[Cryptography] Spectre/Meltdown resistant 'Movfuscator' ?
Henry Baker
hbaker1 at pipeline.com
Thu Feb 1 08:23:48 EST 2018
FYI -- Comments at bottom
https://motherboard.vice.com/en_us/article/gyw45w/this-cpu-exploit-safe-version-of-doom-runs-at-00003-fps
This CPU Exploit-Safe Version of 'Doom' Runs at .00003 FPS
One way to defend against Spectre and Meltdown.
Michael Byrne
Jan 30 2018, 5:00am
The Spectre and Meltdown CPU exploits, which allow data to leak from
highly secure parts of a computer to really wherever, are bad because
they have to do with something pretty fundamental in how modern
computer processors work. This is a feature called branch prediction,
which basically means that a CPU might process data before it's
actually needed in situations where a program has to make a decision
to do one thing instead of another thing, which is called branching.
Here's a whole thing on how that works in terms of Spectre and
Meltdown. For now, just understanding that branching is pretty
important to how computer programs work but it can also lead to
optimizations that are insecure. One extreme solution might be
removing branching from computer programs altogether. Make software
entirely, 100 percent deterministic.
https://motherboard.vice.com/en_us/article/qvw3k3/the-clever-engineering-behind-intels-chipocalypse
That's what Github user xoreaxeaxeax did to Doom. Their version of
the game is branchless and relies on just a single machine
instruction. There's no branching, or even arithmetic: The only
processor command it contains is "mov", which scoots data from memory
address to memory address. It's actually a demonstration of
xoreaxeaxeax's more general C compiler, the M/o/Vfuscator2, which
converts commands in the C programming language into machine-level
instructions. Or, in this case, instruction, singular.
https://github.com/xoreaxeaxeax/movfuscator/tree/master/validation/doom
https://github.com/xoreaxeaxeax/movfuscator
The downside of this is that the resulting machine instructions are
spectacularly inefficient. Single-instruction, branchless Doom
renders a single frame every seven hours on a 386 Intel processor.
Security ain't free.
---
https://www.youtube.com/watch?v=R7EEoWg6Ekk
https://github.com/xoreaxeaxeax/movfuscator/blob/master/slides/domas_2015_the_movfuscator.pdf
http://www.cl.cam.ac.uk/%7Esd601/papers/mov.pdf
---
This Motherboard article claims that this scheme of compiling into only "MOV"
instructions avoids the problems of Spectre & Meltdown.
Yes, it avoids branch instructions, but no, it doesn't avoid cache timing
leaks. Indeed, since it heavily uses *table lookup*, it leaks *far worse*
than normally compiled code.
More information about the cryptography
mailing list