Researchers Claim to Find New Solution to Spectre, Meltdown

News
By Nathaniel Mott
published

(Image credit: Jaiz Anuar/Shutterstock)

Spectre and Meltdown shook many PC enthusiasts when they came to light. They were essentially the first speculative execution flaws to attract global attention, and because they affected processors from Intel and AMD to varying degrees, the internet was awash with concern for several months. Eventually, researchers discovered more and more speculative execution flaws. But now  researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) believe they've found a way to prevent these attacks.

The researchers call their solution Dynamically Allocated Way Guard (DAWG) and revealed it in a recent paper. This name stands in opposition to Intel's Cache Allocation Technology (CAT) and is said to prevent attackers from accessing ostensibly secure information through exploiting flaws in the speculative execution process. Best of all, DAWG is said to require very few resources that CAT isn't already using and can be enabled with operating system changes instead of requiring the in-silicon fixes many thought were needed to address the flaws.

The side-channel attacks revealed earlier this year essentially work by compromising data from memory when the CPU is deciding where it should go. This would in turn allow them to gather passwords, encryption keys and other data they could then use to gain full access to a targeted system. The attacks varied in the vulnerabilities they leveraged and the way they could be addressed. Meltdown required operating system and firmware updates. Spectre was thought to require changes to CPU architectures, but CSAIL said DAWG blocks Spectre attacks itself.

Here's how the researchers summarized their approach with DAWG:

"Unlike existing mechanisms such as CAT, DAWG disallows hits across protection domains. This affects hit paths and cache coherence, and DAWG handles these issues with minimal modification to modern operating systems, while reducing the attack surface of operating systems to a small set of annotated sections where data moves across protection domains, or where domains are resized/reallocated. Only in these handful of routines, DAWG protection is relaxed, and other defensive mechanisms such as speculation fences are applied as needed."

CSAIL warned that DAWG isn't a perfect solution for all side-channel attacks. The researchers believe it will defend against Spectre Variant 1 and 2 as well as other vulnerabilities that rely on similar techniques (they're also planning to continue training DAWG to bark at...erm, defend against other attacks like these). If they're right and their solution is widely adopted, Spectre's impact could be significantly reduced without requiring people to buy new processors or sacrifice too much performance in exchange for security, as many (somewhat incorrectly) feared.

Nathaniel Mott
Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

35 Comments Comment from the forums
  • Peter Martin
    oh, praying this is implemented and works.... get rid of all the stuttering in games and stuff
    Reply
  • hannibal
    This would be good news. But if this is implemented via os update. You need guite new os like win10, ios12 and so on and of course the os can be compromised to bypass the DWAG and then the hardware, firmware and so on solutions are the last line of the defense.
    Reply
  • derekullo
    Yo Dawg we heard you had some trouble with your code.

    So we added some code to yo code so yo code no longer in a state of trippin'
    Reply
  • truerock
    When I was a student majoring in computer science I took a required course called "Operating Systems".
    In writing my operating system for the semester I got around to zeroing out memory before starting and ending each task. It was to help me to more quickly track down bugs in my code.
    My professor asked me why I was doing this and I explained that it was just something to help debug my code during the writing of my OS and I planned to eliminate the memory-zero-out routines near the completion of the semester course.
    We got into a discussion about security issues related to leaving memory un-zeroed after a task was completed and later allocating that un-zeroed memory to a new task.
    I don't think this issue is something that has not been thought about for decades.
    CPUs are now powerful enough that security can take precedence over efficiency.
    Reply
  • bit_user
    21412959 said:
    I don't think this issue is something that has not been thought about for decades.
    CPUs are now powerful enough that security can take precedence over efficiency.
    Yes, they have been thought about. And yes, people are (and have been) burning CPU cycles on security features, such as ASLR (https://en.wikipedia.org/wiki/Address_space_layout_randomization).

    Wikipedia has better explanations than I could manage:

    https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)https://en.wikipedia.org/wiki/Meltdown_(security_vulnerability)
    Reply
  • jpe1701
    I really hope this pans out. When I built my nephew's computer with a Pentium g4560 the performance hit was pretty big. Iirc the cpu-z multi score was a little over 100 points different. I just left him an app that could switch off the protection when he didn't need it.
    Reply
  • s1mon7
    Wassup DAWG? Heard you need some new code in your code so you can process better while you process.
    Reply
  • stdragon
    As far as I'm aware, when it comes to OS security, Theo de Raadt (with OpenBSD) is the person to listen too. He even recommends disabling HT in BIOS.

    What I'm more interested will be his thoughts on this whole DAWG mitigation method.

    Reply
  • DookieDraws
    GO DAWGS!
    Reply
  • secretxax
    If I were a higher-up in AMD or Intel, I'd hire them to help in processor design. All CPU companies should have people that can implement abstract and advanced techniques, ideas, and methods in every way of the technology.
    Reply