Jump to content

Spectre (security vulnerability)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by AnomieBOT (talk | contribs) at 13:40, 4 January 2018 (Dating maintenance tags: {{Unreferenced section}} {{Cn}}). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

The logo of the vulnerability

Spectre is a hardware vulnerability with implementations of branch prediction that affects modern microprocessors with speculative execution,[1] by allowing malicious processes access to the contents of other programs' mapped memory.[2][3][4] Two Common Vulnerabilities and Exposures IDs related to Spectre, CVE-2017-5753 and CVE-2017-5715, have been issued.

History

Spectre was discovered independently by researchers from Google's Project Zero, as well other researchers collaborating with Paul Kocher.[2] It was made public in conjunction with another vulnerability, Meltdown, on January 3, 2018.

Detailed explanation

Spectre is a vulnerability that forces other programs on a user's operating system to access an arbitrary location in the program's memory space.

Instead of a single, easy to fix vulnerability, the Spectre paper describes a whole class of potential vulnerabilities. They are all based on exploiting side effects of speculative execution, a common means of hiding memory latency and so speeding up execution in modern microprocessors. In particular Spectre centers on branch prediction, which is a part of speculative execution. Unlike the related Meltdown vulnerability disclosed at the same time, Spectre does not rely on a specific feature of a single processor's memory management and protection system, but is a more generalized idea. The Meltdown vulnerability can be thought of as a particularly easy and efficient-to-implement special case of Spectre.[citation needed]

The starting point of the white paper is that of a side-channel timing attack, applied to the branch prediction machinery of modern out-of-order-executing microprocessors. While at the architectural level documented in processor data books, any results of misprediction are specified to be annulled after the fact, the resulting speculative execution may still leave around side effects, like loaded cache lines. Those can then affect the so-called non-functional aspects of the computing environment later on. If such side effects—including but not being limited to memory access timing—are visible to a malicious program, and can be engineered to depend on sensitive data held by the victim process, they can result in the sensitive data becoming discernible. This can happen despite the formal architecture-level security arrangements working as designed; in this case lower, microarchitecture-level optimizations to code execution leak information not essential to the correctness of normal program execution.

The Spectre paper displays the attack in four essential steps:

  1. First, it shows, that branch prediction logic in modern processors can be trained to reliably hit or miss based on the internal workings of a malicious program.
  2. Then it goes on to show, that the following difference between cache hits and misses can be reliably timed so, that what should have been a simple non-functional difference, can in fact be translated into a covert channel, which extracts information from an unrelated process's inner workings.
  3. Thirdly, the paper synthesizes the results with return-oriented programming exploits and other principles with a simple example program and also a JavaScript snippet run under a sandboxing browser; in both cases, the entire address space of the victim process is shown to be readable by simply exploiting speculative execution of conditional branches in code generated by a stock compiler or the JavaScript machinery present in an extant browser. The basic idea is to search existing code for places where speculation touches upon otherwise inaccessible data, manipulate the processor into a state where speculative execution has to touch that data, and then to time the side effect of the processor being faster if its by-now-prepared prefetch machinery indeed did load a cache line.
  4. Finally, the paper concludes by generalizing the attack to any non-functional state of the victim process. It shortly discusses even such highly unobvious non-functional effects as bus arbitration latency.

The basic difference between Spectre and Meltdown is, that the latter relies on specific features of modern Intel processors: the CPUs can be tricked into speculating into protected system data, and to be forced into guaranteed handling of the related security exception. The setup in Spectre has more of a statistical flavor: it does its best to prepare a processor's branch prediction machinery in a certain way, and uses code maybe (or not) found in existing libraries to do essentially the same thing.

Impact

As of 2018, almost every computer system is affected by Spectre, including desktops, laptops, and mobile devices. Specifically, Spectre has been shown to work on Intel, AMD, and ARM processors.[5][6]

At present, Spectre has only been shown to work between user level programs, but it seems likely the attack can be developed further. While more difficult to utilize properly than Meltdown, Spectre may be much more challenging to defend against due to its generality. The original white paper even speculates that significant changes in microprocessor architecture might be needed in order to fully dispose of the problem.

Furthermore, Spectre has the potential of having a greater impact on cloud providers than Meltdown. Whereas Meltdown allows unauthorized applications to read from privileged memory to obtain sensitive data from processes running on the same cloud server, Spectre can allow malicious programs to induce a hypervisor to transmit the data to a guest system running on top of it.[7]

Mitigation

Since Spectre represents a whole class of attacks, there most likely cannot be a singular patch for it. While work is already being done to address special cases of the vulnerability, even the original website devoted to Spectre and Meltdown states: "As [Spectre] is not easy to fix, it will haunt us for a long time."[2]

See also

References

  1. ^ Greenberg, Andy (January 3, 2018). "A Critical Intel Flaw Breaks Basic Security for Most Computers". Wired (magazine). Retrieved January 3, 2018.
  2. ^ a b c Staff (2018). "Meltdown and Spectre". Graz University of Technology. Retrieved January 3, 2018.
  3. ^ Metz, Cade; Perlroth, Nicole (January 3, 2018). "Researchers Discover Two Major Flaws in the World's Computers". The New York Times. ISSN 0362-4331. Retrieved January 3, 2018.
  4. ^ Warren, Tom (January 3, 2018). "Intel's processors have a security bug and the fix could slow down PCs". The Verge. Retrieved January 3, 2018.
  5. ^ Staff (2018). "Meltdown and Spectre-faq-systems-spectre". Graz University of Technology. Retrieved January 4, 2018.
  6. ^ Busvine, Douglas; Nellis, Stephen (January 3, 2018). "Security flaws put virtually all phones, computers at risk". Reuters. Thomson-Reuters. Retrieved January 3, 2018.
  7. ^ Fox-Brewster, Thomas (January 3, 2018). "Massive Intel Vulnerabilities Just Landed -- And Every PC User On The Planet May Need To Update". Forbes. Forbes Media LLC. Retrieved January 3, 2018.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Spectre_(security_vulnerability)&oldid=818595610"