Meltdown, Spectre and the Security Tradeoff
Posted on January 18, 2018 — 3 Minutes Read
There is hardly a day goes by without news on cybersecurity flaws or malware outbreak. None so far, however, is quite like Meltdown and Spectre. First discovered by Project Zero at Google, they were reported to the affected hardware chip developers in as early back as in June, 2017. Both of them essentially take advantage of a performance feature known as out-of-order and speculative executions that allow a processor to execute tasks ahead of the pipeline, and compute results out-of-order, to reduce the idling time of the processor due to bottleneck.
Performance gain often doesn’t come without cost, and out-of-order and speculative executions are no exceptions. Malicious code may be implemented to exploit this out-of-order flexibility and access privileged memory before the processor verifies it has the permission to. The privileged memory is temporality stored in cache – another performance feature not without its cost – which can then be tactfully accessed even if the processor realises at last that the malicious code has no permission to access the privileged memory. Meltdown and Spectre represent the this vulnerability in two dimensions. The meltdown between the user application and the privileged memory at the kernel is known as Meltdown, whereas one user application tricking another into caching its privileged memory by speculative execution which can accessed by the malicious application is known as Spectre.
Because of this dimensional difference, Meltdown is relatively easier to mitigate, since a software update of the kernel will prevent the privileged memory from being accessed prior to permission verification. Spectre, on the other hand, since it involves an user application being manipulated by another into caching its privileged memory, is trickier to address for the diversity of speculative algorithms employed by different processors, and will require a change in the processor architecture to fully mitigate. One thing for sure is that the patch for both Meltdown and Spectre will incur notable performance impact which differ between architectures and platforms, and the precise degrees of which are still to be found out. This hopefully serves as a reminder that hardly any gain comes without cost. In a world of ever increasing connectedness, a malware exploiting a known and patched vulnerability could still cause a global outbreak in an unprecedented scale, due to our age-old and stubborn hardware perspective, and in an endless race for speed between the chipmakers, one needs to look into the details where the devil resides, and think about what is being traded off.