Windows 10 News and info | Forum
November 12, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Researchers Claim to Find New Solution to Spectre, Meltdown  (Read 35 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 29153


I Do Windows


WWW Email
« on: October 20, 2018, 03:20:15 PM »
ReplyReply

Spectre and Meltdown shook many PC enthusiasts when they came to light. They were essentially the first speculative execution flaws to attract global attention, and because they affected processors from Intel and AMD to varying degrees, the internet was awash with concern for several months.

Eventually, researchers discovered more and more speculative execution flaws. But now researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) believe they've found a way to prevent these attacks.

The researchers call their solution Dynamically Allocated Way Guard (DAWG) and revealed it in a recent paper. This name stands in opposition to Intel's Cache Allocation Technology (CAT) and is said to prevent attackers from accessing ostensibly secure information through exploiting flaws in the speculative execution process. Best of all, DAWG is said to require very few resources that CAT isn't already using and can be enabled with operating system changes instead of requiring the in-silicon fixes many thoughts were needed to address the flaws.

The side-channel attacks revealed earlier this year essentially work by compromising data from memory when the CPU is deciding where it should go. This would, in turn, allow them to gather passwords, encryption keys and other data they could then use to gain full access to a targeted system. The attacks varied in the vulnerabilities they leveraged and the way they could be addressed. Meltdown required the operating system and firmware updates. Spectre was thought to require changes to CPU architectures, but CSAIL said DAWG blocks Spectre attacks itself.

Here's how the researchers summarized their approach with DAWG:

"Unlike existing mechanisms such as CAT, DAWG disallows hits across protection domains. This affects hit paths and cache coherence, and DAWG handles these issues with minimal modification to modern operating systems while reducing the attack surface of operating systems to a small set of annotated sections where data moves across protection domains, or where domains are resized/reallocated. Only in this handful of routines, DAWG protection is relaxed, and other defensive mechanisms such as speculation fences are applied as needed."

CSAIL warned that DAWG isn't a perfect solution for all side-channel attacks. The researchers believe it will defend against Spectre Variant 1 and 2 as well as other vulnerabilities that rely on similar techniques (they're also planning to continue training DAWG to bark at...erm, defend against other attacks like these). If they're right and their solution is widely adopted, Spectre's impact could be significantly reduced without requiring people to buy new processors or sacrifice too much performance in exchange for security, as many (somewhat incorrectly) feared.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page November 09, 2018, 02:22:17 AM