Researchers from the University of Virginia School of Engineering recently disclosed a new Spectre hardware exploit that can steal secrets via Intel/AMD micro-op caches and circumvents current Spectre defenses. Intel and AMD say no new guidance is needed. Researchers say suggested fixes are inconvenient to deploy or have performance drawbacks.
Ashish Venkat, William Wulf career enhancement assistant professor of computer science at UVA Engineering, explained the exploit in layman terms:
Think about a hypothetical airport security scenario where TSA lets you in without checking your boarding pass because (1) it is fast and efficient, and (2) you will be checked for your boarding pass at the gate anyway.
A computer processor does something similar. It predicts that the check will pass and could let instructions into the pipeline. Ultimately, if the prediction is incorrect, it will throw those instructions out of the pipeline, but this might be too late because those instructions could leave side-effects while waiting in the pipeline that an attacker could later exploit to infer secrets such as a password.
Intel’s suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute. But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel.
The research team detailed in their paper three new attacks that bypass the existing Spectre mitigations:
- A same-thread cross-domain attack that leaks secrets across the user-kernel boundary
- A cross-SMT thread attack that transmits secrets across two SMT threads via the micro-op cache
- Transient execution attacks that have the ability to leak an unauthorized secret accessed along a mis-speculated path, even before the transient instruction is dispatched to execution, breaking several existing invisible speculation and fencing-based solutions that mitigate Spectre
Intel answered to the researchers’ report stating that no new mitigations are needed, provided software follows Intel’s secure coding guidance:
Intel reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed in our secure coding guidance. Software following our guidance already has protections against incidental channels including the uop cache incidental channel. No new mitigations or guidance are needed.
AMD similarly commented on the ExtremeTech technology weblog:
AMD has reviewed the research paper and believes existing mitigations were not being bypassed and no new mitigations are required. AMD recommends its existing side-channel mitigation guidance and standard secure coding practices be followed.
Side-channels that steal secret data from speculative execution attacks such as Spectre use timing attack techniques to determine the location of the target data. The research team acknowledged that constant-time programming, one mitigation technique recommended by Intel in its secure coding guidance, does indeed prevent timing attacks. Venkat however warned:
[…] Constant-time programming is not only hard in terms of the actual programmer effort, but also entails high performance overhead and significant deployment challenges related to patching all sensitive software. The percentage of code that is written using constant-time principles is in fact quite small. Relying on this would be dangerous. That is why we still need to secure the hardware.
As a matter of fact, in a post in the Google Security Blog, information security engineers Stephen Röttger and Artur Janc recently emphasized that three years after the discovery of Spectre, hackers can still exploit the vulnerability to force web browsers to leak information. Röttger and Janc provided in the post an interactive demonstration of the attack and a YouTube demo that they say confirm the practicality of Spectre exploits against JavaScript engines. The pair commented:
The low-level nature of speculative execution vulnerabilities makes them difficult to fix comprehensively, as a proper patch can require changes to the firmware or hardware on the user’s device. […] The design of existing web APIs still makes it possible for data to inadvertently flow into an attacker’s process.
[… Spectre] class of attacks still remains a concern and requires web developers to deploy application-level mitigations. [… Even though,] they don’t guarantee complete protection against Spectre; they require a considered deployment approach that takes behaviors specific to the given application into account.
The micro-op cache on modern x86 CPUs stores decoded instructions so they can be promptly accessed again if needed, thus improving power consumption and performance.
Timing attacks are a broad class of side-channel attacks that measure different execution times of a program in order to infer some of its secret values. In comparison to other side-channel attacks, timing attacks require minimal interaction with the target and can be mounted remotely. Examples of libraries that make use of constant-time programming include NaCl, mbedTLS, or Open Quantum Safe.