Spectre, the once feared CPU-level security vulnerability, was quelled last year with software patches, or so the cybersecurity experts felt. A new variant of the potentially devastating hardware flaw called ‘micro-op cache’ is now an even bigger threat to computers across the globe.
A team of University of Virginia School of Engineering computer science researchers has discovered a new line of attack that reportedly breaks all Spectre defenses. Hackers are actively exploiting something called a “micro-op cache”.
Hackers exploiting a flaw in CPUs that is similar to the ‘Speculative Execution’ Vulnerability:
Cybersecurity experts discovered Spectre in 2018. Since then, computer scientists from industry and academia worked tirelessly to develop software patches and hardware defenses.
CPU makers Intel and AMD have implemented several defenses that have a nominal impact on performance. However, just when hardware manufacturers felt confident about gaining the upper hand, computer security experts have uncovered a potentially devastating variant of Spectre.
Remember Spectre, the painful discovery that you can steal data by timing CPU branch mispredictions?
Apparently there's a new one: timing the micro-op instruction cache.
Very light on details – are we leaking 1bit/min or 1MB? how generalizable is it? https://t.co/HZjVAJnzHH
— Robert Zubek (@rzubek) April 30, 2021
A new research paper, titled “I See Dead μops: Leaking Secrets via Intel/AMD Micro-Op Caches,” implies billions of computers and other devices across the globe are just as vulnerable today as they were when Spectre was discovered. The team has reported its discovery to international chip makers this month. The researchers hope to present the new challenge at a worldwide computing architecture conference in June.
— Jim Rooney (@ASQJimR) May 1, 2021
According to researchers, hackers have found a whole new way for hackers to exploit something called a “micro-op cache”. Technical aspects aside, this technology is quite similar to the one that Spectre exploits.
Micro-op caches speed up computing by storing simple commands. This allows processors to fetch them quickly and early in the speculative execution process.
Intel and AMD CPUs both vulnerable to the new micro-op cache vulnerability exploitation:
The Spectre exploitation had a wide scope. In other words, Intel and AMD CPUs were vulnerable. Needless to add, both the companies have worked tirelessly to incorporate defenses in newer CPUs, and send software patches for the older generations of processors.
However, all current Spectre defenses protect the processor in a later stage of speculative execution. In other words, these defenses cannot defend against the new micro-op cache vulnerability exploitation.
— FreeBSD Help (@FreeBSDHelp) April 30, 2021
Incidentally, Intel has incorporated micro-op caches within its CPUs since 2011. Moreover, the attacks that the cybersecurity team discovered, can steal speculatively accessed information from Intel and AMD processors.
The new vulnerability will be a lot harder than patching Spectre exploits, indicated Ren, the lead student author:
“Patches that disable the micro-op cache or halt speculative execution on legacy hardware would effectively roll back critical performance innovations in most modern Intel and AMD processors, and this just isn’t feasible.”
— National Cyber Security (@NcsVentures) May 1, 2021
“It is really unclear how to solve this problem in a way that offers high performance to legacy hardware, but we have to make it work. Securing the micro-op cache is an interesting line of research and one that we are considering,” observed Ashish Venkat, William Wulf Career Enhancement Assistant Professor of Computer Science at UVA Engineering.
International Symposium on Computer Architecture or ISCA has accepted the research paper that details the new micro-op cache vulnerability. The annual ISCA conference is the leading forum for new ideas and research results in computer architecture.