Social Icons

Monday, June 18, 2018

CPU security: researchers have developed a new "design principle" To overcome vulnerabilities like Meltdown and Spectrum


Meltdown and Spectrum are vulnerabilities discovered in Intel processors that can be exploited to access internal registers, kernel memory and host memory. Several approaches to solutions have already been made. A mitigation technique called Retpoline has been published by Google. The big Redmond company, Microsoft, has made available a PowerShell tool to make the inventory of the protections under Windows. Linux also made patches against Meltdown and Specter in its 4.16 kernel. Despite all these efforts, no definitive and corrective solution is yet in place, as other vulnerabilities continue to be discovered in Intel's CPUs.

It is with a view to making a difference that researchers at the Universities of California, William and Mary, and Binghamton have developed a new "design principle" called SafeSpec to overcome the vulnerabilities of Meltdown and Specter and many others. These principles, contained in a very detailed document, make it possible to avoid speculative execution vulnerabilities. Recall that speculative execution is a standard microarchitectural technique used in virtually all modern processors to improve their performance. The speculatively executed instructions may leave traces in the caches of the processors. This vulnerability can be exploited by an attacker to access information in a speculative way. Meltdown and Spectrum are one example.

The researchers say the SafeSpec model supports "speculation to protect against leaks needed for attacks such as Meltdown and Spectrum". In a document titled "SafeSpec: Banishing the Specter of a Meltdown with Leakage-Free Speculation," researchers say they "explore whether speculation can be made without leakage in a principled manner, allowing CPUs to conserve their performance advantage of speculation while removing the security vulnerabilities it exposes. " SafeSpec therefore stores the speculative state "in temporary structures that are not accessible by committed instructions".

The research team also announces in its paper that SafeSpec does not terminate Google's Retpoline technique and that it does not suffer from any of the performance issues associated with the Meltdown and Specter patches, but rather helps to improve processor performance. SafeSpec is not only a fix against the different known variants of Meltdown and Spectrum, but also against new variants discovered by researchers. The researchers believe SafeSpec "represents a first step towards principled protection" against these vulnerabilities. There is still some way to go before these vulnerabilities in Intel CPUs are completely eradicated.

No comments:

Post a Comment

Category Of Mobile Courses

Actualités (644) Adsense (1) Affiliation (1) Algebraic Topology (2) Algorithmic (1) all-news (30) Android (5) Android App (8) Android app without code (4) Android Apps (256) Android Development (4) Android download (2) Android OS (3) AngularJS (1) Automata theory and formal language (5) C programming (5) Category and Functor (8) CMS (3) Computer Glossary (18) Create Mobile App With Ionic Framework (2) CSS (2) CSS-Cascading-Style-Sheets (4) Developpement Java (13) Differential Geometry (1) Django-Python-Framework (9) dropshiping (26) Earn Money by Internet (4) Emplois (23) Framework php (2) Fraud (2) HTML (7) Java For Beginners (10) Javascript (12) Kotlin Programming Language (8) Kotlin For Mobile Android (1) Linux Download (2) Marketing (5) Mobile (3) Mobile Courses (4) Mobile Marketing (4) MoneyGram (1) News (721) Node.js (5) Open Source (1) Photoshop (1) Protect Computer (1) Python (35) Python BeautifulSoup (1) Python For Data Science (2) Python PyQt (4) Python-Books (6) Python-DVD-Training (1) Python-Exercises (213) Python-Framework (1) Python-IDE (1) Python-Kivy-Framework (2) Python-Modules (1) Python-pdf (2) Python-pyQt (1) Référencement (2) Script PHP (2) Security (6) SEO (1) Snipping Tool: Faq (1) Social Networks (1) Source Code (1) Statistics With SPSS (2) Surveillance Software (1) Travail à domicile (6) Tutoriels php en vidéos (2) Tutoriels-MySql (6) tutoriels-php (19) Utilitaires (1) VPS (1) Web Hosting (1) Webcam (1) Webmarketing (11) Western Union (1) Windows 10 (1) Windows 7 (4) Windows 7 Faq (2) Windows 8 (1) Windows Accessories (1) Windows Download (8) Windows Drivers (1) Windows Fonts (1) Windows Power Shell (2) Windows Registry (2) Windows Security (18) Windows Software (2) Windows Spyware (2) Windows utilities (3) Windows Virus (2) Windows Vista (3) Windows Wireless (1) Windows xp (1) Wordpress (1)
 

Sample text

Sample Text

 
Blogger Templates