8 NEWS BRIEFING

Newly discovered vulnerabilities in common Intel processor designs could

allow hackers to trick apps into revealing sensitive data such as passwords,
while the CPU kernel – the core of the operating system – is leaking memory.

which the operating systems

communicate with the kernel – a
core software layer – in such a
1 Speculative 2 Kernel mode: During Assumption A way that executed tasks could be
execution: Program speculative execution, code slowed by anywhere from 5 to 30
executes instructions and data remains invisible per cent.
based on assumptions in virtual memory Intel says the average user will
not experience significant
that are considered 3 slowdowns once the issue is
likely to be true. Program 2 fixed. In reality, benchmarks will
tells CPU to switch to Assumption B need to be carried out on patched
computers to gain a full
kernel mode – understanding of how their
technique improves performance is affected.
performance The flaw affects all Intel chips
produced in the last decade,
although more modern chips
3 Best guess: include features such as PCID
Virtual Kernel predicts code that could help to negate the
memory to be run next and slowdown to some extent.
Google’s Project Zero team
1 executes it. said that the flaw could allow
Code is ignored if access to passwords and other
not needed – CPU sensitive data from a system’s
switches back to memory.
The tech company disclosed
user mode. the vulnerability not long after
Flaws allow Intel said it was working to
kernel access patch it.
Central protections to be Intel has known about the
processing unit problem since June last year;
bypassed Krzanich sold off a large portion
of his stake in the company in
Patches Meltdown: Most dangerous flaw could let hackers October. Shares in the company
steal data such as passwords and login files fell by 3.4 per cent shortly after
Spectre: Flaw affects CPUs in smartphones and tablets. the news was revealed.
Tech companies typically
Patches move kernel into separate address space – expected withhold details about security
to cause five to 30 percent slow down to processing speed problems until fixes are available
so that hackers do not have time
to exploit the flaws.
In this case, Intel was forced to
disclose the problem on
SECURITY 3 January after British
technology site The Register

Design flaws reported it.

Google said it also affects
other processors and the devices
and operating systems running

put sensitive
them.
Although Intel cited rival
AMD as one of the companies it
is working with to address the
problem, AMD said in a

data at risk
SOURCES: POPULAR MECHANICS, THE REGISTER, REUTERS, © GRAPHIC NEWS, PA

statement that it believes its

JACK LOUGHRAN
A MAJOR WEAKNESS has been
discovered in Intel’s processor
chips by Google security
researchers that could see
hackers gain access to passwords
and other confidential
information on Windows, Mac OS
and Linux.
The makers of these operating
systems are already preparing
fixes to close the flaws, dubbed
Meltdown and Spectre, which
will be released to consumers in
the coming days and weeks.
“As of now, we have not
received any information that
these exploits have been used to
obtain customer data,” said Intel
CEO Brian Krzanich. “We’re
working tirelessly on these
issues to ensure it stays that
way.”
Krzanich said Intel would
issue updates for more than
90 per cent of processors
introduced in the past five years
by 15 January, and the remainder
by the end of the month. “We will
then focus on issuing updates for
older products as prioritised by
our customers,” he added.
But the nature of the fix will
fundamentally alter the way in
chips are safe because they use
different designs.
However, the aforementioned
changes to the way in which
operating systems access the
kernel could still have an impact
on those running AMD chips, at
least in the short term.
Some businesses have held off
installing software patches,
fearing the cure may be worse
than the original problem.
Rather than rushing to put out
patches, a costly and time-
intensive endeavour for major
systems, some businesses are
testing the fix, leaving their
machines vulnerable.

