Understanding Spectre And Meltdown Vulnerabilities In Processors

Explain spectre and meltdown,counter measures to spectre and meltdown and future impact of spectre and meltdown. 

Spectre Vulnerability

Two processor level flaws have been highlighted by cyber security researchers known as Spectre and Meltdown. These vulnerabilities have affected almost all known operating systems such as MacOS, iOS, Linux, Android and Windows. According to the researchers, a feature known as Speculative Execution is one of the main reasons for the  vulnerabilities that are present in the almost all of the processors that are used today. Apple recently confirmed that the malicious software need to be in the system which is affected to exploit its data. Project Zero which is run by Google confirmed through independent testing that the attacker has to physically access the device to run the stated vulnerabilities. Most of the vendors have denied any allegation that the vulnerabilities have been used to extract data from consumer devices. Contrary to these clams, Google Zero has already devised a working form of the vulnerability which has the ability to bring down an entire server network. Apple has already acknowledged that Meltdown has more potential to cause damage than Spectre (CNET, 2018). Many devices are not eligible for getting updates from their respective vendors so this puts many people at risk. Google recently stated that devices which are running the latest updates of their operating systems are immune from these vulnerabilities. Speculative execution process is utilized by both Spectre as well as Meltdown but where Meltdown uses the privilege escalation of Intel, Spectre uses two methods in combination to initiate the attack namely, Speculative execution and Branch Prediction.

In the report, details about Spectre and Meltdown have been discussed and possible mitigation strategies as well as their future impacts has been evaluated.

The aim of the report is to:-

• Evaluate the threats from Meltdown and Spectre
• Understand the security policies and security techniques that are used for mitigating the vulnerabilities
• Evaluating their future impacts
• Proper recommend counter measures for the vulnerabilities

The scope of the report is to provide information to prospective researchers about Spectre and Meltdown and provide them with ample information so that they can devise mitigation strategies for the vulnerabilities. 

Brief on Spectre

The vulnerability named Spectre gets its name from a hardware process named Speculatve Execution. Spectre tricks other programs by using random memory locations of the program. The attacker can collect sensitive information from the contents of the memory pace which has been accessed. It uses the speculative execution exploit and usually consists of more than one vulnerability. Spectre uses branch prediction specifically which is a case of speculative execution. Unlike Meltdown, it does not rely on a single processor for memory management (Hruska, 2018). Spectre uses branch prediction mechanism and starts its point of attack from a side channel attack present in the processors. Even when Spectre is erased form the device, loaded cache lines are left behind due to side effects from the speculative execution mechanism which also affects the nonfunctional elements present in the operating systems.

Working Mechanism and Impact of Spectre

The working mechanism of a processor needs to be understood to understand how Spectre functions. Four basic things need to be performed to execute a program in the processor. Suppose there is an addition program which has two variables x and y. At first, the program has to shift the value of x to the processor (into a register called R1) form the main memory. The same process is done with e the value is saved into R1 (Scientific-computing.com, 2018). To complete the program, the computer has o tore the value of R1 back into the main memory. Some features have to be added by the processor designers to hide the discrepancies caused by different speeds of main memory and the processor (the processor is 100 times faster than the main memory).

These features are cache and speculation. Spectre uses both these technologies to extract sensitive data from people. Caches are used to store values which are frequently used and are much faster than the main memory. If the values of x and y are inserted in the cache, then the need to write back the values in the slow main memory is diminished which results in the program executing itself faster. This difference in accessing speed is used by Spectre to exploit data. Variant 2 of Spectre use speculative execution which speculates what tasks might lie ahead even before the CPU actually makes the request. It kind of serves like a scout operating well in front of the CPU’s many other functions and capabilities. Its goal is to speed things up for the entire system by exploring lots of potential CPU tasks in advance. Back in the 1960s when speculative execution was invented computers were very self-contained. Since it was not possible for anyone to check what the data was thrown away nobody thought it can pose as a risk and it was never secured (Trippel, Lustig and Martonosi,  2018). Nowadays, mobile device and computers share system resources with many applications and environments. Sharing is good but when data via speculative execution nds up in shared memory, attackers use a side channel to sneak in and hijack the data.

