
New Spectre, Meltdown variants leave victims open to side-channel attacks - rbanffy
https://www.techrepublic.com/article/new-spectre-meltdown-variants-leave-victims-open-to-side-channel-attacks/?ftag=COS-05-10aaa0g&utm_campaign=trueAnthem:+Trending+Content&utm_content=5a8844a59ebbef0007f41440&utm_medium=trueAnthem&utm_source=twitter
======
jepler
why not link directly to the paper instead?
[https://arxiv.org/pdf/1802.03802.pdf](https://arxiv.org/pdf/1802.03802.pdf)
.. brb, digesting...

~~~
jepler
1\. They developed tools to synthesize side channel exploits based on an
architectural model + threat model.

2\. They developed distinct variants of Spectre and Meltdown that use remote
cache line invalidation (activity on core 1 can cause lines in core 2 to be
evicted!) as the side channel.

3\. Curent software mitigation of Spectre and Meltdown appear to be effective
at mitigating these new variants

4\. But future hardware mitigiations risk being too closely directed at
changing the observable behavior of the local cache. If they neglect
observable behavior of cache in another core, the hardware mitigations will be
ineffective.

------
jnordwick
Not new.

Only read the first and last page if the paper, but here was my quick
takeaway.

There are 2 things the attacks do: get the victim data into cache, then read
it out. This paper just shows a different way to read it out. Instead of
flushing the cache it induces false sharing to ping pong the cache line so
instead of waiting for main memory to service the request you are waiting on
the cache coherence protocol to catch up.

These were already described attacks on the web, so i don't consider this new
although they aren't talked about much probably because they are a little
harder to understand.

Since the fixes to both spectre and Meltdown are focused on the first part,
stopping data getting into the cache, they are work for this new read method.

Meltdown: fix the hardware permission bug on cache hit (probably very easy)
and everything will be fine.

Spectre: just as out of order execution can cause funny things in threaded
programs, they can in non threaded programs too it seems. Devs just need to be
aware of it and guard against it. Spectre is basically a process reading its
own memory, and we shouldn't be surprised by that.

