Spectre (cybersecurity vulnerability)

From Conservapedia
Jump to: navigation, search
Spectre with text.png

Spectre is a pair of hardware vulnerabilities in some Microprocessors which abuses "speculative execution." It is a set of variants to the Meltdown vulnerability.[1] The first is "bounds check bypass" (CVE-2017-5753), the second and more serious is "branch target injection" (CVE-2017-5715).

Discovery

This pair of vulnerabilities was reported by two different people, Jann Horn (Google Project Zero) and Paul Kocher (in collaboration with Daniel Genkin [University of Pennsylvania and University of Maryland], Mike Hamburg [Rambus], Moritz Lipp [Graz University of Technology], and Yuval Yarom [University of Adelaide and Data61]).

Process

With the push for electronics to operate at ever greater speeds, processors have begun using "speculative execution" in which they begin computing expected tasks before the tasks has actually been assigned. Once started, it will be determined whether the expected branch of tasks was correct or not. If the tasks were predicted properly, time is saved in the operation. If not, the branch must be disregarded and it must start over, working on the tasks which were actually needed. Although this may sound inefficient, predictions are often correct, so the management agent is able to complete many tasks more quickly.[1] Alternatively, multiple logic paths can sometimes be followed simultaneously, so that some progress is made regardless of which branch is needed.
Unfortunately, these methods can be abused using the out-of-order processing of this "speculative execution," so that the processor will predict branch paths which should never actually exist. In so doing, software can create a side channel which leaks the victim’s confidential information to the attacker. By using "side channel attacks, fault attacks,and return-oriented programming that can read arbitrary memory from the victim’s process," sensitive information can be stolen.[1]

Solution

These vulnerabilities are more difficult to patch than Meltdown, but there are some software patches available for certain types of hardware running certain operating systems,[2] including one for Linux.[3]
Ultimately, mitigation of this issue requires firmware and microcode updates. The problem with this is that firmware varies greatly from one device to another, so it is not something which can be easily applied to all computers running a specific operating system. Nonetheless, Microsoft has been working to push out these firmware updates to their users through the standard Windows Update system.[4][5]

References