AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Intel fails out to spectre meltdown8/24/2023 November 2017: Cyberus team examines Fogh’s work and discovers Meltdown. October-November 2017: Multiple major manufacturers begin to express unusual interest in the Graz University team’s KAISER patch (Kernel Address Isolation to have Side-channels Efficiently Removed), raising suspicions and leading them to more closely examine Fogh’s work and discover Meltdown. ![]() Both men are listed as authors of the Spectre and Meltdown papers. September 2017: Mike Hamburg alerts Paul Kocher of Cryptography Research to possible problems with speculative execution Kocher eventually develops his own working Spectre proof-of-concept and notifies manufacturers. According to Fogh the roots of this post stretch back as far as late 2016, but he notes that Horn didn’t have access to this and did his research/reporting independently and before the public blog post. He doesn’t develop a working exploit, but still draws some interest. July 28 2017: Anders Fogh of G Data publishes a blog entry describing theoretical abuse of speculative execution. Late June 2017: Horn notifies Intel of Meltdown exploit. June 1 2017: Horn notifies Intel, AMD and ARM of the Spectre exploit. May 2017: Horn develops proof-of-concept Spectre attack. April 2017: Jann Horn, a member of Google’s Project Zero security analysis team, stumbles on speculative execution vulnerabilities and begins digging. 1995-2017: Vulnerabilities exist, but aren’t uncovered and addressed (hindsight will probably reveal warning signs, though). Coincidentally, Jann Horn was born around this time-the problem has been hidden for so long that it and the person who discovered it were born at the same time. 1995: The first vulnerable processors begin production. We’ve assembled a rough timeline of events, with the aid of WIRED’s research: ![]() ![]() That’s “one of” because there are no fewer than three other teams acknowledged by Graz that independently discovered and reported these vulnerabilities over the past few months. The most comprehensive hub of information on Meltdown and Spectre is the website hosted by Graz University of Technology in Austria, home of one of the research teams that discovered and reported them to Intel. ![]() For now, it’s important to know that although “speculative execution” is a buzzword being tossed around a lot, it isn’t in itself an exploit-the exploits just take advantage of it. That’s not the focus of this article, but this Medium article provides a good intermediate-level explanation of the mechanics, as do the Spectre and Meltdown whitepapers themselves. Sometimes, these cycles are wasted, as the actions never occur as predicted however, most of the time, speculating on incoming jobs will greatly improve efficiency of the processor by preemptively computing the inbound instructions. They involve an important technique used by modern CPUs to increase efficiency, called “speculative execution,” which is allows a CPU to preemptively queue-up tasks it speculates will next occur. To summarize the summary of our previous article: Meltdown is generally agreed to be more severe, but limited to Intel, while Spectre has to do with a fundamental aspect of CPUs made in the past 20 years. We now return to the scene of the crime, looking at the Meltdown and Spectre exploits with the assistance of several research teams behind the discovery of these attacks. Yes, that sentence was almost entirely about Intel, but they aren’t the only ones affected. It’s been nearly a month since news broke on Meltdown and Spectre, but the tech industry is still swarming like an upturned anthill as patches have been tumultuous, hurting performance, causing reboots, and then getting halted and replaced, while major manufacturers try to downplay the problem.
0 Comments
Read More
Leave a Reply. |