Uncommon Descent Serving The Intelligent Design Community

An Unhappy New Year for computers and smart devices: the Meltdown & Spectre flaws in Intel, AMD and ARM processors

arroba Email

On Wednesday, January 3rd, there has been an announcement of two security flaws that affect Intel, AMD and ARM micro-chips, thus potentially affecting PC’s, telephones and a great many appliances alike. As a Yahoo News article reports:

“Phones, PCs, everything are going to have some impact, but it’ll vary from product to product,” Intel CEO Brian Krzanich said in an interview with CNBC Wednesday afternoon.

This is of course of direct interest to everyone, and it will be of more direct interest to many readers of UD, as many of us work with information technology. As well, it is illustrative of features of information and probability that will be of significant interest to design thinkers (and critics) as the case shows how configurations imply information and how probabilities can also carry information.

Operating System manufacturers and others have been racing to produce security patches, ahead of the public announcement. So far, the patches produced reportedly can reduce performance by up to a half in the worst case.  In the longer term, hardware architectures will likely have to be redesigned.

Ars Technica reports:

Windows, Linux, and macOS have all received security patches that significantly alter how the operating systems handle virtual memory in order to protect against a hitherto undisclosed flaw. This is more than a little notable; it’s been clear that Microsoft and the Linux kernel developers have been informed of some non-public security issue and have been rushing to fix it. But nobody knew quite what the problem was, leading to lots of speculation and experimentation based on pre-releases of the patches.

Now we know what the flaw is. And it’s not great news, because there are in fact two related families of flaws with similar impact, and only one of them has any easy fix.

Both of the flaws are based on speculative execution of instructions, which is used to speed up effective processing in modern computers. In effect, processors give off key information that with clever timing can be accessed to potentially expose core device state. This in effect gives the combination to the processor’s “bank vault.”

Of these, Meltdown is so far — so far . . . !  —  specific to Intel chips, as that company’s designs use especially aggressive speculative execution, and as Ars Technica further reports, it “uses speculative execution to leak kernel data to regular user programs.”

In effect:

Intel chips allow user programs to speculatively use kernel data and the access check (to see if the kernel memory is accessible to a user program) happens some time after the instruction starts executing. The speculative execution is properly blocked, but the impact that speculation has on the processor’s cache can be measured. With careful timing, this can be used to infer the values stored in kernel memory.

Spectre is a more generic attack, and proof of concept investigations have shown that it affects all three main processor architectures. It probabilistically infers kernel states by using “speculation around, for example, array bounds checks and branches instructions”  and so effects “information leakage due to speculative execution.”  The further bad news is that:

Spectre doesn’t offer any straightforward solution. Speculation is essential to high performance processors, and while there may be limited ways to block certain certain kinds of speculative execution, general techniques that will defend against any information leakage due to speculative execution aren’t known.

Sensitive pieces of code could be amended to include “serializing instructions”—instructions that force the processor to wait for all outstanding memory reads and writes to finish (and hence prevent any speculation based on those reads and writes)—that prevent most kinds of speculation from occurring. ARM has introduced just such an instruction in response to Spectre, and x86 processors from Intel and AMD already have several. But these instructions would have to be very carefully placed, with no easy way of identifying the correct placement.

On this sort of issue, Wikipedia is often a “good enough” clearinghouse for 101 level information so, here it is on Meltdown and on Spectre.

Of course the onward issue is, what else is out there in the fog, whether known and being studied, or exploited? We would be well advised to be extremely prudent. For example, if there is a backdoor into the system, it may be possible to capture encryption keys so that encoding data may not be enough protection. But of course, the effort to target is going to be an issue, and so the question we need to answer is, are we persons of interest. END

