![]() ![]() Were the tech firms using KAISER to patch a secret, more severe chip-level flaw? Only then did he and the other Graz researchers think back to Fogh's failed speculative execution attack. "There must be something bigger here," Lipp remembers thinking. And yet, Intel and other tech giants were still pushing for the fix. Soon, however, developers on the mailing list began to note that the KAISER patch could slow down some Intel chips by as much as five to 30 percent for some processes-a far more serious side effect than the Graz researchers had found. "People were interested in deploying our countermeasures." The Graz researchers had intended KAISER to solve a far less serious issue than Meltdown or Spectre their focus was on hiding the location of a computer's memory from malicious, not necessarily blocking access to it. Their first real clue came instead from the Linux kernel mailing list: In October, they noticed that developers from major companies including Intel, Amazon, and Google were all suddenly interested in a new defensive redesign of operating systems, called KAISER, that the Graz researchers had created, with the goal of better isolating the memory of programs from the memory of the operating system. ![]() It was only months later that the researchers at the Graz University of Technology started to closely consider his warnings. Still, Fogh's post hardly sounded alarms for the broader hardware security research community. But Fogh nonetheless warned that speculative execution was likely a "Pandora's box" for future security research. By watching the timing of those checks, the program could find traces of the kernel's secrets.įogh failed to build a working attack, due to what other researchers now say were quirks of his testing setup. And even after the processor realized its mistake and erased the results of that illicit access, the malicious code could trick the processor again into checking its cache, the small part of memory allotted to the processor to keep recently used data easily accessible. Perhaps, Fogh suggested, that out-of-order flexibility could allow malicious code to manipulate a processor to access a portion of memory it shouldn't have access to-like the kernel- before the chip actually checked whether the code should have permission. In their insatiable hunger for faster performance, chipmakers have long designed processors to skip ahead in their execution of code, computing results out of order to save time rather than wait at a certain bottleneck in a process. Most prominently, security researcher Anders Fogh, a malware analyst for German firm GData, in July wrote on his blog that he had been exploring a curious feature of modern microprocessors called speculative execution. While some elements of Meltdown and Spectre's four-way bug collision-a bug pile-up may be a better description-remain inexplicable, some of the researchers followed the same public breadcrumbs to their discoveries. More than a sense of achievement, he felt shock and dismay. ![]() His code, designed to steal information from the deepest, most protected part of a computer's operating system, known as the kernel, no longer spat out random characters but what appeared to be real data siphoned from the sensitive guts of his machine: snippets from his web browsing history, text from private email conversations. That evening, Gruss informed the other two researchers that he'd succeeded. After a Saturday night drinking with friends, they got to work the next day, each independently writing code to test a theoretical attack on the suspected vulnerability, sharing their progress via instant message. Two days earlier, in their lab at Graz's University of Technology, Moritz Lipp, Daniel Gruss, and Michael Schwarz had determined to tease out an idea that had nagged at them for weeks, a loose thread in the safeguards underpinning how processors defend the most sensitive memory of billions of computers. On a cold Sunday early last month in the small Austrian city of Graz, three young researchers sat down in front of the computers in their homes and tried to break their most fundamental security protections. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |