On 01/04/2018 10:52, Brett Glass wrote:> At 08:01 AM 1/4/2018, Dag-Erling Sm??rgrav wrote:
>
>> This is irrelevant.? We are talking about timing-based side-channel
>> attacks.? The attacker is not able to access protected memory directly,
>> but is able to deduce its contents by repeatedly performing illegal
>> memory accesses and then checking how they affect the cache.
>
> This is something I do not yet fully understand; perhaps someone here
> on the list can help explain it to me. The "Spectre" attack is
claimed
> to work by altering the contents of the cache via a speculatively
> executed instruction. But the contents of that memory are not revealed
> directly to the program. So, how does it deduce the contents of physical
> memory merely from the fact that there's a cache miss on its address?
You can speculatively execute code based on the value of a fetched
memory address, which may eventually fault. This can be used to pull
things into cache, which can then be measured.
The attack looks like this:
1) Fetch kernel/other process memory, which eventually faults
2) Do a bit-shift/mask operation to pluck out one bit of the fetched
value. This gets executed speculatively on the fetched value in (1).
3) Execute fetches of two different addresses depending on some bit in
the fetched value in (1) (say, 0x100000 for 0 vs 0x200000 for 1). This
also gets executed speculatively despite the fact that (1) ends up faulting.
4) Recover from fault in (1)
5) Measure performance of accesses to the two addresses to determine
which one is cached.
The really terrible thing about this is that it suggests a *class* of
attacks: side-channels based on CPU implementations, of which this is
the first (and most obvious) one to be discovered. I suspect this is
going to be dogging us for years to come.