It would also be expensive, since changes can't be tested without rebuilding, laying out, and manufacturing the chip. There are some projects ( RISC-V comes to mind) attempting to change the architecture, but they are all in their infancy. Starting over with a fresh design and adding improved security protections from the start sounds tempting, but it doesn’t make engineering sense. The current firmware and software updates are just mitigations until the comprehensive hardware fix is available. To permanently fix these design-level issues, chip manufacturers have to go back to the drawing board and create designs that have better security protections and address the uncovered issues. Rather, they reflect how using out-of-order-execution to boost speed and performance affected existing security and memory protection mechanisms. These chip-level security flaws aren’t mistakes in the sense that the designers did something wrong or introduced an error. It also helps that Variant 4 has already been mitigated in most web browsers, the most likely vector for attack, by the previously released updates for Variant 1 (Spectre). However, Intel and AMD have said the updates will be turned off by default and users will have to decide whether to actually apply the patch. Updates for Intel, AMD, and ARM chips are currently being tested and validated by operating system makers and OEM system manufacturers and will soon be released into production BIOS and software updates. The conditions necessary to exploit these issues were “rather steep and complex,” he said. “These present themselves as rather exotic attack vectors,” said Tod Beardsley, research director at security company Rapid7. It doesn’t mean criminal and government attackers with local or physical access to equipment won’t ever take advantage of these issues, but there are other more likely attack vectors that should be addressed before worrying about these. Simple social engineering techniques are just as effective, if not more, as complicated hard-to-target side-channel attacks in getting users to run untrusted code. That kind of malware would require local access, and if the attacker has access, there are scores of other methods that would be far easier to execute. There has not been any public reports of malware attacking Meltdown (CVE-2017-5754) or Spectre (CVE-2017-5753, CVE-2017-5715) in chips, and experts speculated the likelihood of malware targeting Variant 4 (CVE-2018-3639) was also very low. The researchers also disclosed another method, the Rogue System Register Read (CVE-2018-3640) or Variant 3a, which allows normal programs to access system parameters (such as hardware status flags) which should be restricted to the operating system kernel, drivers, and hypervisors. Called “Speculative Store Bypass,” this issue (Variant 4) is a derivative of the side-channel methods Spectre (Variants 1 and 2) and Meltdown (Variant 3) and can let attackers extract secrets such as passwords from protected kernel or application memory. Speculative execution refers to the way processors try to guess what actions programs would take, and to preemptively execute instructions while waiting for slower tasks to complete. In the latest round of chip processor Whack-a-Mole, Google Project Zero and Microsoft Security Response Center disclosed details of a new attack using speculative execution to expose data stored on processors through a side channel. Chip security depends on incremental tweaks made over the next four years. Software companies and chip makers are working on firmware updates and software fixes to address Spectre, Meltdown, and other side-channel attacks against processors, but we can’t patch our way to better hardware security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |