Speculative
execution attacks seem to come out every month at this point. We’ve previously written about ones like Spectre and Meltdown, which allow an attacker to read portions of memory they
should not have access to. A new speculative execution attack has recently been
unveiled which focuses on Intel processors and operates with slight differences
from previous attack methods. The attack was first discovered on April 4th,
2019 by Jo Van Bulck and has been under a press embargo with Intel until very
recently. The attack was also independently discovered by researchers from
Bitdefender in February of 2020.
execution attacks seem to come out every month at this point. We’ve previously written about ones like Spectre and Meltdown, which allow an attacker to read portions of memory they
should not have access to. A new speculative execution attack has recently been
unveiled which focuses on Intel processors and operates with slight differences
from previous attack methods. The attack was first discovered on April 4th,
2019 by Jo Van Bulck and has been under a press embargo with Intel until very
recently. The attack was also independently discovered by researchers from
Bitdefender in February of 2020.
The new attack goes by the name Load Value Injection, which is a
descriptor for a new class of attacks on modern Intel processors. The
attack focuses on exfil- trating data from the Intel SGX, which is a vault
built into Intel processors designed to store secrets, even if the host
operating system is compromised. This new attack class can bypass the
mitigations released for all previously known
descriptor for a new class of attacks on modern Intel processors. The
attack focuses on exfil- trating data from the Intel SGX, which is a vault
built into Intel processors designed to store secrets, even if the host
operating system is compromised. This new attack class can bypass the
mitigations released for all previously known
speculative execution attacks. In addition to bypassing
previous mitigations, the researchers say creating mitigations for this attack
is much more difficult. They also claim a potential performance impact making
SGX computations 19 times slower after mitigations are applied on a system.
previous mitigations, the researchers say creating mitigations for this attack
is much more difficult. They also claim a potential performance impact making
SGX computations 19 times slower after mitigations are applied on a system.
This new attack works in an opposite fashion compared to
previous attacks like Spectre and Meltdown. “We smuggle — ‘inject’ — the
attacker’s data through hidden processor buffers into a victim program and
hijack transient execution to acquire sensitive information, such as the victim’s
fingerprints or passwords”, according to the researchers. This is in contrast to previous attacks
where the victim’s
information was leaked directly to the attacker via arbitrary memory reads.
While the researchers haven’t found a way to leverage this new attack across
virtual machine domains, they believe it is theoretically possible.
To mitigate this new attack class, Intel is performing
hardware fixes in the sili- con of future CPUs. This should reduce the
performance penalty resulting from the software fixes currently being rolled out. For
current CPUs that require miti- gation, Intel is releasing an update to its SGX
SDK for developers. This update includes
multiple fixes such as blacklisting certain processor instructions and explicit
speculative execution barriers. According to Intel, depending on your specific
workload and threat model, it may be advantageous to forego the patches until
the issues are fixes in silicon due to the performance penalties.
hardware fixes in the sili- con of future CPUs. This should reduce the
performance penalty resulting from the software fixes currently being rolled out. For
current CPUs that require miti- gation, Intel is releasing an update to its SGX
SDK for developers. This update includes
multiple fixes such as blacklisting certain processor instructions and explicit
speculative execution barriers. According to Intel, depending on your specific
workload and threat model, it may be advantageous to forego the patches until
the issues are fixes in silicon due to the performance penalties.
Sources: