Another Branch Prediction Attack

When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here's another one:

In the new attack, an attacker primes the PHT and running branch instructions so that the PHT will always assume a particular branch is taken or not taken. The victim code then runs and makes a branch, which is potentially disturbing the PHT. The attacker then runs more branch instructions of its own to detect that disturbance to the PHT; the attacker knows that some branches should be predicted in a particular direction and tests to see if the victim's code has changed that prediction.

The researchers looked only at Intel processors, using the attacks to leak information protected using Intel's SGX (Software Guard Extensions), a feature found on certain chips to carve out small sections of encrypted code and data such that even the operating system (or virtualization software) cannot access it. They also described ways the attack could be used against address space layout randomization and to infer data in encryption and image libraries.

Research paper.

Posted on March 29, 2018 at 6:23 AM • 13 Comments

Comments

Who?March 29, 2018 11:13 AM

We need new microarchitectures. No, fixing current bugs while preserving as many performance improvements as possible in future microprocessors is not the answer. Hiding bugs tweaking microcode and/or software, making them harder to exploit (a.k.a. "mitigation"), is not the answer either. We need removing anything that might be exploited in the future from our microprocessors. Of course industry will not take this route, it is better offering faster microprocessors and it is better if each new meltdown/spectre-like attack discovered makes people and corporations to replace their three-years old expensive computers with shinny new ones.

We need reliable, secure, architectures. Why not left the current high-performance improvements to gamers and people running high performance computing clusters while offering slower but secure processors to people that want them?

echoMarch 29, 2018 11:52 AM

@Who?

My CPU needs are fairly modest for business class software and audi-video playback. I don't need a faster CPU. Better multiprocessing and quiet and lower power would be better as would more security. It's only gamers and artists and others who need workstation class processing power. In theory security is not a primary concern for gamers and any business critical work would not be connected directly to the internet. Given all this perhaps secure processors now have a real chance?

Who?March 29, 2018 12:39 PM

@ echo

My CPU needs are modest too (OpenBSD, mupdf, TeX Live and a simple browser on a single machine are usually enough); sometimes I run other operating systems in virtual machines or real hardware (PC-DOS 2000, Dell RMK). I see room for operating systems like CentOS, Ubuntu or Gentoo in most networks but there is no need to run huge and slow operating systems like Windows in most cases.

Video playback should be more a matter of running powerful dedicated graphics processors than an optimized microprocessor, so you should be ok here. Intel has done a great job with its integrated graphics family. Radeon and NVIDIA are great alternatives if you prefer. I see no problems with platforms like CUDA either.

I agree, performance should be achieved by means of additional physical (not virtual!) cores and processors instead. I have said it for years but even well-positioned people does not understand so basic concept either. When I was at academia twenty years ago I suggested the use multiple simple, low power, processors instead of big and power hungry ones for HPC clusters at a conference in my University. The director of the most important center of supercomputing on my country (he remains as director of that center after twenty years) said, literally, "you do not know what you are talking about and I am ashamed for your comment." It seems I was not so wrong after all, as just two years later one of the best approaches to HPC had been invented: the CUDA platform. These simple processors are not affected by the sin of extreme performance at any price our mainstream processor manufacturers have, either.

The only HPC clusters I built were for a defense contractor—these machines have never been connected to the Internet and do not mix different classification work, so Meltdown and Spectre will not be a concern.

I wish secure processors will have a chance of success now but I am not really optimist. These processors should not try to get additional performance by moving the hardware to its physical limits, increasing power requirements and heat dissipation. These processors should be cold and low power, slow when compared to current microarchitectures, but should allow us building quiet and power efficient computers.

As a plus I hope people will understand technologies like Intel ME, even if great at a theoretical level, are dangerous. There is room for computers without management technologies embedded in hardware too. We are looking for choices.

Let me move to the conspiranoid side now. Will the U.S. Government allow Intel, or AMD, manufacturing simple, unmanaged, processors again? I will bet the answer is no. It is just a matter of national security.

echoMarch 29, 2018 1:29 PM

@Who?

