The Meltdown and Spectre vulnerabilities have been a real nightmare throughout this year. Those affected were quick (maybe too much) to mitigate the problems with different solutions, but months later even the most recent Intel chips aren't completely safe. Hardware fixes only work for certain Meltdown variants, while the rest are still mitigated with firmware and OS updates that have certain impact on performance.
Intel will have to redesign certain features on their future processors to finally forget Meltdown and Spectre, but meanwhile others have jumped to give some options. MIT researchers have developed a way to partition and isolate memory caches with 'protection domains'. Unlike Intel's Cache Allocation Technology (CAT), MIT's technology, called DAWG (Dynamically Allocated Way Guard) disallows hits across those protection domains. This is important, because attackers targeting this vulnerabilities take advantage of 'cache timing attacks' and can get access to sensible, private data.
Intel's public image was badly damaged not only by the discovery of these vulnerabilities, but also by data that appeared afterwards. The company released Coffee Lake knowing that it was vulnerable to Spectre and Meltdown, and Brian Krzanich sold $24 million of stocks in November 24th, weeks after Intel knew about those security issues (and kept them in secret). Microsoft initial solution was a disaster and Intel's one was called 'complete and utter garbage' by Linus Torvalds. AMD confirmed they were also affected, although not as much as Intel, and we've seen how new variants could be exploited too and put our data in danger. And on, and on, and on.
According to MIT researcher's paper (PDF), DAWG requires "minimal modifications to the underlying operating system", and they assure the performance overhead is "reasonable". Although it's not a silver bullet for all known attacks, they hope to expand this project to fix all Meltdown and Spectre variants.
View at TechPowerUp Main Site
Intel will have to redesign certain features on their future processors to finally forget Meltdown and Spectre, but meanwhile others have jumped to give some options. MIT researchers have developed a way to partition and isolate memory caches with 'protection domains'. Unlike Intel's Cache Allocation Technology (CAT), MIT's technology, called DAWG (Dynamically Allocated Way Guard) disallows hits across those protection domains. This is important, because attackers targeting this vulnerabilities take advantage of 'cache timing attacks' and can get access to sensible, private data.
Intel's public image was badly damaged not only by the discovery of these vulnerabilities, but also by data that appeared afterwards. The company released Coffee Lake knowing that it was vulnerable to Spectre and Meltdown, and Brian Krzanich sold $24 million of stocks in November 24th, weeks after Intel knew about those security issues (and kept them in secret). Microsoft initial solution was a disaster and Intel's one was called 'complete and utter garbage' by Linus Torvalds. AMD confirmed they were also affected, although not as much as Intel, and we've seen how new variants could be exploited too and put our data in danger. And on, and on, and on.
According to MIT researcher's paper (PDF), DAWG requires "minimal modifications to the underlying operating system", and they assure the performance overhead is "reasonable". Although it's not a silver bullet for all known attacks, they hope to expand this project to fix all Meltdown and Spectre variants.
View at TechPowerUp Main Site