Charles, WP is a real oddball sometimes. UD has a 20-minute nominal edit window on comments. I have found, it is unwise to count on the last 5 minutes. At least on my typical browser. KF PS: UB, which browser is best behaved? kairosfocus
Hello Charles. I think (!) the issue is browser dependent. I get the preview on some browsers, but not others. Upright BiPed
Ok, now I can't even edit an earlier post. Charles
O.T. It's been a while since I've posted. I see I can edit a comment after posting, but I don't see the running preview of what my comment will look like before I post. Did the "preview" feature on the comment box go away? Charles
Charles, yes. Pipelining and speculative execution were big moves forward on boosting performance. Now, we may be learning the potential downside: leaky information. KF kairosfocus
F/N: CNN's tech news has a US Govt office first calling for hardware replacement, then backtracking to say patches should be good enough:
Government agencies issued statements warning users about the vulnerabilities. The U.S. Computer Emergency Readiness Team said that while the flaws "could allow an attacker to obtain access to sensitive information," it's not so far aware of anyone doing so. The agency urged people to read a detailed statement on the vulnerabilities by the Software Engineering Institute, a U.S.-government funded body that researches cybersecurity problems. The institute said that "fully removing the vulnerability requires replacing vulnerable [processor] hardware." It later changed its guidance on Thursday to suggest updating software was enough. The institute didn't say why it had made the change and didn't immediately respond to a request for further information.
It looks likely that software responses will be short-term, and hardware the longer term solution. A major design issue in computer engineering is hard/soft partitioning. When the pool is stirred, he who reaches first is touched by the Divine. Right now, AMD is ahead on the Meltdown case and may move strongly into the server market. KF kairosfocus
Processors gain performance by "looking ahead" at the execution pipeline and prefetching data and instructions. The exploits rely on predicting which way a conditional branch will go, and then reading cache associated with a predicted branch not taken. Because programers and compiled programs are fairly consistent in their logic style about whether "if true" or "if false" execution continues inline or takes the branch (stored in branch history buffer), predicting which way the next branch will go is often right, and conversely the overhead of purging and rebuilding the cache and branch history buffer when the predicted branch fails is less frequent. Charles
Charles, Thanks. A key clip is:
We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01 [1].
This implies that they have been working on it for six months so the patches now in beta must be ready for prime time. I see claims of performance hits of up to 50%. AMD seems less vulnerable in the desktop and server market as requisite instructions at machine level are there, but it seems where to put them is a challenge. It also seems there must be no known in-the-wild attacks using these gaps in security. However, with a vulnerability going back twenty years, it means a lot of our information infrastructure is vulnerable. KF PS: It looks like Windows updates are to come out next week, as fully released. Reddit has access to what looks like betas. Those, are strictly for the advanced and adventurous. PPS: Wiki suggests Meltdown has implications for security of cloud-based services:
The vulnerability is expected to impact major cloud providers, such as Amazon Web Services (AWS)[23] and Google Cloud Platform. Cloud providers allow users to execute programs on the same physical servers where sensitive data might be stored, and rely on safeguards provided by the CPU to prevent unauthorized access to the privileged memory locations where that data is stored, a feature that the Meltdown vulnerability seems to be able to circumvent.
. . . and that Spectre (the more difficult to manage) may have even worse impacts:
As of 2018, almost every computer system is affected by Spectre, including desktops, laptops, and mobile devices. Specifically, Spectre has been shown to work on Intel, AMD, and ARM processors.[9][10] Intel responded to the reported security vulnerabilities with an official statement.[11] According to a statement by AMD, vulnerability to the second Spectre variant hadn't been demonstrated on AMD processors and posed "near zero risk of exploitation" due to differences in AMD architecture.[12] At present, Spectre has only been shown to work between user level programs, but it seems likely the attack can be developed further. While more difficult to utilize properly than Meltdown, Spectre may be much more challenging to defend against due to its generality. The original white paper even speculates that significant changes in microprocessor architecture might be needed in order to fully dispose of the problem. Furthermore, Spectre has the potential of having a greater impact on cloud providers than Meltdown. Whereas Meltdown allows unauthorized applications to read from privileged memory to obtain sensitive data from processes running on the same cloud server, Spectre can allow malicious programs to induce a hypervisor to transmit the data to a guest system running on top of it.[13]
We will need to watch future developments. kairosfocus
Technical background here: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html https://spectreattack.com/spectre.pdf https://meltdownattack.com/meltdown.pdf Charles
Looks like the processor problem may go back to 1995 kairosfocus
Perhaps this is off-topic but somehow related to one of the major tech companies mentioned in KF's OP: https://newsroom.intel.com/news-releases/andrew-s-grove-1936-2016/ Dionisio
That highly sophisticated technology that most activities today depend on are designed and produced by intelligent agents that are far from perfect. Had those technological marvels been exposed to the level of environmental noise and the kind of physicochemical/electromagnetic/radiation stress biological systems have been under since we decided to do things our ways and consequently got kicked out of Eden, those amazing chips would have melted like butter in an oven at 200°C or in a better case would have looked like potato chips after an elephant stepped on them. Dionisio
H'mm: It just struck me how timely the parallel discussion on sufficient reliability is, given the above development: https://uncommondesc.wpengine.com/atheism/crs-fallibilism-vs-the-issue-of-sufficiently-reliable-rationality/ KF kairosfocus
An Unhappy New Year for computers and smart devices: the Meltdown & Spectre flaws in Intel, AMD and ARM processors. kairosfocus

Leave a Reply