Intel Advances Chip Design To Thwart Future Spectre-Style Speculative Execution Attacks
Flaws with speculative execution have been making the rounds in the past few years, with a more recent focus on the Spectre chip flaw and its potentially bypassable mitigations. Following these developments, Intel is now looking at its long-term strategy to protect against transient execution attack methods in the future.
Transient execution vulnerabilities are “a class of vulnerabilities that can allow an attacker to infer information that would otherwise be prohibited by architectural access control schemes.” As Intel explains, an attack using these vulnerabilities would exploit mis-predicted transient instructions created and squashed by speculative execution. The data in these transient instructions could be observed and extracted via secret channels within or across hardware protection domains, referred to as domains in this context.
Martin Dixon, Intel Vice President of Security Architecture and Engineering, likened this sort of attack to a weather prediction, wherein “You are probably correct most of the time, but occasionally you are caught out in the rain.” He continues, stating that “When the prediction is wrong, there is a remnant left of those incorrect path operations, like soggy clothes.”
While the simple and perhaps obvious solution would be to stop speculative execution altogether, this could have massive ramifications. CPU architecture improvements over the years, including speculative execution, now powers “the internet and everything we do” at a performance level that we have come to expect. Moreover, this is a new field of research, and these attacks are quite complex and hard to enact outside of a lab setting. However, Intel is committed to “design hardware, firmware and software that collaborate across all elements of the stack,” so transient execution vulnerabilities become fewer and far between.
Over time, Intel has “been able to implement mitigations that allow for safer and more efficient execution,” while still tackling known vulnerabilities. However, this is not the only necessary thing, as “defensive coding practices are a best practice that decrease exposure to a variety of weaknesses,” among other defenses.
With all of this in mind, Intel believes that with an “unparalleled scope of hardware, firmware and software expertise,” the company is “uniquely positioned to deliver protective technologies that continue to support our customers’ success.” We will have to see if that truly holds up in the future, so stay tuned to HotHardware as we have reached out to experts in the field for comment.