ANALYSIS & OPINION

How Meltdown and Spectre will impact future processor designs

Adrian Giordani reports on recent vulnerabilities found in many modern CPUs.

The start of 2018 gave the computing industry a brisk wake-up. Researchers comprising industry and university teams discovered foundational hardware design vulnerabilities that allow the theft of data processed on computers. First a malicious program must have access to this exploit — confidential data could be taken from memory stored in running programs. These ‘Meltdown’ and ‘Spectre’ processor exploits, as they were dubbed, can subvert personal computers and mobile devices.

Stolen data could include passwords stored in a password manager or browser, personal photos, emails, instant messages or business-critical documents. A cloud provider's infrastructure might also be exploited to steal data from customers. The separate research teams that found these serious flaws came from Google’s Project Zero, Cyberus Technology, Graz University of Technology and other institutes.

As the repercussions of these severe memory leak exposures emerge, it was also revealed that almost every modern processor since 1995 is vulnerable. While there are no current examples of these weaknesses being exploited yet, it is almost certain that hackers and new types of malware will use them now.

If a vulnerable processor runs an unpatched operating system, sensitive information can be leaked.

Aftershocks are still being felt. Many devices from Qualcomm, Intel and AMD microprocessors to IBM CPUs as well as Arm's processors are affected. Software applications that rely on intensive computational power from clouds to supercomputers are at risk too. Even supercomputing benchmark providers are providing Q&As for their users in the near term.

Daniel Gruss, a researcher from the team at the Graz University of Technology in Austria, said that Google’s Project Zero found the flaws independently of them. Gruss works on understanding micro-architectural attacks such as Meltdown and Spectre. Project Zero alerted Intel before the Graz team did in fact; then they were connected with Google’s team to discuss the issues with Intel.

‘This is not an Intel-specific issue. All vendors are affected, e.g. by Spectre. It's not sensible to argue that you're not affected by one problem if you're affected by another equivalent one,’ said Gruss.

Spectre attacks work on non-Intel processors, including AMD’s and ARM’s processors.

It is well known that the underlying architecture that supports the majority of processors today was developed by Arm.

To date, Arm and its partners have shipped more than 120 billion chips since the company was founded in 1991. The current estimate is that 95 percent of smartphones contain Arm CPUs. They are also inside the tiniest sensors to larger cloud hardware and supercomputers.

After being alerted by researchers at Google's Project Zero group in June 2017, Arm's chief architect, Richard Grisenthwaite, immediately pulled together a core team of technical experts from the company’s hardware, software and security teams to investigate the validity of the exploits and develop mitigations.  

Around 5 percent of the more than the 120 billion Arm processors available are potentially impacted by Spectre; processors exposed to Meltdown are significantly less, according to Arm’s principle architect for servers and HPC, Darren Cepulis. To date, Meltdown affects only one Arm processor, the Cortex-A75, which is currently not shipping in production silicon.

While Spectre is harder to exploit than Meltdown, it is also harder to defend against. Meltdown accesses kernel memory from a user’s space. This access causes a trap. But before the trap is issued, the code that follows the access leaks the contents of accessed memory through a cache channel.

‘Our initial testing on mobile devices indicates that any performance impact from Meltdown will be less than one percent for some use cases and non-existent in others,’ said Cepulis.

For Arm’s affected processors, software updates, including operating system kernel-level mitigation releases, are already in the works.

‘The industry is already in the implementation stage with respect to deploying software mitigation options,’ said Cepulis. ‘The software mitigation options have been made available to operating system vendors, and original equipment manufacturers (OEM) and the deployment is being managed by them.’

Arm has not received feedback from end-customers but from their network of silicon and software partners. Current advice to customers and users is that if they are concerned their systems are exposed, they should immediately engage with their OEM or solution provider to determine if they are vulnerable and then understand how to protect their systems.

‘It's important to remember that the exploit only works if a specific type of malicious code is already running on a user's device,’ said Cepulis. ‘Also, since Spectre can potentially be executed through JavaScript, the browser solution providers have put temporary mitigations in place that disables the share-array buffer in advance of their upcoming permanent patches.’

A full list of impacted Arm processors, including its Cortex model variants, is available on their website.

In regards to other affected companies, when contacted IBM did not want to comment, but they did point to their blog with updates on the latest security vulnerabilities. The blog states they do not publically disclose or confirm security risks to protect their customers. Security bulletins are released after their analyses are complete.

Anticipating flaws and future-proofing

In January this year, a number of researchers including Gruss, published a paper on arXiv.org: Spectre Attacks: Exploiting Speculative Execution. They argue that even though countermeasures have and are being implemented, there is currently no way to know whether a particular code construction is, or is not, safe across today’s processors – and future designs. For example, mitigations for Meltdown do not work against Spectre attacks.

‘Long-term solutions will require that instruction set architectures be updated to include clear guidance about the security properties of the processor, and CPU implementations will need to be updated to conform,’ according to the researchers.

The problem is that compilers, device drivers, operating systems, processors, etc. have all evolved multiple layers of complexity that introduce security risks. Future designs, in many cases, will need alternative implementations with security front-of-mind. Computational performance may have to take a back seat.

According to Cepulis, future Arm architectures, processor cores and designs will address these security exploits. Arm is already working together with Intel and AMD to release mitigations. Any successful partnership will require the exploration of different ideas and approaches for the industry to find better solutions.

‘However, in the case of Spectre, it's important to understand that it's not just a hardware issue and [it] will require an ongoing discipline in the design of secure systems which needs to be addressed through both software and hardware.’

What we will see could be similar to the automobile industry’s evolution over the last 50 years, according to Gruss, as people become aware of a problem they finally decide to invest more in security.

Undoubtedly, the more complicated the supply chains the more vulnerable devices within that system are to hacking or information leaks, especially in today’s globalised networks. Gatekeepers are needed. One idea floating around is to implement the blockchain to create new transparent security features and a decentralised database of any transactions for manufacturing production lines, for example.

‘Most people amazed by blockchain technology don't understand that what they want is a database, but not a blockchain,’ said Gruss. Almost everything about blockchain is a huge nonsense that just wastes huge amounts of energy for something that you also could have with a simple database.’

These problems are here for the long term until the next generation of silicon processors hit the market. In the end, one of the original teams that found these security vulnerabilities says it best on their website: ‘As it is not easy to fix, it will haunt us for quite some time.’

Adrian Giordani is a freelance science writer who previously worked for CERN. Adrian specialises in science communications particularly in the fields of open science, computing, future technologies and HPC.

Company: 
Twitter icon
Google icon
Del.icio.us icon
Digg icon
LinkedIn icon
Reddit icon
e-mail icon
Feature

Robert Roe explores the role of maintenance in ensuring HPC systems run at optimal performance

Feature

Robert Roe speaks with Dr Maria Girone, Chief Technology Officer at CERN openlab.

Feature

Dr Keren Bergman, Professor of Electrical Engineering at the School of Engineering and Applied Science, Columbia University discusses her keynote on the development of silicon photonics for HPC ahead of her keynote presentation at ISC High Performance 2018 

Feature

Sophia Ktori explores the use of informatics software in the first of two articles covering the use of laboratory informatics software in regulated industries

Feature

Robert Roe discusses the role of the Pistoia Alliance in creating the lab of the future with Pistoia’s Nick Lynch