Spectre can be accessed remotely. As soon as the user visits the infected website with the Spectre code, the information starts leaking through cookies and passwords. As the vulnerability is hardware based and not software based, no software workarounds can be installed to mitigate its effects. Responding to Spectre, Intel has released micro codes which does not entirely destroy the vulnerability but reduces its impacts (Theregister.co.uk 2018). Spectre cannot be totally eliminated without totally erasing caching and speculative execution which are vital operations that are required for processing. 

Meltdown Vulnerability

Brief on Meltdown

The vulnerability named Meltdown got its name from the fact that it basically melts the security boundaries of the hardware. The attacker can access any data from around the computer which he or she is not authorized to see with the help of this vulnerability, including administrative data. The vulnerability only works with certain kinds of chips (Simakov et al., 2018).

The x86 processors of Intel, Microprocessors of ARM and IBM are specifically attacked by Meltdown. Meltdown actually gives permission to a malicious process to read user data without their permission and is a hardware based vulnerability. The processors which are made by AMD are not affected by the virus (Griffin, 2018). This vulnerability can affect processors which were made in the last 10 years. The race condition of the CPU (between instruction execution and privilege checking) is exploited by this vulnerability. The unauthorized data is read normally before the privilege check can happen.

Figure 1: Working of Meltdown

(Source:  Created by the author)

The processor is convinced to load the secret data with the help of Meltdown. This access will be eventually blocked by the processor and it will not allow the process to check the memory or register that is controlled by the attacker. But in step 2, the processor is convinced by the attacker to index the array that is under control of the attacker using the step 1 data. The timing difference between the array accesses is observed by the attacker to collect the secret data even though the processor did not load it clearly. Step 2 and Step 3 are collectively called as side channel attack. Flush reload side channel attack is specifically used by Meltdown (Kocher et al., 2018). Through the flush operation, the processor cache is cleared by the vulnerability. The next process is to use the element of the infected array to trick the processor in using secret data. This allows the processor to load the infected element of the array into the cache. The amount of time to access each element of the array is observed by the attacker effortlessly. The most important step within the 3 steps of Meltdown mechanism is the first step as it gives the attacker access to the kernel (Fruhlinger, 2018). The kernel controls the hardware and authenticates which memory is accessed by whom.

The kernel address is computed by Meltdown and it forces the processor to load the data into a register through speculative execution. When the data is being loaded from the main memory to the register, it is temporarily saved in the processor’s cache memory. This data is exploited by the attacker to get access time without proper privileges (O'Donnell et al., 2018). Sensitive information such as cookies and passwords can be present in the stolen kernel data. A virtual environment is created by the attacker inside the physical memory where he or she can move data whenever he or she wants. Hence, the data can be saved in the cache just like an Oracle Database and used to bypass the standard controls of the operating systems.

Working Mechanism and Impact of Meltdown

The Countermeasures for Spectre and Meltdown

A complete patch to disable both the vulnerabilities is not possible as they are present at a hardware level. In spite of this, major vendors such as Google, Apple and Microsoft has released several patches to address these issues. The KAISER patch which was released for Linux operating system in 2017 automatically prevented Meltdown but didn’t do much for mitigating Spectre. Cloud servers are patched first as they are more vulnerable to the attacks than physical networks. Rendition Infosec has released an organizational strategy which can protect organizational systems from damage and contains basic guidelines.  A good countermeasure is to keep the browsers updated as Spectre uses JavaScript and browser plugins to initiate the attack (Information Management, 2018). The operating systems which will never be patched and will remain vulnerable to the attacks are Windows XP and budget phones running the older versions of Android. Several patches have been released by Microsoft for Windows 7 and above. The Edge browsers along with Explorer browsers have been updated as well. Major manufacturers such as AMD has dispatched firmware updates on January 11^th although some of them have been temporarily removed as they were not working properly (Meltdownattack.com, 2018). Apple has similarly released patches for its operating systems such as MacOS, tvOS and iOS as well as for it browsers on 3^rd January.  Google has released patches for its chrome books too although vulnerability was not assessed for ChromeOS. On 23^rd January, Firefox has also released a patch for its browsers and a beta version is already available (Support.microsoft.com, 2018). 