While an advanced technical user my real world requirements (and use of time and resources) are bozo level. I managed to afford two new to me identical laptops of a model I coveted for years. (Only dual core not the quad core model and integrated graphics unforunately but theoretically upgradeable if I have the money. I also have docking stations for use with a full screen display and proper keyboard. I'm shifting my data to a network server as and when I can afford this.) I'm just using browsers and office applications with occasional photo editing and a VM so I can run must have none ported applications on either system. I aim to be 100% cross platform and can be to the point where in the past I have confused myself at times whether I am using Windows or Linux Mint.

I'm currently stuck with a once ninja but now long in the tooth and energy draining desktop until I get my laptops in order. (WOW. I didn't realise laptops even pedestrian by current standards laptops had got so fast.)

I do agree with you. I want quiet and small and reliable, and cool too which gives the CPU and rest of the hardware investment a longer lifetime before failure.

I will need to suss seperating data streams and router blocking of Intel ME for club level security assurance (as opposed to general average).

The UK establishment lets go of power slowly and as much on its terms as possible like any dictator that wants to shuffle off to a gold plated retirement. As do you I doubt control will be ceded where [SCARE WORD] is concerned. Perhaps the issue is about social norms and standards and realising that the "threat" is not really a threat at all and that a genuine threat is really an exceptional issue so there is no necessity (i.e. not a legitimate and proportional reason) for smacking everyone with the same one size fits all institionally paranoid hammer.

Clive RobinsonMarch 29, 2018 1:47 PM

When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors.

I did say it was going to be the "gift that will keep giving" ;-)

And so far it's living up to expectation. The real question is will the train run out of steam befor "morning town" or just keep "rocking rolling riding out along the bay" in one long endless nightmare.

In the meantime people will have to sit down and work out how they are going to mitigate against the whole shebang rather than face a "Death by a thousand cuts".

From a practical point of view, segregation by appropriate gapping is the only way that most can mitigate the whole shebang...

Clive RobinsonMarch 29, 2018 2:02 PM

@ Who?,

When I was at academia twenty years ago I suggested the use multiple simple, low power, processors instead of big and power hungry ones for HPC clusters at a conference in my University.

I kind of had the same view point, for me I see the future as massively parallel from the CPU upwards. It was the view that there was much an 8bit RISC CPU could do when working with hundreds if not thousands of others using small "tasklets" would be a way better solution.

I see the current X86 solutions as an evolutionary cul de sac that is a trap from which we have yet to escape... Any way if you look back on this blog you will find "Castles-v-Prisons" that shows how such a large number of CPUs can actually be more secure.

echoMarch 29, 2018 2:21 PM

@Who, Clive

Meiko Scientific produced supercomputers based on transputers. Legal issues and Intel using its monopoly to ignore the transputer until patents expired allowing the transputer bus mechanism to be exploited, and lack of government investment in domestic technologies which favoured development solutions being skewed towards American business needs put an end to them.

I don't know if this and MeikOS (which provided domains) and the CS1 interconnect is the kind of glue you imagine. Solaris and SPARC were also used by Meiko.

https://en.wikipedia.org/wiki/Meiko_Scientific

jfgunter March 29, 2018 4:06 PM

Most other business bozos (like me) want a simple, reliable and secure machine = a chromebook.

Chrome OS protects you best against everyone except the company I call Ooogle. Even for this, there are simple fixes.

For perspective, Windows and MacOS were designed when a virus was still a curiosity, likely created by a mischievous teenager. I expect both have deep in their structure the remnants of this lost world.

By contrast, ChromeOS made its debut in 2011, after the world had changed, and become much more dangerous. In my humble (non-technical) opinion, Ooogle is by far the smartest of the internet behemoths.

Strong security was a basic design criterion. There are videos on this from Ooogle engineers which even I can understand.

OK, some people need more power. But for me, simplicity and security are the goals. And MicroSuck has wasted more of my time than all the other tech behemoths combined.

