Communications of the ACM
Technical Perspective: A Recipe for Protecting Against Speculation Attacks
There has been a great deal written about the threat posed by Spectre and Meltdown style attacks to our computing infrastructure. The authors of "How to Live in a Post-Meltdown and -Spectre World" (Communications, Dec. 2018, p. 40) rightly note that "Meltdown and Spectre were particularly difficult to patch" and that "the scope of vulnerabilities such as Meltdown and Spectre is so vast that it can be difficult to address." There are many nuances to such an attack {see "Spectre Attacks: Exploiting Speculative Execution" (Communications, July 2020, p. 93), but part of the reason they are so problematic is they really describe a new recipe for attacks. Specifically, they show how to use a fundamental aspect of machine operation, speculation, against the memory read protections enforced by that very same machine. While any given instance of the attack might rely on the peculiarities of a specific memory hierarchy or software organization, this recipe is surprisingly general.
Many new solutions to these attacks have been proposed since the vulnerability was disclosed, but most of them only address specific instances of the vulnerability rather than the underlying problem. They can block a specific set of attacks, but not new instances of the recipe. A simple tuning of parameters, changing of exfiltration paths, or use of other micro-architectural conflicts can defeat many of these approaches. Unlike a bug or a bit-flip error, an adversary will purposefully and intelligently find new unprotected paths to work around a countermeasure. An approach capable of providing long-term protection needs to speak to the fundamental issues at the heart of this new class of attacks. While the following paper is not the end of the speculation-based attacks, it might be a beginning of an end.
No entries found