Nav: Home

Eliminating infamous security threats

June 12, 2019

Speculative memory side-channel attacks are security vulnerabilities in computers for which no efficient solutions have been found. Existing solutions only address specific security threats without solving the underlying issue.

Speculative side-channel attacks exploit a fundamental functionality in microprocessors to expose security vulnerabilities. The first such security threats, Meltdown and Spectre, were announced last year, but many more have been discovered since. Previous security solutions have been limited and often incurred a high performance penalty.

Now, researchers from Uppsala University, NTNU, and University of Murcia have come up with a more appealing solution, which will be presented at the prestigious International Symposium on Computer Architecture (ISCA) at the end of June.

-- Our solution reduces the performance and energy costs, and increases the security of the computer system, when compared to previous solutions, says Christos Sakalis, PhD student at Uppsala University.

Speculation Exploited

The security vulnerability manifests when the microprocessor tries to guess (speculate) on what to do next. If the microprocessor guesses incorrectly (misspeculates), it will undo any work it has done and start anew. Speculation lies at the core of today's high-performance microprocessors and it is necessary for taking full advantage of the microprocessors' capabilities.

-- In theory, any misspeculations should not leave any visible traces, but they do leave traces nonetheless, says Alexandra Jimborean from Uppsala University.

These traces are exploited by Meltdown and Spectre to retrieve information through so called side-channels. The information can be used to circumvent security checks in the microprocessor to access, e.g., passwords and encryption keys. This has proven to be an "Achilles heel for computer security." The work to find methods to prevent such attacks has been intense, involving people and institutions all over the world. Finally, we now have an efficient solution to the problem.

Different Speculation

Christos Sakalis, Stefanos Kaxiras, Alberto Ros, Alexandra Jimborean, and Magnus Själander have been working together to come up with a new solution.

-- We have developed a new method that completely hides the speculation, says Stefanos Kaxiras from the Uppsala Architecture Research Team at Uppsala University.

The proposed method delays part of the speculation and uses another form of speculation to predict the expected value. This form of speculation is completely invisible.

All this is achieved without reducing the performance of the processors more than 11% and with only a 7% energy usage increase. An earlier proposed solution reduced the performance of the processor by 46% and increased the energy usage by 51%.

-- Our solution requires relatively small modifications to existing processor designs, which in combination with the low performance reduction makes our method practical to employ in future microprocessors, says Magnus Själander from NTNU's Department of Computer Science.
Christos Sakalis, Stefanos Kaxiras, Alberto Ros, Alexandra Jimborean, and Magnus Sja?lander. 2019. "Efficient Invisible Speculative Execution through Selective Delay and Value Prediction". In The 46th Annual International Symposium on Computer Architecture (ISCA '19), June 22-26, 2019, Phoenix, AZ, USA. ACM, New York, NY, USA, 13 pages.

Norwegian University of Science and Technology

Related Performance Articles:

Anticipating performance can hinder memory
Anticipating your own performance at work or school may hinder your ability to remember what happened before your presentation, a study from the University of Waterloo has found.
Want to optimize sales performance?
CATONSVILLE, MD, September 16, 2019- According to new research published in the INFORMS journal Marketing Science, companies can improve sales performance when they adjust sales commissions for the sale of more popular items.
A little kindness goes a long way for worker performance and health
Small gestures of kindness by employers can have big impacts on employees' health and work performance, according to an international team of researchers.
Assessing battery performance: Compared to what?
A team from the US Department of Energy's (DOE) Argonne National Laboratory, University of Warwick, OVO Energy, Hawaii National Energy Institute, and Jaguar Land Rover reviewed the literature on the various methods used around the world to characterize the performance of lithium-ion batteries to provide insight on best practices.
The role of intuition in music performance
PHENICX, a project of the European Commission's 7th Framework Programme coordinated by Emilia Gómez, a researcher with the Musical Technology Research Group of the Department of Information and Communication Technologies at UPF, has attempted to create new digital experiences to enrich the experience of a classical music concert (before, during and after the concert itself) from different areas in order to bring classical music to new audiences in an innovative way and via technology.
More Performance News and Performance Current Events

Best Science Podcasts 2019

We have hand picked the best science podcasts for 2019. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Erasing The Stigma
Many of us either cope with mental illness or know someone who does. But we still have a hard time talking about it. This hour, TED speakers explore ways to push past — and even erase — the stigma. Guests include musician and comedian Jordan Raskopoulos, neuroscientist and psychiatrist Thomas Insel, psychiatrist Dixon Chibanda, anxiety and depression researcher Olivia Remes, and entrepreneur Sangu Delle.
Now Playing: Science for the People

#537 Science Journalism, Hold the Hype
Everyone's seen a piece of science getting over-exaggerated in the media. Most people would be quick to blame journalists and big media for getting in wrong. In many cases, you'd be right. But there's other sources of hype in science journalism. and one of them can be found in the humble, and little-known press release. We're talking with Chris Chambers about doing science about science journalism, and where the hype creeps in. Related links: The association between exaggeration in health related science news and academic press releases: retrospective observational study Claims of causality in health news: a randomised trial This...