Date: Thu, 4 Jan 2018 11:03:43 -0500 From: Eric McCorkle <eric@metricspace.net> To: Brett Glass <brett@lariat.org>, =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@des.no>, Erich Dollansky <freebsd.ed.lists@sumeritec.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, "Ronald F. Guilmette" <rfg@tristatelogic.com> Subject: Re: Intel hardware bug Message-ID: <736a2b77-d4a0-b03f-8a6b-6a717f5744d4@metricspace.net> In-Reply-To: <201801041552.IAA17267@mail.lariat.net> References: <02563ce4-437c-ab96-54bb-a8b591900ba0@FreeBSD.org> <19876.1515025752@segfault.tristatelogic.com> <20180104132807.266fe46c.freebsd.ed.lists@sumeritec.com> <86vaghu0ps.fsf@desk.des.no> <201801041552.IAA17267@mail.lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/04/2018 10:52, Brett Glass wrote: > At 08:01 AM 1/4/2018, Dag-Erling Smørgrav wrote: > >> This is irrelevant. We are talking about timing-based side-channel >> attacks. The attacker is not able to access protected memory directly, >> but is able to deduce its contents by repeatedly performing illegal >> memory accesses and then checking how they affect the cache. > > This is something I do not yet fully understand; perhaps someone here > on the list can help explain it to me. The "Spectre" attack is claimed > to work by altering the contents of the cache via a speculatively > executed instruction. But the contents of that memory are not revealed > directly to the program. So, how does it deduce the contents of physical > memory merely from the fact that there's a cache miss on its address? You can speculatively execute code based on the value of a fetched memory address, which may eventually fault. This can be used to pull things into cache, which can then be measured. The attack looks like this: 1) Fetch kernel/other process memory, which eventually faults 2) Do a bit-shift/mask operation to pluck out one bit of the fetched value. This gets executed speculatively on the fetched value in (1). 3) Execute fetches of two different addresses depending on some bit in the fetched value in (1) (say, 0x100000 for 0 vs 0x200000 for 1). This also gets executed speculatively despite the fact that (1) ends up faulting. 4) Recover from fault in (1) 5) Measure performance of accesses to the two addresses to determine which one is cached. The really terrible thing about this is that it suggests a *class* of attacks: side-channels based on CPU implementations, of which this is the first (and most obvious) one to be discovered. I suspect this is going to be dogging us for years to come.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?736a2b77-d4a0-b03f-8a6b-6a717f5744d4>