How to find a quality chromebook? It takes some work, but they can be found at both the high and the low end. At the low end, per raspberry pi foundation, some chromebooks even have ARM SOC's A53 or before which are immune to the Spectre vulnerability.

Add a few simple tools and techniques, and you have security unimaginable just 7 years ago. Or am I wrong?

SteveBMarch 29, 2018 7:00 PM

That there would be more branch prediction side channel attacks was, no pun intended - predictable. There is a straightforward fix to this and 99% of the other potential zero-day attacks - don't let the end user run their own compiled binary applications - EVER.

With todays levels of hardware performance it is perfectly practical to create an OS where ALL user space applications run via an interpreted runtime. Kind of like Android - or at least what Android had the potential to be if Google hadn't stupidly picked a runtime based on the most security bug ridden piece of garbage language ever created (Java) with obtuse almost impossible to maintain write-only C derived syntax - and then completely flushed any remaining 'no binaries ever' security advantages Android might have gained right down the toilet by caving in to the POSIX twits and including a "C" binary API (no coincidence that nearly ALL Android 'root kits' involve this API)

It's not impossible to mount side channel attacks in an interpreted runtime environment, but it is at least an order of magnitude more difficult, because the runtime can enforce arbitrary security policies as needed to plug information leaks or other security vulnerabilities (as was done recently by the Mozilla Firefox team to block Javascript branch prediction attacks).

ThothMarch 29, 2018 7:58 PM

@Clive Robinson

The worst part isn't simply the discovery of new side-channel attacks on the chip which are effective even on the SGX/ME/PSP/TZ partition, but the way many of these company respond.

They simply shrug off and at most release "a patch or two". Looking at the recent progress of Windows patches of Intel and AMD chips, these patches are known to introduce more flaws and vulnerabilities than they are suppose to fix.

The way Intel recently handled BranchScope announcement was less than responsible where they claim it's "an old problem" and what have they done other than to divert attention that the problem was already known and users do not need to panic.

Quoting from Intel statement:" We have been working with these researchers and we have determined the method they describe is similar to previously known side channel exploits. We anticipate that existing software mitigations for previously known side channel exploits, such as the use of side channel resistant cryptography, will be similarly effective against the method described in this paper. We believe close partnership with the research community is one of the best ways to protect customers and their data, and we are appreciative of the work from these researchers."

Intel also recommends developers to implement "side-channel resistant algorithms" if that is anymore meaningful than indirectly telling the developers to stop complaining to Intel.

If the low levels are not secured, no matter what side-channel resistant algorithm you use, it is still going to leak information on the operations since it is a "bubbling up" issue that is the result of very low level CPU architecture flaws.

End of the day, Intel et. al. knows that they are in big trouble and they have simply gone into a care-less mode because they are simply "too big to fail" and know that the US Government will not allow them to fail because if that happens, the US will lose it's technological hegemony over the IT World which includes persistent backdoor access to millions of computers that are running Intel and AMD chipsets.

Gerard van VoorenMarch 30, 2018 3:22 AM

@ jfgunter,

"Most other business bozos (like me) want a simple, reliable and secure machine = a chromebook."

I won't buy it. Just one question: How can you be absolutely sure that "your" soft/hardware isn't tampered with, for instance with a TLA? The answer is that you can't. Period.

And then there are also the gazillion of gold label software from the web. Do you trust FB, LinkedIn, uber? Do you trust Marc Sugarbelly?

So, I would call your attempt extremely naive.

echoMarch 30, 2018 1:57 PM

@Gerard van Vooren

This is why I practice Swiss cheese security. (I'd never switch my computers on if I acted on every threat.) The best form of security really is a robust democracy, decent society, and access to fair courts.

tom riddleApril 1, 2018 10:23 PM

@Clive Robinson

>I kind of had the same view point, for me I see the future as massively parallel from the CPU upwards. It was the view that there was much an 8bit RISC CPU could do when working with hundreds if not thousands of others using small "tasklets" would be a way better solution.

Isn't there an architecture which does that already? Has something like 64 cores, each core has its own register file and ALU, and they share their per-core L2 cache in some really clever way?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.