News Posts matching #Spoiler

Return to Keyword Browsing

Intel's STORM Presents SAPM Paper on Hardware-Based Protection Against Side-Channel Execution Flaws

Intel's STrategic Offensive Research & Mitigations (STORM) department, which the company set up back in 2017 when it learned of side-channel attack vulnerabilities in its CPUs, have penned a paper detailing a proposed solution to the problem. Intel's offensive security research team counts with around 60 workers who focus on proactive security testing and in-depth investigations. Of that group, STORM is a subset of around 12 individuals who specifically work on prototyping exploits to show their practical impact. The solution proposed by this group is essentially a new memory-based hardware fix, going by the name of SAPM (Speculative-Access Protected Memory). The new solution would implement a resistant hardware fix in the CPU's memory that essentially includes blocks for known speculative-access hacks, such as the ones that hit Intel CPUs hard such as Meltdown, Foreshadow, MDS, SpectreRSB and Spoiler.

For now, the proposed solution is only at a "theory and possible implementation options" level. It will take a long time for it to find its way inside working Intel CPUs - if it ever does, really, since for now, it's just a speculative solution. A multitude of tests have to be done in order for its implementation to be approved and finally etched into good old silicon. Intel's STORM says that the SAPM approach would carry a performance hit; however, the group also calculates it to be "potentially lesser" than the current impact of all released software mitigations. Since the solution doesn't address every discovered side-channel attack specifically, but addresses the type of back-end operations that concern these attacks, the team is confident this solution would harden Intel CPUs against (most of) both known and not-yet-known speculative execution hacks.

AMD Zen 2 has Hardware Mitigation for Spectre V4

AMD in its technical brief revealed that its Zen 2 microarchitecture has hardware mitigation against the Spectre V4 speculative store bypass vulnerability. The current generation "Zen" and "Zen+" microarchitectures have OS-level mitigation. A hardware mitigation typically has less of a performance overhead than a software mitigation deployed at the OS or firmware level. In addition, just like older generations of "Zen," the new "Zen 2" microarchitecture is inherently immune to Meltdown, Foreshadow, Spectre V3a, Lazy FPU, Spoiler, and the recently discovered MDS vulnerability. In comparison, the 9th generation Core "Coffee Lake Refresh" processors still rely on software or microcode-level mitigation for Spectre V4, Spectre V3a, MDS, and RIDL.

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

A new security vulnerability has been found that only affects Intel CPUs - AMD users need not concern regarding this issue. Dubbed Spoiler, the newfound security vulnerability was discovered by the Worcester Polytechnic Institute in partnership with the University of Lübeck, and affects all Intel CPUs since the introduction of their Core architecture. This vulnerability too affects Intel's speculative execution design, and according to the researchers, works independent of OS, virtual machine, or sandboxed environments.

As the researchers explain, Intel's speculative execution of certain memory workloads requires the full physical address bits for the information in memory to be known, which could allow for the full address to be available in user space - allowing for privilege escalation and other microarchitectural attacks. According to the researchers, a software solution to this problem is impossible, which means this is yet another silicon-level bug that needs to be addressed in future processor designs.
Return to Keyword Browsing