There’s been some concern about whether KAISER will slow computers down and by how much. Unfortunately, KAISER is not a general fix for Spectre, which thankfully is trickier to pull off than Meltdown. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets,” according to the website. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.”Ī related attack, which they call Spectre, is potentially wider reaching because it “breaks the isolation between different applications. On a website devoted to the attack they say: “Meltdown breaks the most fundamental isolation between user applications and the operating system. Together with researchers from Rambus, University of Adelaide, University of Pennsylvania, and Cyberus Technology, they formalized the attack, calling it Meltdown. That is, they start working on what they expect should be the next task, discarding the result if they guessed wrong. Fogh couldn’t get the attack to work, but Gruss’s colleagues Michael Schwarz and Moritz Lipp did. In such situations processors perform speculative execution. He had attempted to read protected kernel data using a quirk of how modern processors keep busy while waiting for slow compute processes to get their data. “We thought there must be something.”Īt some point they stumbled across a posting by Anders Fogh. “We weren’t aware of any attacks.” They then got wind of Amazon working on an implementation and became more suspicious. “Starting in October we heard of some effort by Intel to merge a KAISER patch into the upstream kernel, which surprised us,” he says. “It’s good design, and if you have a good design for something, it will protect you.” But there was no particular exploit it was defending against. “We thought it would be a good countermeasure for generally hardening systems,” Gruss tells Spectrum. They published a paper on it in July 2017. That might sound simple, but the peculiarities of the x86 architecture, on which most PC and server processors are based, make it a nontrivial task. It does so by strictly separating kernel memory spaces in the processor cache. KAISER prevents the computer processes of user applications from managing to get at kernel memory spaces-which might, for instance, give someone access to your log-in information or a cryptographic key you’d like to keep safe. In 2016 they examined ways to harden the core of an operating system-the kernel-against such attacks, and came up with a scheme they called KAISER. The operating system redo will almost certainly lead to performance reductions in some systems during certain uses. But the fact that there’s a fix at all is largely due to security researchers at the Graz University of Technology, in Austria, who were unaware of the vulnerability until last month.ĭaniel Gruss and his Graz colleagues specialize in side-channel attacks, ways to exploit systems using the data gleaned from the physical implementation of a system rather than a software flaw. Makers of those operating systems are racing to roll out a fix to Meltdown, which is the easier exploit to pursue, according to The Register, which first reported the effort Tuesday. Unusually, the exploits, called Meltdown and Spectre, take advantage of the processors’ hardware rather than a software flaw, so they circumvent security schemes built into major operating systems. This post was updated 5 January to include links to AMD’s and Apple’s statements.Ī major security flaw has surfaced that’s thought to affect all Intel microprocessors since at least 2011, some ARM processors and, less so, AMD processors.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |