[Cryptography] Speculation considered harmful?
Tony Arcieri
bascule at gmail.com
Sun Jan 7 22:56:22 EST 2018
On Sat, Jan 6, 2018 at 3:28 PM, Ray Dillinger <bear at sonic.net> wrote:
> If the real impact of this class of attack is as it seems, "we need to
> fundamentally redesign our CPUs", then the obvious question is "what is
> the best way to achieve the desired result within the now
> better-understood design space?"
This entire line of enquiry is literally why RISC-V exists. The RISC-V
foundation just said as much (after announcing no RISC-V CPUs were
vulnerable to Meltdown/Spectre):
https://riscv.org/2018/01/more-secure-world-risc-v-isa/
"The RISC-V community has an historic opportunity to 'do security right'
from the get-go with the benefit of up-to-date knowledge. In particular,
the open RISC-V ISA makes it possible for many different groups to
experiment with alternative mitigation techniques and share results."
Clearly the exact solution to Meltdown/Spectre is still an open research
problem, but as it turns out researchers designing RISC-V cores were just
starting to look at things like speculative execution, and are
greenfielding in 20/20 hindsight of these vulnerabilities.
What might it look like in broad strokes? RISC-V cores are already built on
an every-word-tagged memory architecture which carries rich attributes with
every word of memory in the system. This has already been useful for things
like control flow enforcement, but would also enable things like ensuring
(as a guarantee, enforced by the circuit design of the CPU itself)
speculation stops at protection boundaries.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180107/ba0cec36/attachment.html>
More information about the cryptography
mailing list