Intel STORM Proposes SAMP
Intel’s STrategic Offensive Research & Mitigations (STORM) team came up with the proposal for the new Speculative-Access Protected Memory (SAPM) feature that Intel is still researching. The idea is that SAPM would replace existing CPU memory with a more secure memory standard that would be resilient against Spectre-class attacks, including security vulnerabilities like Meltdown, Foreshadow, MDS, SpectreRSB and Spoiler.
STORM's research paper, published last week, said that development of SAMP is only at the "theory and possible implementation options" level. In other words, there’s no concrete idea that Intel and other CPU makers can implement right away; there still needs to be a significant amount of testing before it can become a viable CPU feature.
Intel created the STORM team in 2017 as soon as it learned from Google and independent researchers about the speculative execution attacks. STORM's purpose was to find a way to mitigate the built-in speculative execution design flaws in Intel’s microarchitecture (that also often impact other modern processors, although to a lesser degree).
Spectre Mitigations at the Hardware Level
Although Intel's main competitor AMD has been capable of defending against a good portion of the Spectre-class side-channel attacks via hardware mitigation and its architecture design for Ryzen and Epyc CPUs, Intel has mostly fixed the Spectre attacks in software. This is also why there is such a Intel's fixes have a 5 times greater impact on Intel CPUs than AMD ones.
The STORM researchers said that most Spectre-class attacks tend to perform the same sort of action in the “back-end.” SAPM will deal with this type of attack by blocking those back-end actions by default. This should not only prevent known speculation execution side-channel attacks from working, but also potential future ones.
SAMP Impacts CPU Performance
According to Intel’s researchers, incorporating SAPM would hurt Intel chips' performance; however, the impact would be less than that of all the software patches implmented so far.
"Although the performance cost for each memory access to SAPM is relatively big, considering such operations shall only be a very small portion of the total software execution, the overall performance overhead is expected to be low and potentially less than the performance impact of current mitigations," the paper says.
SAMP could be implemented in a variety of ways offering different protection levels. For instance, it could be implemented at the physical address level or at the virtual address level, where it would be controlled by the operating system (OS). However, if the OS is compromised (as often happens), then it may not offer much protection against Spectre-class attacks.
It remains to be seen if Intel will be able to find a way to adopt SAMP in a way that can protect against both old and new side-channel attacks.