10000 ft overview: This is a very intricate attack but the root cause is unflushed speculative state from the cache resulting in a timing variations.
Questions to ponder as the community considers the implications:
– Is this enough for processor vendors to consider microarchitectural timing attacks in their threat model?
– This has been the year of hardware 0-day attacks: does it mean that our investment in software security, and hardware support for software security paying off, and that attackers have to work harder? Or is it simply because we now know how to exploit microarchitectural timing attacks remotely through browsers and javascript bringing more access? (e.g.,
http://bit.ly/2lX3BAL)
– How are companies going to handle hardware 0-days? More frequent microcode patching? disabling/fuzzing timing sources to frustrate attackers? AV signatures for spy code? compiler fixes?
More here from last year on this topic:
HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART I)
HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART II)
HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART III)
HARDWARE 0-DAYS: PUBLISH, SELL OR HOARD? (PART IV)
Offensive Security Research in Computer Architecture Conferences
About the Author: Simha Sethumadhavan is an associate professor in the Computer Science Department at Columbia University. His research interests are in computer architecture and computer security. He is @thesimha on twitter.
Disclaimer: These posts are written by individual contributors to share their thoughts on the Computer Architecture Today blog for the benefit of the community. Any views or opinions represented in this blog are personal, belong solely to the blog author and do not represent those of ACM SIGARCH or its parent organization, ACM.
