Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Intel Security

Academics Publish New Software-Level Protections Against Spectre and Rowhammer Attacks (bleepingcomputer.com) 47

Catalin Cimpanu, writing for BleepingComputer: Academics from multiple universities have announced fixes for two severe security flaws known as Spectre and Rowhammer. Both these fixes are at the software level, meaning they don't require CPU or RAM vendors to alter products, and could, in theory, be applied as basic software patches.

The first of these new mitigation mechanisms was announced on Thursday, last week. A research team from Dartmouth College in New Hampshire says it created a fix for Spectre Variant 1 (CVE-2017-5753), a vulnerability discovered at the start of the year affecting modern CPUs. Their fix uses ELFbac, an in-house-developed Linux kernel patch that brings access control policies to runtime virtual memory accesses of Linux processes, at the level of ELF binary executables.

[...] The second fix for a major flaw announced last week came on Saturday from the Systems and Network Security Group at VU Amsterdam. Researchers announced a new technique called ZebRAM that they said is a comprehensive software protection against Rowhammer attacks.

This discussion has been archived. No new comments can be posted.

Academics Publish New Software-Level Protections Against Spectre and Rowhammer Attacks

Comments Filter:
  • Research BS (Score:1, Interesting)

    by x0ra ( 1249540 )
    Don't publish a freaking paper, send a goddamn diff on the LKML, and we'll be able to comment. This PR-seeking behavior from researcher is pretty deplorable.
    • diffs != funding (Score:4, Interesting)

      by WoodstockJeff ( 568111 ) on Monday July 23, 2018 @11:53AM (#56995140) Homepage

      Publicity for an academic paper, on the other hand, can lead to funding.

      • by x0ra ( 1249540 )
        my point exactly, researchers are grant whores, beggars, never wasting an occasion to release a bs paper to get to keep their status, leading to a very low signal-to-noise ratio. (and yes, I did witness this first hands, on top of wasting money on useless crap just to safeguard their fundings... there is a lot of swamp draining needed)
        • by DamonHD ( 794830 )

          That's a little harsh. If paying the rent requires getting grants, you'll aim to get grants. What do you call what you do to get money? (Plus let's not insult in passing other groups that you clearly consider beneath contempt...)

          • by x0ra ( 1249540 )
            Depends. By your definition, being a criminal to get rent money would be acceptable. There is already a de-facto very limited percentage of actual "research" usable in the industry (I'm fairly sure that kernel gurus would technically destroy this patch pretty quickly), so there is no need to keep the SNR as low as currently done by the paper industry... if they really care about usable solutions, and real life practical results. That being said, the universities are living in a echo chamber...
        • You don't seem to comprehend that in this part of the field, academics are professionals doing real work. And grants cause that work to move forwards.

          I don't doubt that you "did witness this[] first hands," the question is, do you even comprehend what the "this" in the story is that you're claiming to have seen? I'm assuming from your words that you actually just mean that when you were an assistant coach on the wrassling team in college, and you misdirected funds, you never got caught. If you want it to so

    • Re:Research BS (Score:4, Informative)

      by Anonymous Coward on Monday July 23, 2018 @12:12PM (#56995236)

      These are researchers in academia, where you're judged largely on your publications. While releasing a patch to the Linux kernel might be a useful synergistic activity, it simply doesn't have the impact of publications. As a researcher, I like releasing source code and, when feasible, my data sets. However, those simply don't have the same impact as publications. Publishing a paper isn't mutually exclusive from releasing the source code. Don't blame the researchers. Blame the system that disproportionately rewards publications over other contributions.

      The one exception here might be if lots of other researchers use your software or data set in their research. In that case, your data or software could get a DOI and be highly cited in its own right. I doubt a patch to the Linux kernel would get cited much if at all, so the publication is probably the one thing that matters in academia.

    • by jiriw ( 444695 )

      As if the Linux kernel is the only kernel out there running on Spectre / Rowhammer vulnerable architectures. Beside, how do you know the implementation is needed on the kernel level? Have you read the paper to get to that conclusion? I haven't (yet) but I can easily imagine practical applications are only needed at the application level, for applications that actually could be attack vectors. Why drag down your whole operating system with an all encompassing solution when you only need to be careful with, s

  • by Joe_Dragon ( 2206452 ) on Monday July 23, 2018 @11:52AM (#56995136)

    So why should AMD systems slow down to cover Intel? or say in a system where I don't need security like this but need speed?

    At least with linux I can force it off at the kernel level.

    • This is Spectre 1, not Meltdown. I believe it also affects AMD. IIRC, it was also expected to be quite difficult to implement, though I didn't hear any follow-up about that.

      I also didn't hear that Rowhammer was specific to Intel. Do you have reason to believe differently?

      FWIW, and IIUC, while Linux allows you to disable the protection against Spectre (or was it Meltdown), the kernel automatically optimizes it away if the processor is not vulnerable. (IIUC, the original patch submitted by Intel didn't do that, but AMD submitted a revised patch.)

  • not buying it (Score:4, Insightful)

    by iggymanz ( 596061 ) on Monday July 23, 2018 @12:04PM (#56995178)

    Software can be subverted, these flaws have to be addressed in hardware redesign

    • Software can be subverted, these flaws have to be addressed in hardware redesign

      Yes, but a hardware revision does nothing for those who cannot or will not refresh their hardware, nor does it do anything for the next hardware based attack that is announced.

      • Large banks, traders and insurance clearing houses were my clients, they do refresh hardware. If a mom and pop shops don't, or your local governmetn doesn't, that's a small time problem.

        Fearmongering about unknown future bugs is pointless.

    • by Anonymous Coward

      Rowhammer, Meltdown, and Spectre all share the same flaw.

      They aren't a way in...they only work on already compromised (in serious ways) systems. Stop the way in and you stop all 3 at once.

  • Yes I realize someone could figure out a mass application exploit at any time now, but are there any actual active threats out there besides the mental scare tactics currently imparted by all the news outlets?
    • Found the Intel shill! Seriously, though - there is no reason to believe they are not in active use. The time between a vulnerability being publicised and seen being exploited as part of a professional criminal exploit in the wild is generally under two weeks. After all, you don't leave your car unlocked because nobody has stolen it yet.

  • by Anonymous Coward

    After the moderate success of the Pentium 3, when AMD and Intel were pretty level, Intel went NETBURST.

    Netburst was an ultra long pipeline design chasing 10GHz. It was the biggest disaster in x86 architecture to date. As it became clear to Intel that AMD would trivially defeat netburst with its own x64 design, Intel infamously went back to the Pentium 3, updated the architecture, and made Core 1/Core 2 which eventually became todays vastly improved core architecture.

    Intel used AMD patents for the core 2, wh

  • by Misagon ( 1135 )

    What ELFbac is doing is to partition the memory space into regions with different protection depending on which region the access is coming from.
    You could say that it is like automated partitioning of a program into multiple processes communicating via shared memory.

    The cool feature here is that the access control matrix is derived from the existing link information in the binary itself (ELF format), which means that no code rewrite is necessary.

    I'm not sure how it would stop Spectre though, especially on I

We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. -- Larry Wall

Working...