Spectre Attacks: Exploiting Speculative Execution
Abstract
Modern processors use branch prediction and specula- tive execution to maximize
performance. For example, if the destination of a branch depends on a memory
value that is in the process of being read, CPUs will try guess the destination
and attempt to execute ahead. When the memory value finally arrives, the CPU
either discards or commits the speculative computation. Speculative logic is
unfaithful in how it executes, can access to the victim’s memory and registers,
and can perform operations with measurable side effects.
Spectre attacks involve inducing a victim to specula- tively perform operations
that would not occur during correct program execution and which leak the
victim’s confidential information via a side channel to the adver- sary. This
paper describes practical attacks that combine methodology from side channel
attacks, fault attacks, and return-oriented programming that can read arbitrary
memory from the victim’s process. More broadly, the paper shows that
speculative execution implementations violate the security assumptions
underpinning numerous software security mechanisms, including operating sys-
tem process separation, static analysis, containerization, just-in-time (JIT)
compilation, and countermeasures to cache timing/side-channel attacks. These
attacks repre- sent a serious threat to actual systems, since vulnerable
speculative execution capabilities are found in micropro- cessors from Intel,
AMD, and ARM that are used in bil- lions of devices.
While makeshift processor-specific countermeasures are possible in some cases,
sound solutions will require fixes to processor designs as well as updates to
instruc- tion set architectures (ISAs) to give hardware architects and software
developers a common understanding as to what computation state CPU
implementations are (and are not) permitted to leak.
https://spectreattack.com/spectre.pdf
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:
- Using the UNSUBSCRIBE command in your user configuration settings at
FreeLists.org
- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
unsubscribe in the subject line.