses to mitigate the attacks.
For example, a key protection from Intel known as LFENCE prevents newer instructions from being sent for execution earlier. Other hardware and software-based solutions, widely known as fences, build digital fences around secret data to protect against transient execution attacks that allow unauthorized access.
Researchers at the University of Virginia said last week that they found a new transient execution variant that breaks virtually all on-chip defenses that Intel and AMD have implemented to date. The new technique works by targeting an on-chip buffer that caches “micro-ops”, which are simplified commands derived from complex instructions. By letting the CPU retrieve the commands quickly and early in the speculative execution process, micro-up-caches improve processor speed.
The researchers are the first to utilize the micro-ops cache as a side channel or as a medium to make observations about the confidential data stored in a vulnerable computer system. By measuring the timing, power consumption, or other physical characteristics of a targeted system, an attacker could use a side channel to derive data that would otherwise be out of bounds.
“The micro-op cache as a side channel has several dangerous consequences,” the researchers wrote in an academic article. “First, it bypasses all techniques that reduce caches as side channels. Second, these attacks are not detected by any existing attack or malware profile. Third, because the micro-up cache sits at the front of the pipeline, long before execution, certain defenses that mitigate Specter and other transient execution attacks by limiting speculative cache updates are still vulnerable to micro-up cache attacks. “
The newspaper continues:
Most existing invisible speculation and hedge-based solutions focus on hiding the unintended, vulnerable side effects of speculative execution that occur at the back of the processor pipeline, rather than inhibiting the source of speculation at the front end. It makes them vulnerable to the attack we describe, which reveals secrets that are speculated in, via a front channel, before a brief instruction is given the opportunity to be sent for execution. This avoids a whole host of existing defenses. Furthermore, due to the relatively small size of the micro-up cache, our attacks are significantly faster than existing Specter variants, which rely on priming and probing multiple cache sets to transmit secret information and are significantly more insidious as it uses micro-up cache as its primary detection, introducing fewer data / instruction cache access, let alone missing.
There has been pushback since the researchers published their paper. Intel disagreed that the new technology breaks down defenses already introduced to protect against transient execution. In a statement, company officials wrote:
Intel reviewed the report and informed researchers that existing attenuations were not circumvented and that this scenario is addressed in our secure coding guide. Software that follows our instructions already has protection against random channels including uop cache random channel. No new mitigation or guidance is required.
Transient execution uses malicious code to exploit speculative execution. Utilization, in turn, circumvents border controls, authentication controls, and other security measures built into applications. Software that follows Intel’s secure coding guidelines is resistant to such attacks, including the variant introduced last week.
The key to Intel’s guidance is the use of constant time programming, an approach in which code is written to be secretly independent. The technology, which the researchers introduced last week, uses code that integrates secrets into the CPU branch’s predictors, and as such does not follow Intel’s recommendations, a company spokesman said in the background.
AMD did not provide a response in time to be included in this post.
Another rejection has come in a blog post written by Jon Masters, an independent researcher in computer architecture. He said the paper, particularly the cross-domain attack it describes, is “interesting reading” and a “potential concern”, but that there are ways to address the vulnerabilities, possibly by invalidating the micro-ops cache when crosses the privilege barrier.
“The industry had a major problem with Specter, and as a direct consequence, a major effort was made to separate privileges, isolate workloads and use different contexts,” Masters wrote. “A cleanup may be needed in light of this latest paper, but there are limitations available, albeit always to some performance costs.”
Not so simple
Ashish Venkat, professor of computer science at the University of Virginia and co-author of last week’s paper, agreed that constant time programming is an effective means of writing apps that are invulnerable to side channel attacks, including those described by last week’s paper. But he said the vulnerability being exploited lies in the CPU and therefore should receive a microcode patch.
He also said that much of today’s software remains vulnerable because it does not use constant time programming and there is no indication when it will change. He also reiterated the Masters’ remark that code access slows down applications.
Constant time programming, he told me, “is not only extremely tough in terms of the actual programming effort, but also poses significant challenges in patching all the sensitive software that has ever been written. It is also typically used exclusively for small, specialized safety routines due to performance overhead. ”
Venkat said the new technology is effective against all Intel chips designed since 2011. He told me that in addition to being vulnerable to the same cross-domain exploitation, AMD processors are also susceptible to a separate attack. It leverages the simultaneous multithreading design because the micro-up cache in AMD processors is competitively shared. As a result, attackers can create a hidden cross-wire channel that can transmit secrets with a bandwidth of 250 Kbps and an error rate of 5.6 percent.
Transient execution poses serious risks, but at present they are mostly theoretical because they are rarely, if ever, actively exploited. Software engineers, on the other hand, have much more cause for concern, and this new technique should only increase their concerns.