A research team—including many of the original researchers behind Meltdown, Spectre, and the related Foreshadow and BranchScope attacks—has published a new paper disclosing yet more attacks in the Spectre and Meltdown families. The team has discovered seven new Meltdown-BR exploiting the meltdown effect x86 bound instruction on Intel and AMD and Meltdown-PK exploiting the Meltdown-type effect on memory protection keys on Intel and five variants belonging to Spectre attack exploiting Spectre-PHT and Spectre-BTB attacks.
These attacks are called a sound and extensible systematisation of transient execution.
All the seven attacks are affected by the three major processor vendors Intel, AMD and ARM that allows an attacker to gain access to vulnerable system data, fulfilling predictions made when the Spectre and Meltdown flaws were reported at the beginning of the year.
Back at the start of the year, a set of attacks that leveraged the speculative execution capabilities of modern high-performance processors was revealed. Since then, numerous variants of these attacks have been devised. In tandem, a range of mitigation techniques has been created to enable at-risk software, operating systems, and hypervisor platforms to protect against these attacks.
CPU slingers insist existing defences will stop attacks – but eggheads disagree. While some are mitigated by known mitigation techniques, others are not. That means further work is required to safeguard vulnerable systems.
The previous investigations into these attacks have been a little ad hoc in nature: examining particular features of interest to provide, for example, a Spectre attack that can be performed remotely over a network or Meltdown-esque attack to break into SGX enclaves. The new research is more systematic, looking at the underlying mechanisms behind both Meltdown and Spectre and running through all the different ways the speculative execution can be misdirected.
These processor security flaws can be exploited by malicious users and malware on a vulnerable machine potentially to lift passwords, encryption keys, and other secrets, out of memory that should be off-limits. To date, we're not aware of any software nasties exploiting these holes in the wild, but nonetheless, they have been a wake-up call for the semiconductor industry, forcing redesigns of silicon and changes to toolchains.
These attacks are called a sound and extensible systematisation of transient execution.
All the seven attacks are affected by the three major processor vendors Intel, AMD and ARM that allows an attacker to gain access to vulnerable system data, fulfilling predictions made when the Spectre and Meltdown flaws were reported at the beginning of the year.
Back at the start of the year, a set of attacks that leveraged the speculative execution capabilities of modern high-performance processors was revealed. Since then, numerous variants of these attacks have been devised. In tandem, a range of mitigation techniques has been created to enable at-risk software, operating systems, and hypervisor platforms to protect against these attacks.
CPU slingers insist existing defences will stop attacks – but eggheads disagree. While some are mitigated by known mitigation techniques, others are not. That means further work is required to safeguard vulnerable systems.
The previous investigations into these attacks have been a little ad hoc in nature: examining particular features of interest to provide, for example, a Spectre attack that can be performed remotely over a network or Meltdown-esque attack to break into SGX enclaves. The new research is more systematic, looking at the underlying mechanisms behind both Meltdown and Spectre and running through all the different ways the speculative execution can be misdirected.
These processor security flaws can be exploited by malicious users and malware on a vulnerable machine potentially to lift passwords, encryption keys, and other secrets, out of memory that should be off-limits. To date, we're not aware of any software nasties exploiting these holes in the wild, but nonetheless, they have been a wake-up call for the semiconductor industry, forcing redesigns of silicon and changes to toolchains.