Engineering & Technology February 2018 www.EandTmagazine.com


“If you start applying patches
across your whole fleet without
doing proper testing, you could
cause systems to crash,
essentially putting all of your
employees out of work,” said Ben
Johnson, co-founder of cyber-
security startup Obsidian.
Banks and other financial
institutions spent much of the
week after the announcement
studying the vulnerabilities, said
Greg Temm, chief information
risk officer with the Financial
Services Information Sharing
and Analysis Center (FS-ISAC),
an industry group that shares
data on emerging cyber threats.
“It’s like getting a diagnosis of
high blood pressure, but not
having a cardiac arrest,” Temm
explained. “We’re taking it
seriously, but it’s not something
that is killing us.”
Banks are testing the patches
to see if they slow operations
and, if so, what changes need to
be made, said Temm. For
instance, computers could be
added to networks to make up for
the lack of processor speed in
individual machines, he added.
Mike Buckbee, security
engineer at Varonis, said:
“This vulnerability makes it
theoretically possible to open
up the end-user’s device and
rummage through the
computer’s memory. For
example, a JavaScript
application running in a
browser on a website could
potentially access your
computer’s kernel memory
and rip through any information
held there.
“While it’s unlikely there
would be full files stored there,
it’s very possible it would find
bits and pieces of valuable data,
like SSH keys, security tokens
and even passwords.
“To counteract the threat,
patches for all operating systems
are in the works. These patches
‘scramble’ how kernel memory is
stored, making it impossible for
applications to exploit the flaw.
“While all the details are not
available at this point, from what
is known this vulnerability can
be considered a threat. It could
allow for credential theft or other
privilege escalation exploits. In
this respect, while potentially
dire, it’s very similar to an
insider threat or admin data
breach.
“Organisations need to layer
multiple levels of protection to
build defensive depth in their
networks and applications,”
Buckbee concluded.
COMMENT
A MELTDOWN IN COMPUTER ARCHITECTURE
BY CHRIS EDWARDS
Processor manufacturers and
operating system providers
have been struggling to cope
with the implications of a wide-
ranging group of security flaws
becoming public before they
could put even a first line of
defence in place.
The Meltdown and Spectre
attacks described in academic
papers and also by Google
researchers are less
troublesome than others that
have made the headlines in
recent years. They are about
information leaking rather than
providing ways of letting a
hacker take control of a system.
Both rely on the hacker already
being able to load software onto
a computer, typically using a
Trojan horse program.
Although these attacks use
novel techniques, they fit into a
much broader class of side-
channel attacks that let hackers
eavesdrop on the processing
performed by supposedly secret
code. A decade ago,
researchers from the Weizmann
Institute of Science in Israel
found a security loophole in the
caches used to hide the huge
discrepancy between the speed
of processors and the memory
they use to store large quantities
of data. Their exploit, called
Prime+Probe, made it possible
for software to spy on other
applications running alongside
it, even in situations where the
processor and operating system
were meant to isolate them.
The hack works by having the
spyware fill up cache lines with
garbage and continually poke at
the memory subsystem to work
out when other software made
changes. Subtle timing
differences would indicate how
the target application was
making decisions on the data it
processed. A game of cat and
mouse has ensued with attacks
and countermeasures
appearing that take advantage
of the many novel instructions
processor makers such as Intel
have added to their designs.
The TSX extensions for
transactional memory, for
example, have been proposed
as mechanisms for channelling
secret data to spyware as well
as protecting against attacks.
Transactional memory was
invented to make programs that
run across multiple cores more
efficient by letting them run
speculative operations safely.
That speculative execution
means the programs don’t have
to keep stopping to check
everything is in sync. This plays
a key role in the Meltdown and
Spectre attacks.
When they generate code,
compilers take a guess at the
best order for instructions but
have to err on the safe side.
Processors can take more risks
with instruction ordering when it
comes to execution because, if
things don’t work out, they can
roll back or cancel instructions.
Typically, this provides a solid
speedup around the branches in
code that would otherwise stall
execution.
Meltdown uses the side
effects of speculative execution,
such as data being left in
caches, and harnesses TSX and
similar mechanisms to access
the data. Spectre is a wider-
ranging set of attacks that tryto
exploit other side effects.
OS writers and processor
makers are working out ways to
plug the holes the push for
performance has had on
security. At the same time, the
processor designers are trying
to overcome the performance
limitations of memory and
multicore operation.
www.EandTmagazine.com February 2018 Engineering & Technology
9
Attackers are taking
advantage of the many
novel instructions
processor makers
such as Intel have
added to their designs
The Spectre paper authors
point to AMD’s claims for its
Ryzen processors, which
apparently sport “an artificial
intelligence neural network that
learns to predict what future
pathway an application will take
based on past runs”. Good luck
assessing the intricate security
implications of something that
changes behaviour as it runs.
The authors argue: “Long-
term solutions will require that
instruction set architectures be
updated to include clear
guidance about the security
properties of the processor, and
CPU implementations will need
to be updated to conform.”
Although this will probably
happen, it might not make that
much difference. The practical
long-term solution seems more
likely to be about a better
separation of what is secure and
what is unsafe, and to take
advantage of the economics of
silicon. Transistors are cheap
and will get cheaper. Moving
secure operations into parallel,
firewalled processors provides
the best option for guaranteeing
security properties that do not
need years of analysis to create.
Understanding which
operations need to be behind
the security barrier becomes a
job for the software architects.
But as such changes involve
rethinking the architecture of
operating systems and support
software, they are not quick
fixes. There will be pressure on
processor designers to compile
reams of text on the security
properties of their creations.
However, trying to continually
fix the leakage problems of
features intended to keep
software running fast is
ultimately doomed to failure. The
practical solution is true
hardware-enforced and
software-managed separation.