[Cryptography] Spectre again (was Re: RISC-V branch predicting)
Nemo
nemo at self-evident.org
Mon Feb 12 13:48:25 EST 2018
"Perry E. Metzger" <perry at piermont.com> writes:
> On Sat, 10 Feb 2018 15:32:20 -0500 Jerry Leichter <leichter at lrw.com>
> wrote:
>> The Javascript is *intended* to be in a separate security domain
>> from the rest of the browser.
Yes, I know. I was just giving an example of how Spectre has nothing to
do with speculative code paths bypassing hardware access controls.
>> You want to run someone else's Javascript? Run it in a separate
>> address space and process.
Except Spectre also crosses hardware privilege domains: The other
proof-of-concept was reading kernel memory from unprivileged user
code. True, they had to "cheat" by using eBPF... But someone with more
resources than a few motivated grad students could probably do
interesting things without cheating.
> The obvious fix for Spectre here isn't easy, it's to either run that
> hostile code only in its own process, or to provide hardware access
> isolation even inside a single process. For some things, the former is
> currently difficult.
Chrome already supports "site isolation"
(https://support.google.com/faqs/answer/7622138#chrome), which is a big
step along these lines.
But Spectre also crosses the kernel protection boundary, and almost all
of the mitigations for that could also be applied to a sandboxed app /
runtime boundary within a single process (e.g. retpolines, IBRS,
IBPB). So while I do not necessarily disagree with the principle you and
Jerry are advocating, I am not sure Spectre is a good example.
Quick list of search terms if you are curious about Spectre mitigations:
retpoline
Indirect Branch Restricted Speculation (IBRS)
Indirect Branch Prediction Barrier (IBPB)
Single Thread Indirect Branch Predictors (STIBP)
If you find (or author) a single document describing each of these in
detail, please send it along, because I have not found one
yet. Everything I know is just snippets.
- Nemo
https://self-evident.org/
More information about the cryptography
mailing list