Management of memory between the application software and the OS needs to be changed fundamentally to eradicate vulnerabilities from Meltdown completely. A technology called Kernel Page table isolation (KPTI) is used to prevent loading of data in the caches of a microchip when a user data is present or running. When an application software asks the operating system to do something on its behalf, the KPTI immediately gets into action to prevent such activities. For iOS 10 and above, Apple has issues several patches.  Microsoft has released several patches which use unsupported kernel cells and do not work with third party programmes. A little amount of memory will be left exposed as the vulnerability is not software based. Serializing the permission check and the register fetch can prevent the vulnerability (Lipp et al., 2018). But this will significantly affect the performance of the systems as it will implement lot of memory overhead to the memory addresses which will slow down the fetching process.

Mitigation Strategies and Future Impacts

Creating a hard split between the user space and the kernel space is a proper countermeasure. With the help of modern kernels, a new kernel bit can be introduced in the CPU control register. When the hard split bit is introduced, the kernel will be forced to stay in the upper part of the address which will allow the system to identify an unprivileged memory fetch. Minimal performance impact is expected (The Verge, 2018). Introducing KAISER is another counter measure that can be considered. It is a kernel that has been modified to stay outside the user space and prevents Meltdown by not giving any valid mapping to the kernel space (physical). Other operating systems have adopted similar approaches. Although the counter measures are not permanent, it can at least prevent the attack by not allowing kernel pointers to operate in the user space.

Spectre has two types of variants, namely Variant 1 and 2. Load fences are put around the kernel to mitigate Variant 1 of Spectre. When a first load is already applied, the speculation programme is prevented from applying a secondary load to it (HPE, 2018). Putting minimum and small changes in the kernel source is part of the mitigation technique. For removing the vulnerabilities associated with Variant 2, the hardware related to branch predicting is deactivated by the operating system when it checks malicious activities coming from a software (Leonhard, 2018). The technique is very effective but it decreases the performance of the system. To counter this issue, the system administrator should be present who can turn the patches on and off if the system performance suffers. Intel has created a new set of hardware features that work with the operating system to create virtual fences protecting the system and the data it contains from speculative execution attack. This prevents the attackers by keeping them away from any decision making processes entirely so they cannot influence the task that the application takes. This helps retain the many advantages of Speculative execution while preventing the vulnerabilities caused by Variant 2 of Spectre.

On January (2018), Intel announced that as a countermeasure they will start shipping new processors by the end of the year which are not vulnerable to Meltdown as well as Spectre (Watson et al., 2018). With software changes, the variant 1 of Spectre can be mitigated and with hardware changes, the variant 2 of Spectre can be mitigated. As part of the mitigation technique, Intel announced that they have redesigned some portions of the processor to introduce proper security checks for both the vulnerabilities. Intel also said that micro codes have been enacted in all the products of Intel that have been released in the past five years (Gibbs, 2018). A permanent counter measure for Spectre is still unavailable.

Vendor Patches and Updates

The Future impacts of Spectre and Meltdown

In the future, cloud providers will be severely affected from Spectre than Meltdown because Spectre sends data by using a hypervisor to a rogue guest system whereas Meltdown only obtains personal data from physical memory spaces of the cloud (Engadget, 2018).

In the coming years, the threat from more hardware attacks will increase rather than attacks which are software based.  Intel’s management system recently discovered a new vulnerability that was similar like Spectre and Meltdown (Knowledge@Wharton, 2018). These vulnerabilities are unexplored and rather new, hence researchers and intelligence agencies will try their best to research this new area and possibly find more exploits. 

