New versions of Meltdown and Spectre

For discussions about security.
Post Reply
Message
Author
User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

New versions of Meltdown and Spectre

#1 Post by prehistoric »

A research paper describing new timing side-channel attacks derived from Meltdown and Spectre has been published. Here's a natural-language description.

My first insight is that this only applies to multi-core processors, (but how many people are running those?) My second insight is that cache coherency strategies are very similar in many multi-core chip designs, including some that have not seemed vulnerable to date. Expect this problem, and the approach to finding it, to keep producing new vulnerabilities.

From experience dealing with cache coherency problems I have to say that this is not something the classic teenage hacker working after school in his parent's basement will figure out. That won't matter if anyone anywhere does figure out how to exploit this proof of concept, and this escapes onto the Internet, the teenager will simply copy code and modify it for his own nefarious purposes.

If you want tight security, I would recommend processors with physically-isolated memory in separate boxes from those running untrusted code. This would present problems for little things like Google, Facebook or AWS.

Post Reply