Google researchers say software alone can’t mitigate Spectre chip flaws

19 Feb 2019

Image: © VGV MEDIA/Stock.adobe.com

A group of researchers say that it will be difficult to avoid Spectre bugs in the future unless CPUs are dramatically overhauled.

Google researchers say that software alone is not enough to prevent the exploitation of the Spectre flaws present in a variety of CPUs. The team of researchers – including Ross McIlroy, Jaroslav Sevcik, Tobias Tebbi, Ben L Titzer and Toon Verwaest – work on Chrome’s V8 JavaScript engine.

Spectre will haunt us for a while

The researchers presented their findings in a paper distributed through ArXiv and came to the conclusion that all processors that perform speculative execution will always remain susceptible to various side-channel attacks, despite mitigations that may be discovered in future.

It is just over a year since the Meltdown and Spectre flaws were first disclosed. Spectre is a hardware vulnerability that affects microprocessors that can potentially be exploited by malware, which can infiltrate data being processed by the CPU.

Researchers found that a malicious programme can exploit the Spectre vulnerability to steal confidential data stored in the memory of other programmes being executed.

Computing.co.uk explains that Spectre essentially breaks the isolation between different applications, enabling an attacker to “deceive error-free programmes into disclosing their secrets”.

At the time of the discovery of the bugs, researchers found Spectre “can enable a website to read data stored in the browser for another website, or even the browser’s memory itself”.

A major overhaul is required

According to the new research, to truly remedy all existing and future Spectre bugs, hardware-makers will need to come up with new CPU microarchitecture designs.

The researchers said: “We now believe that speculative vulnerabilities on today’s hardware defeat all language-enforced confidentiality with no known comprehensive software mitigations, as we have discovered that untrusted code can construct a universal read gadget to read all memory in the same address space through side-channels.”

Intel has said it will include some hardware fixes for known and specific hardware bugs in future CPUs. The problem here, according to researchers, is that the Spectre bugs are seen as an entire broad class of speculative execution vulnerabilities that enable side-channel attacks.

The team found that unless the microarchitecture designs are overhauled, speculative execution bugs will continue to be a threat.

Solutions are not perfect

The researchers offered several potential solutions, including disabling speculative execution entirely, precision timer mitigation and branchless masking. They did note that these mitigations are not without their own issues, with performance penalties likely if they are implemented.

They concluded: “Our models, our mental models, are wrong; we have been trading security for performance and complexity all along and didn’t know it. It is now a painful irony that today, defence requires even more complexity with software mitigations, most of which we know to be incomplete.

“And complexity makes these three open problems all that much harder. Spectre is, perhaps, too appropriately named as it seems destined to haunt us for a long time.”

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com