Intel published last week a research paper detailing a new type of computer memory that was specifically designed to safeguard against speculative execution side-channel attacks, such as Meltdown, Spectre, L1TF, SGXSpectre, SWAPGSAttack, Zombieload, MDS, and others.
Speculative execution side-channel attacks are vulnerabilities in how a processor handles speculative execution, a process through which CPUs run calculations in advance, and discard unnecessary data.
For many years, speculative execution has been viewed as one of the best ways to optimize CPUs and boost their performance. But since 2017, academics began finding cracks in the speculative execution process through which attackers could extract sensitive data that was being processed inside a CPU’s memory (cache).
Intel CPUs were the ones most affected by these issues, since the company heavily invested in boosting CPU performance through speculative execution. The CPU maker responded to these bugs by adding a series of hardware-based protections to its upcoming CPUs and releasing software-based fixes for older series.
But in a research paper published last week, Intel proposed SAPM — or Speculative-Access Protected Memory. This is a new memory type that Intel would want to replace the current CPU memory system.
SAPM is the work of Intel STORM (STrategic Offensive Research & Mitigations), a team of elite security researchers that Intel assembled since 2017 to work on creating mitigations for all the speculative-execution attacks that have impacted the CPU maker’s products.
SAPM is only an idea for the moment, and there are no silicon prototypes. Intel STORM engineers only released “the theory and possible implementation options,” to provide “a ground base for other researchers to improve upon and also for the industry to consider.”
They said they started working on SAPM as an alternative to the current hardware and software-level mitigations.
Intel STORM researchers say SAPM will implement protections at the hardware level and will work with both physical and virtual memory addresses.
“SAPM can be applied to specific memory ranges, with the attribute that any memory access to such memory type will be instruction-level serialized, meaning that any speculative execution beyond the SAPM-accessing instruction will be stopped pending the successful retirement of this SAPM-accessing instruction,” Intel STORM developers said in their short description of SAPM’s basic principles.
SAPM is future-proof
Researchers say their “proposal provides more flexibility to software” by moving most of the mechanism that prevents speculative execution attacks at the hardware level.
The idea is that most speculative execution side-channel attacks can be split into two parts: the “frontend” part of the exploit code, and its “backend.”
Intel STORM researchers say the second part (backend) of most speculative execution attacks performs the same actions. SAPM was designed to introduce hardware-based protections against the backend part of most attacks.
It’s because of this concept that Intel’s research team believes that SAPM will also future-proof the next generations of Intel CPUs against other — currently undiscovered — speculative execution attacks.
But the idea of introducing new mitigations will always raise questions about reducing CPU performance. Intel STORM researchers don’t deny that there’s a performance hit; however, this impact is low and could be mitigated further by dropping other existing protections.
“Although the performance cost for each memory access to SAPM is relatively big, considering such operations shall only be a very small portion of the total software execution, the overall performance overhead is expected to be low and potentially less than the performance impact of current mitigations,” researchers said.
The SAPM technical details are available here.