Since 2018, a nearly endless series of attacks commonly known as Specter has led Intel and AMD to develop defenses to mitigate vulnerabilities that allow malware to extract passwords and other sensitive information directly from silicon. Now researchers say they have developed a new attack that destroys most – if not all – of these on-chip defenses.
Specter got its name for the abuse of speculative execution, a feature in virtually all modern CPUs that predicts the future instructions the CPUs might receive and then follows a path that the instructions are likely to follow. By using code that forces a CPU to execute instructions on the wrong path, Specter can extract sensitive data that would have been accessed if the CPU had continued down the wrong path. These exploits are known as temporary executions.
Since Specter was first described in 2018, new variants have popped up almost every month. In many cases, the chip manufacturers had to develop new or reinforced defense mechanisms for the new variants in order to weaken the attacks.
For example, a key Intel protection called LFENCE prevents newer instructions from being sent for execution before earlier ones. Other hardware and software-based solutions, commonly known as “fencing”, build digital fences around classified information to protect against temporary execution attacks that would allow unauthorized access.
University of Virginia researchers announced last week that they had found a new version of the transitory version that breaks virtually all of the on-chip defenses that Intel and AMD have implemented to date. The new technology aims at an on-chip buffer that temporarily stores “micro-ops”. These are simplified commands that are derived from complex instructions. By allowing the CPU to fetch the instructions quickly and early in the speculative execution process, micro-op caches improve processor speed.
The researchers were the first to use the micro-ops cache as a side channel or medium to make observations about the confidential data stored in a vulnerable computer system. By measuring the timing, power consumption, or other physical properties of a target system, an attacker can use a side channel to infer data that would otherwise not be allowed.
“The micro-op cache as a side channel has several dangerous effects,” the researchers wrote in a scientific paper. “First, all techniques that reduce caches as side channels are bypassed. Second, these attacks are not detected by any existing attack or malware profile. Third, because the micro-op cache is at the front of the pipeline long before execution, certain defenses that weaken Specter and other transient execution attacks by restricting speculative cache updates remain vulnerable to micro-op cache attacks. “
The paper goes on:
Most invisible speculative and fencing-based solutions in existence focus on hiding the unintended vulnerable speculative execution side effects that occur in the back end of the processor pipeline, rather than inhibiting the source of speculation in the front end. This makes them vulnerable to the attack we described, in which speculatively called secrets are exposed through a front-end side channel before a transient command has a chance to be sent for execution. This eludes a number of existing defense mechanisms. In addition, due to the relatively small size of the micro-op cache, our attack is significantly faster than existing Specter variants, which require multiple cache sets to be prepared and checked for the transmission of secret information, and it is considerably more covert because it is uses the micro-op cache. The only disclosure primitive, the Op cache, introduces fewer data / instruction cache accesses, let alone failures.
There have been some setbacks since the researchers published their work. Intel disagreed that the new technology would break existing defenses to protect against temporary execution. In a statement, company officials wrote:
Intel reviewed the report and informed the researchers that existing workarounds were not bypassed and that this scenario is addressed in our guide to secure coding. Software that follows our directions is already protected from random channels, including the random channel in the UOP cache. No new remedial action or guidance is required.
Transient execution uses malicious code to exploit speculative execution. The exploits in turn bypass border checks, authorization checks, and other security measures built into applications. Software that follows Intel’s Secure Coding guidelines is resistant to such attacks, including the one introduced last week.
The key to Intel’s guidance is the use of constant-time programming, an approach where code is written to be secret independent. The technique the researchers introduced last week uses code that embeds secrets in the predictors for CPU branches, and so doesn’t follow Intel’s recommendations, a company spokeswoman said in the background.
AMD did not respond in time to be included in this post.
Another rejection came in a blog post by Jon Masters, an independent researcher in computer architecture. He said the paper, particularly the cross-domain attack outlined in it, was “interesting to read” and a “potential problem,” but there are ways to fix the vulnerabilities, possibly by invalidating the micro-ops cache when the privilege barrier is exceeded.
“The industry had a huge problem with Specter, and as a direct result, great efforts were made to separate privileges, isolate workloads, and use different contexts,” wrote Masters. “Given this latest paper, a cleanup may be needed, but remedial action is available, albeit with a performance cost.”
Not so easy
Ashish Venkat, a professor in the Department of Computer Science at the University of Virginia and co-author of last week’s paper, agreed that time-constant programming is an effective way to write apps that are invulnerable to side-channel attacks, including those described by the newspaper last week. However, he said the vulnerability being exploited lies in the CPU and should therefore receive a microcode patch.
He also said that much of today’s software remains vulnerable because it doesn’t use time constant programming and there is no indication of when this will change. He also reiterated Masters’ observation that the code approach slows down applications.
Constant programming, he told me, “is not only extremely difficult in terms of actual programming effort, it also creates significant deployment challenges associated with patching all of the sensitive software that has ever been written. Because of its performance, it is usually only used for small, specialized security routines. “
According to Venkat, the new technology is effective against all Intel chips that have been developed since 2011. He told me that AMD CPUs are not only vulnerable to the same cross-domain exploit, but are also vulnerable to a separate attack. It takes advantage of the simultaneous multithreading design as the micro-op cache in AMD processors is shared competitively. As a result, attackers can create a covert cross-threaded channel that can transmit secrets with a bandwidth of 250 Kbps and an error rate of 5.6 percent.
Temporary execution carries serious risks, but is currently mostly theoretical as it is rarely or never actively used. Software developers, on the other hand, have much more cause for concern, and this new technology should only add to their worries.