[Cryptography] Spectre is here to stay

Henry Baker hbaker1 at pipeline.com
Mon Feb 18 14:42:37 EST 2019


FYI --

https://arxiv.org/abs/1902.05178

https://arxiv.org/pdf/1902.05178.pdf

Spectre is here to stay

An analysis of side-channels and speculative execution

The recent discovery of the Spectre and Meltdown attacks represents a
watershed moment not just for the field of Computer Security, but also
of Programming Languages.  This paper explores speculative
side-channel attacks and their implications for programming languages.
These attacks leak information through micro-architectural
side-channels which we show are not mere bugs, but in fact lie at the
foundation of optimization.  We identify three open problems, (1)
finding side-channels, (2) understanding speculative vulnerabilities,
and (3) mitigating them.  For (1) we introduce a mathematical
meta-model that clarifies the source of side-channels in simulations
and CPUs.  For (2) we introduce an architectural model with
speculative semantics to study recently-discovered vulnerabilities.
For (3) we explore and evaluate software mitigations and prove one
correct for this model.  Our analysis is informed by extensive
offensive research and defensive implementation work for V8, the
production JavaScript virtual machine in Chrome.  Straightforward
extensions to model real hardware suggest these vulnerabilities
present formidable challenges for effective, efficient mitigation.  As
a result of our work, we now believe that speculative vulnerabilities
on today's hardware defeat all language-enforced confidentiality with
no known comprehensive software mitigations, as we have discovered
that untrusted code can construct a universal read gadget to read all
memory in the same address space through side-channels.  In the face
of this reality, we have shifted the security model of the Chrome web
browser and V8 to process isolation.
---

I hope that we can spend more time 'nerding harder' on problems
like Spectre, rather than 'nerding harder' on encryption backdoors.

*Compression*, in *ALL* of its forms, should be considered 'one
of the usual suspects' when looking for attacks.  In the case of
Spectre, the 'compression' achieved is the *compressed memory
reference string* which is achieved via the *dictionary* ==
*cache contents*.



More information about the cryptography mailing list