The second impact will arise from requiring a coordinated effort from all the major manufacturers for designing a patch that works for all microprocessors.  Although Intel and AMD has released their respective patches, it will still take some time for the computer manufacturers and application vendors to customize the patch so that the user can use them effectively. This is difficult as keeping the vulnerabilities a secret is a difficult task before the required patches are released (Design News, 2018). Due to the early announcement of Spectre and Meltdown, attackers get enough time to devise an attack before the patches are rolled out safely.

The other future impacts of these vulnerabilities will be that the global infrastructure consisting of the IoT devices, cars, appliances and smart watches will be affected as well beside the computers. The cloud providers can be hacked anytime to release personal data compromising the security system of the infrastructure (dzone.com, 2018). The future design of microprocessors will be affected as well. As the total cost of the implementation of new devices will be significantly large, small scale businesses which handle sensitive data will suffer (TechRepublic, 2018). In the future, more side channel attacks will follow and an appreciation for designing a secure system (by the researchers) to erase speculative execution will improve significantly.

Conclusion

To conclude the report, it can be stated that with the discovery of side channel attacks to extract sensitive data, hardware and software design systems will evolve in the coming years.  For the individuals using personal computers the implication of the vulnerabilities will be significant. Depending on the specification of the workload and the hardware, the performance impact on the machines will be significant as well. The desktop users will be severely affected as Spectre normally uses browser plugins to access the user data with JavaScript. In the future, researchers may be able to unravel new exploits that are not covered under the mitigation strategies. The vulnerabilities need to be confirmed independently by the researchers who can assign the same project to different teams and analyse the final results. Moreover, the vulnerabilities may not get patched completely as they are hardware specific. Researchers are still trying their best to change the operating system totally so that the user code will be unable to access the kernel memory. To reduce the exposure risk, some manufacturers are even considering implementing a BIOS modification to their devices. The short term mitigation strategies which will be effective for now are to patch the firmware of the devices as well as their respective operating systems. Amazon AWS and Microsoft Azure (two renowned cloud providers) are the most vulnerable to these attacks as the attacks can be remotely executed from one user to the next. The users need to be careful as well as the malicious code needs to be executed in the user’s machine so the attacker has to be physically present around the system. To understand the vectors and extent of the vulnerabilities, more research needs to be considered in this specific field. 

References

6 steps firms can take to mitigate Spectre and Meltdown risks. (2018). Information Management. Retrieved 17 March 2018, from https://www.information-management.com/slideshow/6-steps-firms-can-take-to-defend-against-spectre-and-meltdown?slide=3

Chipmakers Discuss a Future After Meltdown and Spectre. (2018). Design News. Retrieved 17 March 2018, from https://www.designnews.com/content/chipmakers-discuss-future-after-meltdown-and-spectre/42684598058203

Coping with Spectre and Meltdown: What sysadmins are doing. (2018). HPE. Retrieved 17 March 2018, from https://www.hpe.com/us/en/insights/articles/coping-with-spectre-and-meltdown-what-sysadmins-are-doing-1802.html

Fruhlinger, J. (2018). Spectre and Meltdown explained: What they are, how they work, what's at risk. CSO Online. Retrieved 17 March 2018, from https://www.csoonline.com/article/3247868/vulnerabilities/spectre-and-meltdown-explained-what-they-are-how-they-work-whats-at-risk.html

Gibbs, S. (2018). Spectre and Meltdown processor security flaws – explained. the Guardian. Retrieved 17 March 2018, from https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-computer-processor-intel-security-flaws-explainer

Griffin, C. (2018). The Latest: Spectre And Meltdown | CRN. CRN. Retrieved 17 March 2018, from https://www.crn.com/spectre-meltdown

