On Wednesday, January 3rd, there has been an announcement of two security flaws that affect Intel, AMD and ARM micro-chips, thus potentially affecting PC’s, telephones and a great many appliances alike. As a Yahoo News article reports:
“Phones, PCs, everything are going to have some impact, but it’ll vary from product to product,” Intel CEO Brian Krzanich said in an interview with CNBC Wednesday afternoon.
This is of course of direct interest to everyone, and it will be of more direct interest to many readers of UD, as many of us work with information technology. As well, it is illustrative of features of information and probability that will be of significant interest to design thinkers (and critics) as the case shows how configurations imply information and how probabilities can also carry information.
Operating System manufacturers and others have been racing to produce security patches, ahead of the public announcement. So far, the patches produced reportedly can reduce performance by up to a half in the worst case. In the longer term, hardware architectures will likely have to be redesigned.
Ars Technica reports:
Windows, Linux, and macOS have all received security patches that significantly alter how the operating systems handle virtual memory in order to protect against a hitherto undisclosed flaw. This is more than a little notable; it’s been clear that Microsoft and the Linux kernel developers have been informed of some non-public security issue and have been rushing to fix it. But nobody knew quite what the problem was, leading to lots of speculation and experimentation based on pre-releases of the patches.
Now we know what the flaw is. And it’s not great news, because there are in fact two related families of flaws with similar impact, and only one of them has any easy fix.
Both of the flaws are based on speculative execution of instructions, which is used to speed up effective processing in modern computers. In effect, processors give off key information that with clever timing can be accessed to potentially expose core device state. This in effect gives the combination to the processor’s “bank vault.”
Of these, Meltdown is so far — so far . . . ! — specific to Intel chips, as that company’s designs use especially aggressive speculative execution, and as Ars Technica further reports, it “uses speculative execution to leak kernel data to regular user programs.”
In effect:
Intel chips allow user programs to speculatively use kernel data and the access check (to see if the kernel memory is accessible to a user program) happens some time after the instruction starts executing. The speculative execution is properly blocked, but the impact that speculation has on the processor’s cache can be measured. With careful timing, this can be used to infer the values stored in kernel memory.
Spectre is a more generic attack, and proof of concept investigations have shown that it affects all three main processor architectures. It probabilistically infers kernel states by using “speculation around, for example, array bounds checks and branches instructions” and so effects “information leakage due to speculative execution.” The further bad news is that:
Spectre doesn’t offer any straightforward solution. Speculation is essential to high performance processors, and while there may be limited ways to block certain certain kinds of speculative execution, general techniques that will defend against any information leakage due to speculative execution aren’t known.
Sensitive pieces of code could be amended to include “serializing instructions”—instructions that force the processor to wait for all outstanding memory reads and writes to finish (and hence prevent any speculation based on those reads and writes)—that prevent most kinds of speculation from occurring. ARM has introduced just such an instruction in response to Spectre, and x86 processors from Intel and AMD already have several. But these instructions would have to be very carefully placed, with no easy way of identifying the correct placement.
On this sort of issue, Wikipedia is often a “good enough” clearinghouse for 101 level information so, here it is on Meltdown and on Spectre.
Of course the onward issue is, what else is out there in the fog, whether known and being studied, or exploited? We would be well advised to be extremely prudent. For example, if there is a backdoor into the system, it may be possible to capture encryption keys so that encoding data may not be enough protection. But of course, the effort to target is going to be an issue, and so the question we need to answer is, are we persons of interest. END
An Unhappy New Year for computers and smart devices: the Meltdown & Spectre flaws in Intel, AMD and ARM processors.
H’mm: It just struck me how timely the parallel discussion on sufficient reliability is, given the above development: https://uncommondescent.com/atheism/crs-fallibilism-vs-the-issue-of-sufficiently-reliable-rationality/ KF
That highly sophisticated technology that most activities today depend on are designed and produced by intelligent agents that are far from perfect.
Had those technological marvels been exposed to the level of environmental noise and the kind of physicochemical/electromagnetic/radiation stress biological systems have been under since we decided to do things our ways and consequently got kicked out of Eden, those amazing chips would have melted like butter in an oven at 200°C or in a better case would have looked like potato chips after an elephant stepped on them.
Perhaps this is off-topic but somehow related to one of the major tech companies mentioned in KF’s OP:
https://newsroom.intel.com/news-releases/andrew-s-grove-1936-2016/
Looks like the processor problem may go back to 1995
Technical background here:
https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
https://spectreattack.com/spectre.pdf
https://meltdownattack.com/meltdown.pdf
Charles,
Thanks.
A key clip is:
This implies that they have been working on it for six months so the patches now in beta must be ready for prime time. I see claims of performance hits of up to 50%. AMD seems less vulnerable in the desktop and server market as requisite instructions at machine level are there, but it seems where to put them is a challenge.
It also seems there must be no known in-the-wild attacks using these gaps in security.
However, with a vulnerability going back twenty years, it means a lot of our information infrastructure is vulnerable.
KF
PS: It looks like Windows updates are to come out next week, as fully released. Reddit has access to what looks like betas. Those, are strictly for the advanced and adventurous.
PPS: Wiki suggests Meltdown has implications for security of cloud-based services:
. . . and that Spectre (the more difficult to manage) may have even worse impacts:
We will need to watch future developments.
Processors gain performance by “looking ahead” at the execution pipeline and prefetching data and instructions.
The exploits rely on predicting which way a conditional branch will go, and then reading cache associated with a predicted branch not taken.
Because programers and compiled programs are fairly consistent in their logic style about whether “if true” or “if false” execution continues inline or takes the branch (stored in branch history buffer), predicting which way the next branch will go is often right, and conversely the overhead of purging and rebuilding the cache and branch history buffer when the predicted branch fails is less frequent.
F/N: CNN’s tech news has a US Govt office first calling for hardware replacement, then backtracking to say patches should be good enough:
It looks likely that software responses will be short-term, and hardware the longer term solution. A major design issue in computer engineering is hard/soft partitioning.
When the pool is stirred, he who reaches first is touched by the Divine. Right now, AMD is ahead on the Meltdown case and may move strongly into the server market.
KF
Charles, yes. Pipelining and speculative execution were big moves forward on boosting performance. Now, we may be learning the potential downside: leaky information. KF
O.T. It’s been a while since I’ve posted.
I see I can edit a comment after posting, but I don’t see the running preview of what my comment will look like before I post.
Did the “preview” feature on the comment box go away?
Ok, now I can’t even edit an earlier post.
Hello Charles. I think (!) the issue is browser dependent. I get the preview on some browsers, but not others.
Charles, WP is a real oddball sometimes. UD has a 20-minute nominal edit window on comments. I have found, it is unwise to count on the last 5 minutes. At least on my typical browser. KF
PS: UB, which browser is best behaved?