Thursday, October 18th 2018

MIT Researches Find a New Way to Fix Spectre and Meltdown, Isolation Is Key

The Meltdown and Spectre vulnerabilities have been a real nightmare throughout this year. Those affected were quick (maybe too much) to mitigate the problems with different solutions, but months later even the most recent Intel chips aren't completely safe. Hardware fixes only work for certain Meltdown variants, while the rest are still mitigated with firmware and OS updates that have certain impact on performance.

Intel will have to redesign certain features on their future processors to finally forget Meltdown and Spectre, but meanwhile others have jumped to give some options. MIT researchers have developed a way to partition and isolate memory caches with 'protection domains'. Unlike Intel's Cache Allocation Technology (CAT), MIT's technology, called DAWG (Dynamically Allocated Way Guard) disallows hits across those protection domains. This is important, because attackers targeting this vulnerabilities take advantage of 'cache timing attacks' and can get access to sensible, private data.
Intel's public image was badly damaged not only by the discovery of these vulnerabilities, but also by data that appeared afterwards. The company released Coffee Lake knowing that it was vulnerable to Spectre and Meltdown, and Brian Krzanich sold $24 million of stocks in November 24th, weeks after Intel knew about those security issues (and kept them in secret). Microsoft initial solution was a disaster and Intel's one was called 'complete and utter garbage' by Linus Torvalds. AMD confirmed they were also affected, although not as much as Intel, and we've seen how new variants could be exploited too and put our data in danger. And on, and on, and on.


According to MIT researcher's paper (PDF), DAWG requires "minimal modifications to the underlying operating system", and they assure the performance overhead is "reasonable". Although it's not a silver bullet for all known attacks, they hope to expand this project to fix all Meltdown and Spectre variants. Source: Bit-tech
Add your own comment

7 Comments on MIT Researches Find a New Way to Fix Spectre and Meltdown, Isolation Is Key

#1
Cybrnook2002
How would a roll out of something like this work? Would MB vendors have to decide how to mitigate, Intel method vs MIT method? Then OS updates and bios updates already in the wild would have to either be retracted or validated to work in conjunction with DAWG?

Or would Intel have to accept MIT did it better, and then Intel embraces this and rolls it out as their own?
Posted on Reply
#2
Salty_sandwich
"Cybrnook2002 said:
How would a roll out of something like this work? Would MB vendors have to decide how to mitigate, Intel method vs MIT method? Then OS updates and bios updates already in the wild would have to either be retracted or validated to work in conjunction with DAWG?

Or would Intel have to accept MIT did it better, and then Intel embraces this and rolls it out as their own?
better to listen and learn rather than think we can do this our self, so even if you have the best minds in the world, it could just take someone to look at something with a different approach.
Posted on Reply
#3
dmartin
"Cybrnook2002 said:
How would a roll out of something like this work? Would MB vendors have to decide how to mitigate, Intel method vs MIT method? Then OS updates and bios updates already in the wild would have to either be retracted or validated to work in conjunction with DAWG?

Or would Intel have to accept MIT did it better, and then Intel embraces this and rolls it out as their own?
If you take a look at the paper researchers mention both "minimal modifications to hardware" and "minimal modification to modern operating systems", so it seems Intel would have to implement those changes on their chips and then Microsoft, Apple, Linux and others would have to modify their OS to complete DAWG's implementation.
Posted on Reply
#4
Vayra86
"Cybrnook2002 said:
How would a roll out of something like this work? Would MB vendors have to decide how to mitigate, Intel method vs MIT method? Then OS updates and bios updates already in the wild would have to either be retracted or validated to work in conjunction with DAWG?

Or would Intel have to accept MIT did it better, and then Intel embraces this and rolls it out as their own?
What you get is a task force of people from different companies meeting up and sharing work to reach a specified goal. That is how the rollouts have been done up to this point. Everyone benefits from a better solution here, media spin is secondary.
Posted on Reply
#5
R-T-B
"Cybrnook2002 said:
How would a roll out of something like this work? Would MB vendors have to decide how to mitigate, Intel method vs MIT method? Then OS updates and bios updates already in the wild would have to either be retracted or validated to work in conjunction with DAWG?

Or would Intel have to accept MIT did it better, and then Intel embraces this and rolls it out as their own?
It reads like a software solution to memory allocation. In which case, it'd be up to OS vendors (not microcode) to provide updates.

EDIT: oops, they mention hardware changes too. Looks like both will need to work together again...
Posted on Reply
#6
HTC
Any word on Spectre and AMD, yet? Does this "fix" work the same way?
Posted on Reply