How Meltdown and Spectre will impact future processor designs | Scientific Computing World. (2018). Scientific-computing.com. Retrieved 17 March 2018, from https://www.scientific-computing.com/news/analysis-opinion/how-meltdown-and-spectre-will-impact-future-processor-designs

How Spectre and Meltdown Will Impact Companies and Consumers - Knowledge@Wharton. (2018). Knowledge@Wharton. Retrieved 17 March 2018, from https://knowledge.wharton.upenn.edu/article/spectre-and-meltdown/

Hruska, J. (2018). Intel Didn't Disclose Spectre, Meltdown to US Government Until News Went Public - ExtremeTech. ExtremeTech. Retrieved 17 March 2018, from https://www.extremetech.com/computing/264490-intel-didnt-disclose-spectre-meltdown-us-government-news-went-public

Intel currently facing 32 class-action lawsuits for Spectre and Meltdown. (2018). Engadget. Retrieved 17 March 2018, from https://www.engadget.com/2018/02/16/intel-face-32-lawsuits-spectre-meltdown/

Intel didn’t warn US government about CPU security flaws until they were public. (2018). The Verge. Retrieved 17 March 2018, from https://www.theverge.com/2018/2/23/17043768/intel-meltdown-spectre-no-us-goverment-warning

Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it. (2018). Theregister.co.uk. Retrieved 17 March 2018, from https://www.theregister.co.uk/2018/02/23/meltdown_spectre_letters_to_congress/

Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., ... & Yarom, Y. (2018). Spectre Attacks: Exploiting Speculative Execution. arXiv preprint arXiv:1801.01203.

Leonhard, W. (2018). Intel releases more Meltdown/Spectre fixes, Microsoft feints SP3 patch. Computerworld. Retrieved 17 March 2018, from https://www.computerworld.com/article/3257225/microsoft-windows/intel-releases-more-meltdownspectre-firmware-fixes-microsoft-feints-an-sp3-patch.html

Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., ... & Hamburg, M. (2018). Meltdown. arXiv preprint arXiv:1801.01207.

Meltdown and Spectre. (2018). Meltdownattack.com. Retrieved 17 March 2018, from https://meltdownattack.com/

O'Donnell, L., O'Donnell, L., Spring, T., & O'Donnell, L. (2018). Intel Details CPU 'Virtual Fences' Fix As Safeguard Against Spectre, Meltdown Flaws. Threatpost | The first stop for security news. Retrieved 17 March 2018, from https://threatpost.com/intel-details-cpu-virtual-fences-fix-as-safeguard-against-spectre-meltdown-flaws/130501/

Simakov, N. A., Innus, M. D., Jones, M. D., White, J. P., Gallo, S. M., DeLeon, R. L., & Furlani, T. R. (2018). Effect of Meltdown and Spectre Patches on the Performance of HPC Applications. arXiv preprint arXiv:1801.04329.

Spectre and Meltdown: Cheat sheet. (2018). TechRepublic. Retrieved 17 March 2018, from https://www.techrepublic.com/article/spectre-and-meltdown-cheat-sheet/

Spectre and Meltdown: Details you need on those big chip flaws. (2018). CNET. Retrieved 17 March 2018, from https://www.cnet.com/news/spectre-meltdown-intel-arm-amd-processor-cpu-chip-flaw-vulnerability-faq/

Support.microsoft.com. (2018). Retrieved 17 March 2018, from https://support.microsoft.com/en-in/help/4073757/protect-your-windows-devices-against-spectre-meltdown

Trippel, C., Lustig, D., & Martonosi, M. (2018). MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols. arXiv preprint arXiv:1802.03802.

Watson, R. N., Woodruff, J., Roe, M., Moore, S. W., & Neumann, P. G. (2018). Capability Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.

What Are the Implications of Meltdown and Spectre for IoT? - DZone Security. (2018). dzone.com. Retrieved 17 March 2018, from https://dzone.com/articles/what-are-the-implications-of-meltdown-and-spectre