Researchers from the Graz University of Technology, imec-DistriNet, KU Leuven, and the College of William and Mary have released a paper detailing further attacks against the flaws exploited by the original Spectre and Meltdown vulnerabilities - though Intel has advised that protections against earlier versions are equally effective against these latest variants, something the researchers rebut.
Announced ahead of schedule after details had leaked, the Spectre and Meltdown vulnerability families have been the cause of significant heartache for hardware and software developers alike. Attacking a fundamental feature of most modern processors, the ability for 'speculative execution' to speed up performance, the vulnerabilities exploited hardware flaws to obtain access to supposedly-secret memory contents, sometimes directly but typically using 'side-channel' methods to infer its contents with worrying accuracy. Since the public announcement Intel, in particular, has struggled, releasing buggy patches which have a significant performance impact on some workloads while admitting that future processors won't be completely immune and will instead rely on software protections.
Now, researchers - including those behind the original Spectre and Meltdown discoveries - have published a paper detailing a further seven variants, which expands speculative execution to a form they are now calling 'transient execution' tested against Intel, AMD, and Arm processors, finding that all three processor types were vulnerable to selected attack types.
More concerning is the researchers' claim of continued vulnerability of supposedly-patched systems: 'We also systematically evaluated all defences,' the paper explains, 'discovering that some transient execution attacks are not successfully mitigated by the rolled out patches and others are not mitigated because they have been overlooked. Hence, we need to think about future defences very carefully and plan to mitigate attacks and variants that are yet unknown.'
It's a claim Intel refutes: 'The vulnerabilities documented in this paper can be fully addressed by applying existing mitigation techniques for Spectre and Meltdown,' a company spokesperson claims in response to the paper's publication. 'Protecting customers continues to be a critical priority for us and we are thankful to the teams at Graz University of Technology, imec-DistriNet, KU Leuven, and the College of William and Mary for their ongoing research.'
The full paper, A Systematic Evaluation of Transient Execution Attacks and Defences, is available now via arXiv.
April 7 2020 | 14:00