Researchers from Google: to protect against Specter requires a change in processor architecture, software patches will not help

In January 2018, Google researchers made publicly available information on fundamental hardware vulnerabilities in most modern processors with speculative execution of instructions. Vulnerability Specter (and adjacent Meltdown) exploits the branch prediction mechanism in the CPU and allows data to be read through a third-party channel in the form of a common cache hierarchy. In other words, any application on the computer can get read access to arbitrary memory locations, which violates the isolation of programs, provokes data leakage, denial of service and other troubles.

Worst of all, almost all modern processors (except RISC and the Russian Elbrus) are vulnerable, because branch prediction has become a fundamental part of the architecture of modern CPUswhich can not be abandoned without a significant loss of performance.

In fact, the researchers found the vulnerability back in mid-2017, they simply did not inform the general public about it so that manufacturers of processors and systems had the opportunity to prepare microcode and software updates.

Therefore, immediately after the official announcement in early January, Intel released a microcode update for a large number of current and outdated processor models. The update is available as packages for Red Hat Enterprise Linux, SUSE Linux Enterprise Server, CentOS, Fedora, Ubuntu, Debian and Chrome OS, allowing you to update the firmware without updating the BIOS. Updating the microcode does not eliminate the need to apply KPTI patches to the Linux kernel. True, the first versions of Linus TorvaldsHe called it “absolute rubbish” , and Intel asked to stop installing them, and then re-released it.

Updates were released by other manufacturers for their products, the corresponding patches were released for most operating systems. A patch for Windows 10 did not escape adventures : Microsoft released it, recalled it, then released it again.

But after all these adventures, the story seemed to end: stable versions of patches were released and everyone who wanted to install them. It would seem that this can be the end. But no. A year later, on February 14, 2019, a group of researchers from Google published a report with the saying, “Specter will stay with us. Analysis of attacks through third-party channels and speculative execution ". Researchers came to the conclusion that it is impossible to completely close the vulnerability only with software patches. This will require "significant processing of the processors."

From the report it can be concluded that the vulnerability is truly fundamental. The authors write that all processors with speculative execution will always be subject to various attacks of the side channels, despite the partial protection methods that may be implemented in the future .

The report said: “We believe that with modern equipment, speculative vulnerabilities undermine software-level confidentiality. At the same time, there is no comprehensive software protection, since we discovered that malicious code can create a universal mechanism for reading all memory in the same address space through third-party channels. ”

Intel said it intended to implement some hardware changes in the processors to protect against Specter. But the problem is that Specter is not just a bug. Researchers believe this is a wide class of vulnerabilities that exploit the branch prediction mechanism. Therefore, simple patches can not do here.

Researchers have suggested several potential solutions, namely:

• complete disabling of speculative execution;
  
• decreased accuracy of the timer;
  
• masking branches (since any security check that is embedded in the code as a branch can be circumvented by the very nature of branch prediction, the authors propose not to consider branches in designing security mechanisms at all).

Researchers make a disappointing conclusion: “Our models, our mental models are wrong; we sacrificed safety for performance and complexity, and did not know about it. Now the bitter irony is that protection requires the introduction of even greater complexity using software tools, most of which, as we know, are incomplete ... It seems that Specter got a too good name because it is destined to pursue us for a long time. ”