Spectre attacks come back from the dead

Spectre attacks come back from the dead

Spectre is the name for a whole class of vulnerabilities discovered in January 2018 that affected huge numbers of modern computer processors that rely on a performance feature called speculative execution. Since then, some of the world’s most talented computer scientists from industry and academia have worked on software patches and hardware defenses.

Now it seems they may have to do it all over again.

New research has discovered Spectre attacks that bypass existing mitigations. Before we explain that though, let’s recap what Spectre is all about.

Speculative execution?

Speculative execution happens when a computer processor does some work it might need later, instead of waiting until it knows it definitely needs it. What emerged in 2018 is that speculative execution opens the possibility of side-channel attacks. Spectre-based attacks trick a program into accessing arbitrary locations in a program’s memory space. As a result an attacker may be able to read the content of the accessed memory, and thus potentially obtain sensitive data.

Or, as the researchers put it:

A Spectre attack tricks the processor into executing instructions along the wrong path. Even though the processor recovers and correctly completes its task, hackers can access confidential data while the processor is heading the wrong way.

Speculative execution can be compared to a reverse firing squad: One person has the gun and all the potential victims are lined up opposite. For the potential victims there is no way of knowing who will get executed first. But the person holding the gun may have one in mind.

Exploiting changes of heart

The researchers behind the latest discovery, a team of computer scientists from the University of Virginia and the University of California, San Diego, have just published a paper (pdf) describing a new set of Spectre attacks based on processor micro-op caches.

To return to our analogy, let’s say our executioner (the computer processor) is making preparations for the first target to be executed and writes some notes about what it’s going to do. Processors store these notes in what is called the op-cache. Basically, they are simple instructions that the processor expects to need later, when it executes that target instruction.

Now let’s say our executioner decides to target somebody else first instead. They still have their notes about the first target. When a processor decides to target another instruction first, or erroneously does so, it opens up a possible attack vector that can read its notes from the op-cache. With enough data an attacker can then predict which was the intended first target.

The new Spectre attacks

The research claims that all modern AMD and Intel chips with micro-op caches are vulnerable to Spectre-style attacks, and sets out “attacks that exploit the micro op-cache as a timing channel to transmit secret information”. The attacks exploit the micro-op cache to leak secrets in three ways:

  • Across the user-kernel boundary.
  • Between two SMT (Simultaneous MultiThreading) threads running on the same physical core
  • Along a mis-speculated execution paths

Back to the drawing board

The new lines of attack demolish current defenses because they only protect the processor in a later stage of speculative execution. According to the researchers, all the defenses against Spectre side-channel attacks that have been developed since 2018 can be bypassed by these new attacks. Thus, “leaving billions of computers and other devices just as vulnerable today as they were three years ago”. So, it’s basically back to the drawing board for everyone that has put in the time and energy.

The paper propose three  possible mitigation techniques:

  • Flushing the micro op-cache at domain crossings. This wipes the content of the op-cache so It can’t be queried for information. This however, causes a great deal of the speed that is gained by using an op-cache to be lost.
  • Performance counter-based monitoring. A method to leverage performance counters and detect anomalies based on potential malicious activity in the micro-op cache.
  • Privilege level-based partitioning. A partitioning of the op-cache based on the level of privilege assigned to the code would prevent unauthorized code from getting higher privileges, but given the -small- size of the op-cache partitioning could prove to be cumbersome.

The impact

The good news is that exploiting Spectre vulnerabilities isn’t easy. It will require an enormous amount of knowledge about the processor at hand and a lot of luck to find any specific information an attacker could be looking for. But it does allow for random gathering of information and then hope for that golden bullet to be in there. Given the large amount of affected processors it concerns, essentially all modern 32- and 64-bit PC processors and the vast majority of the standard server hardware, the laws of big data may apply.

May the 4th be with you!


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.