Morioh
Login
Carmel Heidenreich

Carmel Heidenreich

3 years ago

In January of 2018, a huge security vulnerability nicknamed Spectre was discovered that affected all modern microprocessors. It allowed malicious software to read pieces of computer memory used by unrelated programs, potentially exposing valuable information to hackers.

The way it accomplished this was by exploiting a feature of modern processors called Speculative Execution. This is an optimization technique where a cpu process basically does extra work in the background, predicting possible outcomes from instructions in its pipeline before they occur, in order to avoid waiting for specific instructions to happen and then performing operations. If the prediction was incorrect, the extra work is ignored and scrapped. If the prediction was correct, then the instructions are ready to execute much faster than they would have been in a completely stepwise linear fashion. By having some of the work ready to go in advance, CPUs avoid small delays and gain significant speed boosts on single-threaded processes.

Spectre uncovered a really clever way to exploit this technique. It basically involved running a program that starts by creating a specific series of instructions to prep the CPU, “training” it to start predicting future operations going a certain way. By training the speculative execution in this very controlled fashion, Spectre is able to constantly keep that unnecessary extra background work going on a specific portion of the CPU’s memory cache. The cache location corresponds with the memory address space used by the software being targeted in the attack. This execution of instructions and listening in on a specific designated memory cache location is known as a “microarchitectural covert channel.” Eventually the speculative instructions in the cache expose the data over the channel, which Spectre is able to record and give to the attacker.

Although it is a difficult attack to execute and has to target extremely specific applications, it has the potential to completely undermine any operations on a given CPU, regardless of the traditional security measures or cryptography used. The fact that Intel, AMD, and ARM processors were all vulnerable to these attacks created a serious emergency when it was discovered.

#spectre #chrome #javascript #webassembly #firefox #programming

Shared Memory in the Browser after Spectre

medium.com

Shared Memory in the Browser after Spectre

Will modern browsers begin to allow shared memory between pages, now that the smoke has cleared in the wake of Spectre? In January of 2018, a huge security vulnerability nicknamed Spectre was discovered that affected all modern microprocessors. It allowed malicious software to read pieces of computer memory used by unrelated programs, potentially exposing valuable information to hackers.

1.30 GEEK