How The Spectre/Meltdown Vulnerabilities Work
(This post was written by Checkpoint and first appeared on the Checkpoint Blog.)
The Spectre and Meltdown vulnerabilities recently discovered in Intel, AMD and ARM processors, are fairly complex.
In this post we will try to simplify what the problem is, how it could affect your business and what actions can be taken to protect against it.
It is important to begin by clarifying that despite their two names, both Spectre and Meltdown are essentially based on the same observation. This observation is a weakness behind the common implementation of speculative execution.
What Is Speculative Execution?
With the rate of computing power said to double every two years, CPU engineers are tasked with ensuring computers are able to run faster and faster in order to carry out ever more demanding tasks. One method they use to achieve this task is that of ‘speculative execution’.
Many times, processors wait for data to be available, as they are faster than memory and other inputs. Therefore, in order to make the process run faster, the CPU makes assumptions and guesses the outcome of a branch point (‘branch prediction’) without having the full knowledge of the outcome.
If the assumption turns out to be correct then it will have the desired output already to hand and execute. If the assumption turns out to be wrong, then it can simply disregard that output at no cost in wasted time. This is called ‘speculative execution’.
At this point, we should say a word about security boundaries and how they relate to the CPU.
Modern computers today rely on their ability to run several distinct pieces of code at the same time, while maintaining boundaries between them. For example, if you are watching a video on YouTube while simultaneously being logged in to your online bank account on a separate tab, we rely on the CPU’s ability to maintain separation between these boundaries. The same idea applies to cloud providers that run several virtual machines on the same hardware.
In addition, it is critical to understand that although it is the Operating System that defines these security boundaries, it is the CPU, whether running on a personal computer, a networked computer or a virtual machine hosted by a cloud service provider, which is responsible for enforcing them.
Speculative execution however is sometimes done without checking for security boundaries, an architecture that make sense in order to not slow down the process, as the security check will be carried out before the final output is given.
The Spectre/Meltdown Vulnerability
The essence of the Spectre and Meltdown vulnerability thus lies in the attacker’s ability able to deduce information outside of their security boundaries, by measuring the timings involved in speculative execution. This is called a ‘side channel attack’.
While the architecture seems correct, the timings reveal information that could be used along with other tools to gain access to sensitive data stored on the computer.
To help us understand this better, consider the analogy of a lie detector. While the suspect being questioned may not always tell us the information he is holding, we can however use ‘side channels’ such as heart rates, sweat, heat and other signs provided by a lie detector, to help us deduce further information.
Is it possible to protect against these vulnerabilities and these attacks?