
MAGIC: Malicious Aging in Circuits/Cores - weinzierl
https://drive.google.com/file/d/0B9i8WqXLW451MTIyM2lqR1lpZ3M/view?pli=1
======
jimrandomh
The paper discusses thread models based around denial of service, but a more
worrisome possibility is that an attacker might figure out how to wear out a
processor in a way that creates bit-flips which can be exploited to create a
more traditional security vulnerability. Does anyone know enough about this to
tell whether that might be feasible?

~~~
fabulist
If the attacker can run code on your hardware, they probably don't stand to
gain anything from (from the standpoint of compromising data integrity) by
degrading your hardware to introduce bit flips. It would be simpler to present
you data corrupted in the fashion they'd like.

~~~
weinzierl
I think it's not that clear cut. "run code on your hardware" what does that
mean? Running code as root? Certainly. Regular user? Certainly. In some form
of sandbox? Hmm.

I you accept that running Javascript in a Browser or PDF-Reader is "running
code on your hardware" then thousands of people have run code on my hardware.
It doesn't usually matter because the sandbox protects me from obvious attacks
like accessing the file system.

The sandbox won't do nothing to prevent certain instruction patterns or memory
access patterns. I don't know if that's really feasible but I see the
possibility.

------
nashashmi
I never knew that logic gates also had an endurance rate. This process to
abuse logic gates to the point of failure seems trivial yet difficult to
prevent.

~~~
teddyh
The paper discusses (in section 8) two different ways in which this attack can
be prevented: Migrating the malicious process to another core, and
periodically executing “ _healing instructions_ ” which causes the transistors
to recover.

~~~
weinzierl
I think detecting the malicious process will be the harder problem. You could
monitor instruction patterns but this will certainly come with a performance
penalty.

~~~
teddyh
According to the paper, running “healing instructions” constantly and
periodically (no detecting), incurred a performance overhead of 0.18%.

------
mattbessey
Perhaps a stupid question, but, assuming this attack has NOT been performed,
do consumer electronics processors slow down in any measurable way within the
lifetime of the device? Anecdotally I often have friends complain their
computers get slower over time, and I've always written it off as OS level
issues, fragmentation etc.

Now I'm wondering if a PC could actually become slower from logic gate
failures. No, no. Thats dumb, right?

~~~
jhallenworld
Power7 has a kind of dynamic overclocking, see this pdf: (it adjusts clock and
voltage to maximize performance or save power):

[http://scholar.google.com/scholar_url?url=http://www.cs.bing...](http://scholar.google.com/scholar_url?url=http://www.cs.binghamton.edu/~millerti/cs680r/papers/Timing/ActiveManagementPower7.pdf&hl=en&sa=X&scisig=AAGBfm2n9GzOcGs3tj8u4y2jxnYU7CdAGQ&nossl=1&oi=scholarr)

The paper does mention aging.. I suppose this circuit could compensate by
boosting the voltage, but this would cause you to hit a power dissipation
limit at lower performance, so I think the chip will indeed end up being
slower over time.

