Solving Spectre and Meltdown may ultimately require an entirely new type of processor

Are Meltdown and Spectre too fundamental to patch? One expert suggests they may be.

How to identify and fix execution bugs like Spectre and Meltdown has been a burning topic among microprocessor buffs this year. At Hot Chips, one of the industry’s premier academic conferences on microprocessors, experts agreed that the ultimate solution to solving them may require, yes, a lot more talk.

At a panel Monday at the Cupertino, California event, Professor Mark Hill of the University of Wisconsin, Madison, was asked to think about the implications of side-channel, speculative execution attacks on modern microprocessors like those made by ARM, Intel, and others. His solutions included specialized cores, flushing caches on context switches, and business ideas like charging more for exclusive virtual machines.

But the real answer, he and several other panelists said, is more collaboration between hardware and software designers—and maybe a complete redesign of today’s microprocessors.

How the entire chip industry was blindsided

Meltdown and Spectre were revealed unexpectedly in late 2017, shortly before the vulnerabilities were due to be formally, quietly, disclosed during CES in January, 2018. Originally discovered by Google’s “zero-day” investigative team, Google Project Zero, the attacks take advantage of a modern property of microprocessors, speculative execution, where the processor essentially “guesses” which instruction branch to take and execute. (Paul Turner, an engineer and lead on Google’s kernel team who was on the panel, said that Project Zero didn’t give the others at Google a heads-up; they found out just like everyone else.)

What microprocessor designers thought for 20 years was that a bad “guess” simply retired the data without any security risks. They were wrong, as the side-channel attacks proved. 

In practical terms, it means one browser tab could view the contents of another, or one virtual machine could peer into another. That prompted CPU vendors like Intel, along with Microsoft, to issue software “mitigations,” or patches. It’s the most effective way to protect your PC from Spectre, Meltdown, or any of the followup attacks, like Foreshadow

Fortunately, teasing that information out takes time—in some cases, a lot of it. NetSpectre, which can exploit one of the Spectre vulnerabilities remotely, can be used to break in via the cloud or a remote machine. On one hand, the resulting data leak can be as slow as 1 bit per minute, according to panelist John Hennessy, the famous microprocessor designer and now chairman of Alphabet. On the other, the average time between when a server is remotely penetrated and when that intrusion is discovered is 100 days, he added—giving a vulnerability like Spectre lots of time to work.

Intel’s next-generation processors probably won’t totally fix the first Spectre variant, Hennessy said, even though Intel’s planned hardware mitigations will start being designed in this fall with Cascade Lake, a new Xeon processor.

intel cascade lake mitigations Intel

A list of the hardware mitigations against side-channel attacks like Spectre and Meltdown that Intel is including in its next Xeon microprocessor, Cascade Lake.

Patch, or do-over?

ARM, Intel, AMD, and others in the industry can fix the problem through mitigations in the short term, Hill added. But more fundamental changes may need to be made to eliminate the problem altogether, he said.

“The long-run question is how do we define this right so that we potentially eliminate the problem,” Hill said. “Or are we forced to make it like a crime thing that we’re always mitigating.”

Speculative execution was one of the ways that the microprocessor, and by extension, the PC industry, achieved record sales, noted panelist Jon Masters, a computer architect at Red Hat. But speculation was treated as a “magic black box,” he said, without proper questioning by users or customers. That genie’s out of the box, too. Removing speculation and the processor caches that they leverage would lower performance by twenty-fold, Hill said.

hill spectre meltdown Mark Hill

Some of Professor Hill’s suggestions for short-term fixes for speculative-execution attacks.

Hill’s suggested solutions included isolating the branch prediction element, adding randomization, and implementing better hardware protections. Adding slower, safer execution modes by turning off speculation could be one solution; another would be to split an execution engine between “fast cores” and “safe cores.” He also suggested business solutions including charging more for virtual machines—instead of sharing hardware resources with more than one VM, a cloud provider could provide exclusive access.

The fundamental solution to the problem,  though, would be a ground-up reworking of the architectural definition, Hill said. A computer architecture is the way in which a processor executes the software instruction set, with arithmetic units, floating-point units, and more—and today’s chips were designed to conform to the needs of the original model. But if the basic architectural model is fundamentally flawed, he said, it may be time for a new one. In other words, Spectre and Meltdown aren’t bugs—just flaws in the design of all modern chips—and a new model may be needed.

What the panel ultimately decided upon, though, was the simple truth that hardware needs to be designed with software in mind, and vice versa—and both sides need to become more versed in security.

“What often happens is that hardware designers go and build some great hardware, and then we stop talking about it, or software folks say, ah, that’s hardware—I don’t care about it. We have to stop doing that,” Masters said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Mark Hachman

PC World (US online)
Show Comments

Father’s Day Gift Guide

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?