Essay: Spectre

Essay details:

  • Subject area(s): Computer science essays
  • Reading time: 4 minutes
  • Price: Free download
  • Published on: July 14, 2019
  • File format: Text
  • Number of pages: 2
  • Spectre
    0.0 rating based on 12,345 ratings
    Overall rating: 0 out of 5 based on 0 reviews.

Text preview of this essay:

This page of the essay has 1033 words. Download the full version above.

Spectre relies on a generalised idea of memory management, instead of targeting on specific feature of the processor.
For example, when speculative execution is performed that accesses memory, it could depend on private data, which could cause the data cache to become vulnerable for attacks through a side channel. The attacker can use timing attack to extract sensitive private information through such attacks (Liu et al., 2015). JIT engines that are used for JavaScript were known to be vulnerable by such attacks. It is possible for a website to store data of another website and this can be read from the website or the memory.
CVE-2017-5753 (Spectre-V1, bounds check bypass,) and CVE-2017-5715(Spectre-V2, branch target injection,) are two commonly known exposure IDs and vulnerabilities related to Spectre (Liu et al., 2015).
CVE-2017-5753 (bounds check bypass, Spectre-V1):
This attack works by allowing the malevolent code to get around the built in bounds inspecting the attributes in most binaries. What happens is even after the bounds checks fails, the CPU goes on to implement instructions that gives access to memory which is not normally available for the code (Godbolt, 2016).
When the CPU recognizes the failure of bounds, even though it removes any work that was done speculatively, some changes can still be observed to the system. The suspicious code can spot these modifications and as a result, read the accessed information (Liu et al., 2015).
The major problem with Variant 1 is that it becomes tough to restrict access to any untrusted links within any process in a system.
This variant also has implications in the kernel for systems that takes packet filters from user space code (Berkeley Packet Filter eBPF). JIT (just-in-Time) compiles and runs the packet filter code in the kernel (Godbolt, 2016). It also limits the memory access of packet filter with bounds checking but still Variant 1 circumvents these limitations by allowing the attacker to use speculation.
CVE-2017-5715(branch target injection, Spectre-V2) :
This attack variant exploits the capability of a process to impact on the implementation trait of a code under different security terms that run on the same CPU core of a system.
Modern processors have the ability to predict the target for unintended calls that a program makes and it start to speculatively executing code at that target location.
The prediction is driven by certain tables which are shared among the processes running on a CPU. Because of this it becomes possible for one process to corrupt and influence the analysis of a different process or kernel code that is running on a physical core. This also gives way for the attacker to speculatively execute the charted code in a different process or in the kernel, in the hypervisor (Gruss et al., 2016). This leads for the attacker to utilise techniques like Variant 1 to potentially access and read data from the other protection domain. Even though the technique of this variant is difficult to use, its ability to cross whimsical protection domains makes it potentially very dangerous.

2.2. How to mitigate Spectre Vulnerability?
There is a wide range of computer architecture affected by Spectre and so there cannot be a single patch to fix the problem. There are lot of researches undergoing in different parts of the world to study and find a solution and many have found out that it is not an easy fix. Even though many computer manufacturers using Intel Chips like Dell Computers are saying that these vulnerabilities will not actually be exploited practically, it needs to be fixed (Intel Software, 2016). There are several procedures published which will help protect home PCs and other devices from such vulnerability but some of the patches released are reported to slow down performance very significantly. This is very true in older computers.
Intel reported that the new partitioning system helps mitigate and improves process and privilege-level separation. By using processors with selective translation lookaside buffer flushing feature, the cost of mitigating this problem can be reduced to an extent. This feature is called process-context identifier or PCID in Intel 64 architecture and as address space number or ASN in Alpha architecture. The selective flushing causes the TLB behaviour to be enabled which can isolate the vulnerability and save cost also as the entire TLB is not flushed (Intel Software, 2016).
There were many procedures published to protect the home computers and other personal devices. The initial efforts of mitigation were not as successful as expected since the patches released were found to significantly impact the performance speed. This was true especially for old series computers (Gruss et al., 2016). Newer 8th generation core platforms reported a performance drop of almost 2-14%. Google Chrome 63 users had to manually mitigate the vulnerability by using its Site isolation feature but Chrome 64 has the mitigation built in. As of Firefox 57.0.4, by reducing the resolution of JavaScript timers, Mozilla is planning on preventing timing attacks (Intel Software, 2016). Future releases have time-fuzzing techniques planned for further prevention of timing attacks.
At the start of this year, a new technique called “Retpoline” was described by Google’s Project Zero time in their security blog. This technique uses binary modification to protect in opposition to ‘branch target injection’ attacks. This technique can also help save a significant amount of processor overhead (Kocher et al., 2018). It uses compiler level steering to avoid the occurrence of vulnerable speculative of out-of-order execution. Even though it was primarily developed for the x86 instruction set, the project engineers at Google has the confidence that the technique can be applicable to other processors as well.
In addition to this, the Google Project zero team also has put to action, the Kernel Page Table Isolation (KPTI) which is actually a common technique that can be used for better protection of data in the storage present in other software that runs on a machine. This is applicable to almost the whole fleet of Google Linux production servers carry all Google products such as Gmail, Search, Google Cloud Platform and YouTube (Kocher et al., 2018).

About Essay Sauce

Essay Sauce is the free student essay website for college and university students. We've got thousands of real essay examples for you to use as inspiration for your own work, all free to access and download.

...(download the rest of the essay above)

About this essay:

This essay was submitted to us by a student in order to help you with your studies.

If you use part of this page in your own work, you need to provide a citation, as follows:

Essay Sauce, Spectre. Available from:<> [Accessed 08-07-20].

Review this essay:

Please note that the above text is only a preview of this essay.

Review Title
Review Content

Latest reviews: