Intel's STORM Presents SAPM Paper on Hardware-Based Protection Against Side-Channel Execution Flaws

[Raevenlord]

Intel's STrategic Offensive Research & Mitigations (STORM) department, which the company set up back in 2017 when it learned of side-channel attack vulnerabilities in its CPUs, have penned a paper detailing a proposed solution to the problem. Intel's offensive security research team counts with around 60 workers who focus on proactive security testing and in-depth investigations. Of that group, STORM is a subset of around 12 individuals who specifically work on prototyping exploits to show their practical impact. The solution proposed by this group is essentially a new memory-based hardware fix, going by the name of SAPM (Speculative-Access Protected Memory). The new solution would implement a resistant hardware fix in the CPU's memory that essentially includes blocks for known speculative-access hacks, such as the ones that hit Intel CPUs hard such as Meltdown, Foreshadow, MDS, SpectreRSB and Spoiler.

For now, the proposed solution is only at a "theory and possible implementation options" level. It will take a long time for it to find its way inside working Intel CPUs - if it ever does, really, since for now, it's just a speculative solution. A multitude of tests have to be done in order for its implementation to be approved and finally etched into good old silicon. Intel's STORM says that the SAPM approach would carry a performance hit; however, the group also calculates it to be "potentially lesser" than the current impact of all released software mitigations. Since the solution doesn't address every discovered side-channel attack specifically, but addresses the type of back-end operations that concern these attacks, the team is confident this solution would harden Intel CPUs against (most of) both known and not-yet-known speculative execution hacks.



View at TechPowerUp Main Site

 

[john_]

If I understood correctly, they are trying to save Intel's architecture designs, by trying to find a way to secure them with hardware patches for known problems.
They could end up hitting their head on a wall for the next 3-4 years like what they are doing all this time with their 10nm, if they take that road and still have to face future security problems that are still unknown. Intel should consider changing it's architecture and make security a priority.

 

[TheGuruStud]

If I understood correctly, they are trying to save Intel's architecture designs, by trying to find a way to secure them with hardware patches for known problems.
They could end up hitting their head on a wall for the next 3-4 years like what they are doing all this time with their 10nm, if they take that road and still have to face future security problems that are still unknown. Intel should consider changing it's architecture and make security a priority.

But that's an IPC hit. Nah, we'll just leave the flaws. It's cheaper in multiple metrics.

It's not like they need to worry about selling server in the near future XD

 

[voltage]

At least they have taken it seriously, and responded as quickly as possible, and are still at correcting. The outlines of process is proof. KUDOS to Intel for implementing properly. Not many companies are as responsive with issues.

 

[londiste]

If I understood correctly, they are trying to save Intel's architecture designs, by trying to find a way to secure them with hardware patches for known problems.

This is part of it but not all of it. Spectre is a class of vulnerabilities and even based on what we have seen this far there will definitely be more attacks discovered on speculative execution. The theory here is that having a solution like SAPM in (semi)hardware would provide a fallback for some vulnerable functionality that is discovered in the future. As the article and paper say, it is not as fast as not having the vulnerability but is faster than software fixes. That would make waiting for hardware fixes less awful.

 

[PrEzi]

At least they have taken it seriously, and responded as quickly as possible, and are still at correcting. The outlines of process is proof. KUDOS to Intel for implementing properly. Not many companies are as responsive with issues.

Have we read the same article?
"set up back in 2017 " --- doesn't mix with --- "as quickly as possible"
and ---- ""theory and possible implementation options" level. It will take a long time for it to find its way inside working Intel CPUs - if it ever does, really, since for now, it's just a speculative solution " --- doesn't mix with --- "still correcting" --- nor --- "implementing".

Either drunk or trolling much?

 

[Crackong]

( Joke )
Hardware patches ?
How to ?
Like a x299 VROC Key ?

 

[R-T-B]

But that's an IPC hit. Nah, we'll just leave the flaws.

Not if it's on-silicon, no.

Still too vague to comment, but it sounds vaguely in that direction.

Have we read the same article?
"set up back in 2017 " --- doesn't mix with --- "as quickly as possible"
and ---- ""theory and possible implementation options" level. It will take a long time for it to find its way inside working Intel CPUs - if it ever does, really, since for now, it's just a speculative solution " --- doesn't mix with --- "still correcting" --- nor --- "implementing".

Either drunk or trolling much?

I mean, the whole industry is reeling from the speculative execution thing. At least intel is trying. AMDs Spectre vulnerabilities have as far as I can tell been filed under "doesn't matter."

( Joke )
Hardware patches ?
How to ?
Like a x299 VROC Key ?

Don't you wish...

 

[TheGuruStud]

Not if it's on-silicon, no.

"Intel's STORM says that the SAPM approach would carry a performance hit"

The context is that Intel was never going to fix it, b/c they knew it will incur a perf penalty.

I'm saying this was a design decision and they just hoped it would never be exploited, so why fix it? Now, they have to pretend to do something.

And thank you for confirming your shill status by saying AMD is vulnerable and not doing anything lol. It's already fixed and not a big deal...unlike dumb dumb blue gorilla.

 

[R-T-B]

Intel's STORM says that the SAPM approach would carry a performance hit

Then it's not on silicon.

This is a less costly method of adapting to future unkown fixes in software via some kind of hardware facility. Weird, but not useless.

 

[PrEzi]

I mean, the whole industry is reeling from the speculative execution thing. At least intel is trying. AMDs Spectre vulnerabilities have as far as I can tell been filed under "doesn't matter."

Well if they are trying what about fixing the issue from the ground up - within the new architecture? Where security, not the performance is the top prio?

It took them over 2 years to write something, that an IT student could do as his mid year paper?
I mean... a block of memory where we will store evtl. patches and workarounds to be executed by the CPU at boot? And everything else is speculation, palm reading etc. ? LoL.

And AMD' s Spectre has been filled under doesn't matter and even then - these that _might_ be applicable under some unknown conditions - fixed. The architecture is completely different, so the execution of the given speculative access hack wouldn't work (Spectre 1.2) and the other one (1.1) was fixed in software or hardware (Zen2).
So yeah... that's that.

 

[londiste]

The context is that Intel was never going to fix it, b/c they knew it will incur a perf penalty.

That's not even remotely true. In fact, the known vulnerabilities are being fixed in hardware.

 

[bug]

Intel's offensive security research team counts with around 60 workers who focus on proactive security testing and in-depth investigations. ... The new solution would implement a resistant hardware fix in the CPU's memory that essentially includes blocks for known speculative-access hacks, such as the ones that hit Intel CPUs hard such as Meltdown, Foreshadow, MDS, SpectreRSB and Spoiler.

Can you spot the inconsistency?

 

[Vayra86]

Basically this article says 'We've studied the problem for considerable time now, and the best we've got is some hunch of what might work in some cases, maybe... but we haven't really tested it yet'

I'll take a job like that, easiest money ever.

Strategic Offensive... while the battlefield is already littered with dead bodies. Keep at it boys!

 

[bug]

Basically this article says 'We've studied the problem for considerable time now, and the best we've got is some hunch of what might work in some cases, maybe... but we haven't really tested it yet'

I'll take a job like that, easiest money ever.

Strategic Offensive... while the battlefield is already littered with dead bodies. Keep at it boys!

I'm not sure why you have to be so mean. For a little bit of context, buffer overflow exploits have been known for decades and nobody has been able to fully mitigate them so far. Speculative execution is yet another attack channel, what would you like to see Intel do about it? Go back to 80486?

 

[Vayra86]

I'm not sure why you have to be so mean. For a little bit of context, buffer overflow exploits have been known for decades and nobody has been able to fully mitigate them so far. Speculative execution is yet another attack channel, what would you like to see Intel do about it? Go back to 80486?

That makes the sudden existence of this focus group even more laughable doesn't it? In 2017 its suddenly 'a priority' so we get a fancy name to make believe something happens...

Call it mean... its just weak marketing failing hard IMO. And it only happens because we're out of options and saying 'No, what we have today is not fixable' is apparently worse than lying about it. This happens everywhere. Look at the climate discussion. We're heading towards the same inevitable conclusion, that we created monsters we'll never tame unless we are prepared for hard and painful resets.

Its a human thing, to look away from the core of a problem and fix what's there with bandaids...

 

[bug]

That makes the sudden existence of this focus group even more laughable doesn't it? In 2017 its suddenly 'a priority' so we get a fancy name to make believe something happens...

Call it mean... its just weak marketing failing hard IMO. And it only happens because we're out of options and saying 'No, what we have today is not fixable' is apparently worse than lying about it. This happens everywhere. Look at the climate discussion. We're heading towards the same inevitable conclusion, that we created monsters we'll never tame unless we are prepared for hard and painful resets.

Its a human thing, to look away from the core of a problem and fix what's there with bandaids...

Well, yes. Marketing wouldn't be marketing if it wasn't lame. It's probably in their job description or something.

But besides marketing, you seem to be questioning the engineering. Engineering can't simply get rid of speculative execution because the performance would tank hard. And going for a new design, as you suggest, is even riskier, because with the current architecture, at least you have a good idea of what needs to be mitigated and (hopefully) where and how to mitigate it. Of course, Intel can't sit on their current architecture forever, so at some point they'll have to bite the bullet and switch anyway. In the meantime, having a group of engineers dedicated to fixing these is the best possible news. Labeling said group as proactive and then saying it's working on currently known vulnerabilities is laughable, though. I'm hoping when they said "proactive" they meant the group is taking care of these vulnerabilities in future designs. But until Intel comes out and says just that, this may well be just my wishful thinking.

 

[Vayra86]

Well, yes. Marketing wouldn't be marketing if it wasn't lame. It's probably in their job description or something.

But besides marketing, you seem to be questioning the engineering. Engineering can't simply get rid of speculative execution because the performance would tank hard. And going for a new design, as you suggest, is even riskier, because with the current architecture, at least you have a good idea of what needs to be mitigated and (hopefully) where and how to mitigate it. Of course, Intel can't sit on their current architecture forever, so at some point they'll have to bite the bullet and switch anyway. In the meantime, having a group of engineers dedicated to fixing these is the best possible news. Labeling said group as proactive and then saying it's working on currently known vulnerabilities is laughable, though. I'm hoping when they said "proactive" they meant the group is taking care of these vulnerabilities in future designs. But until Intel comes out and says just that, this may well be just my wishful thinking.

The initiative itself isn't bad, and no, I don't question the engineering. I just question this focus group's effectiveness. Its not just the marketing part of it - but the timing of it, and the actual contents of this article. What have they got, now? A fancy report that says they've got a few ideas, with zero practical use. Time is not on their side either. Its nearly 2020 already. By the time they have any sort of idea of what to do, the hardware itself is long gone.

The optimist reading this article says 'great, hope they get there'. I'm a pessimist and I say 'money down the drain, won't change a thing'. If they couldn't fix it in the past decade, why now?

If its for future designs...that means Intel is inherently telling us they will keep pushing leaky hardware to the market for the foreseeable future (like they have been doing already for a few years now, does nobody question why the gen releases keep coming like they do?). I'm not seeing the positive there either... What Intel should be doing is get to results, and not talk about it. There is no positive spin here, and every time they try to get there, they fail hard. This company still hasn't bitten the bullet, but still tries to soften the blow in the most cost effective way. Understandable, but not commendable.

 

[londiste]

If they couldn't fix it in the past decade, why now?

Decade? Spectre was discovered and reported a little over 2 years ago.

 

[bug]

The initiative itself isn't bad, and no, I don't question the engineering. I just question this focus group's effectiveness. Its not just the marketing part of it - but the timing of it, and the actual contents of this article. What have they got, now? A fancy report that says they've got a few ideas, with zero practical use. Time is not on their side either. Its nearly 2020 already. By the time they have any sort of idea of what to do, the hardware itself is long gone.

The optimist reading this article says 'great, hope they get there'. I'm a pessimist and I say 'money down the drain, won't change a thing'. If they couldn't fix it in the past decade, why now?

If its for future designs...that means Intel is inherently telling us they will keep pushing leaky hardware to the market for the foreseeable future (like they have been doing already for a few years now, does nobody question why the gen releases keep coming like they do?). I'm not seeing the positive there either... What Intel should be doing is get to results, and not talk about it. There is no positive spin here, and every time they try to get there, they fail hard. This company still hasn't bitten the bullet, but still tries to soften the blow in the most cost effective way. Understandable, but not commendable.

I think the key point is this being a new attack channel, there's a lot of ground to be covered. Hopefully this group is meant to cover that ground, but again, without a clear statement from Intel, we can't know.

 

[Vayra86]

Decade? Spectre was discovered and reported a little over 2 years ago.

Well... publicly yes. The idea that architectures had a vulnerability like it isn't that new but it was long classified as irrelevant.

 

[londiste]

Well... publicly yes. The idea that architectures had a vulnerability like it isn't that new but it was long classified as irrelevant.

The idea was there, vulnerability was not. It was not clear or known that an actual attack could be made on these architectural properties. This took decade or longer to become viable or demonstrable.

The initiative itself isn't bad, and no, I don't question the engineering. I just question this focus group's effectiveness. Its not just the marketing part of it - but the timing of it, and the actual contents of this article. What have they got, now? A fancy report that says they've got a few ideas, with zero practical use. Time is not on their side either. Its nearly 2020 already. By the time they have any sort of idea of what to do, the hardware itself is long gone.

SAPM = no speculative memory access, applicable to specific memory ranges. This is separate from fixes or architectural changes and would allow mitigating most speculative attacks in the Spectre family far easier and with less performance cost than current software and firmware mitigations. Note - mitigate, not fix.

Spectre is not done and over with. There will be new vulnerabilities discovered.

 

[Grog6]

I'd be way more interested on when they expect to SHIP a fix for all these vulnerabilities.

 

[londiste]

I'd be way more interested on when they expect to SHIP a fix for all these vulnerabilities.

Which one? They are getting the problems fixed one-by-one. It usually takes a product generation to get fix in hardware - 1 to 1.5 years. It is a mess with different stepping CPUs sold as the same SKU but Intel does have a page up about which vulnerability is fixed where:

Affected Processors: Transient Execution Attacks & Related Security...

Review the impact of transient execution attacks and select security issues on currently supported Intel products.

www.intel.com

 

[Grog6]

"Software" fixes mean severe performance hits; I overclock processors for a 10-20% improvement over stock, all those fixes put me back to lower performance than I had before the overclocking.

That's NOT a fix in my book.