Security flaws at Intel, AMD processors affect billions of computers worldwide
After the vulnerability disclosure, Intel has issued guidance suggesting software developers to write code in a way that is not vulnerable to side-channel attacks.
In 2018, researchers found a hardware flaw that impacted processors and devices worldwide, including CPU architectures from Intel and AMD.
Named Spectre, the flaw was built into modern computer processors that get their speed from speculative execution. This technique helps processor predict instructions it might end up executing and prepares by following the predicted path to pull the instructions from memory.
The attack tricked the processor into executing instructions along the wrong path. By the time the processor recovered and completed its task as instructed, hackers could access confidential data.
After Spectre was revealed, computer scientists worked on patches and defences and believed they were able to protect devices without slowing down the speed too much.
However, computer science researchers from University of Virginia (UVA) have found new variants of the Spectre that breaks all current defences, putting billions of computers across the globe at risk.
The UVA team collaborated with University of California, San Diego and detailed their findings in a paper titled, “I See Dead µops: Leaking Secrets via Intel/AMD Micro-Op Caches”.
Ashish Venkat, who led the team, told The Hindu that security vulnerability is a result of the side effects of a major performance feature in modern Intel and AMD processors called micro-op cache.
Micro-op cache speeds up computing by storing simple commands and allowing the processor to fetch them quickly and early in the speculative execution process.
It affects all computers that contain Intel processors manufactured since 2011, and the attacks, similar to Spectre attacks of 2018, affects secure code.
The discovery reveals that hackers can steal data when a processor fetches commands from the micro-op cache.
Since all current Spectre defenses protect the processor in a later stage of speculative execution, they are useless in protecting from new attacks. Two variants of the attacks the team discovered can steal speculatively accessed information from Intel and AMD processors.
“This vulnerability is also much harder to fix because the micro-op cache is such an integral performance feature that sits at the front of the pipeline,” Venkat said.
“Any slowdown at the front of the pipeline is going to impact everything else downstream.”
Venkat and his team have shared their work with Intel and AMD. After the vulnerability disclosure, Intel has issued guidance suggesting software developers to write code in a way that is not vulnerable to side-channel attacks.
“Developers who wish to protect secret data against timing side channel methods should ensure that their code runtime, data access patterns, and code access patterns are identical independent of secret values,” Intel said.
Venkat noted that it is important for hardware vendors to invest in securing existing hardware through potential microcode patches and in the long run, through hardware designed with a security focus.
“The risks here are that the vulnerability we’ve discovered has made Spectre attacks stealthier and more powerful, and Spectre attacks already had the ability to break secure code – so all software that was previously considered impervious to attack is now vulnerable,” he said.
The team has, in its paper, outlined several potential mitigations, including flushing the micro-op cache at protection domain crossings, but these could come at a high performance cost.
“It is really unclear how to solve this problem in a way that offers high performance to legacy hardware, but we have to make it work,” Venkat said. “Securing the micro-op cache is an interesting line of research and one that we are considering.”