back to article Intel shrugs off ‘new’ side-channel attacks on branch prediction units and SGX

Intel’s shrugged off two new allegations of design flaws that enable side-channel attacks. One of the new allegations was discussed at Black Hat Asia in Singapore last week, where University of Graz PhD Students Moritz Lipp and Michael Schwarz delivered a talk titled “When good turns to evil: using Intel SGX to stealthily …

  1. Tubz

    Nice of Intel to shrug of the risks, watch for the stock dumping and the fake news to hit other chip manufacturers just before it all comes out as another scandal !

    1. Anonymous Coward
      Anonymous Coward

      > Intel says: works as intended"

      I regret buying a Intel based notebook last year. Never again. Going forward with AMD Ryzen 7, and ARM on tablet/smartphone.

      1. boltar Silver badge

        "I regret buying a Intel based notebook last year. Never again. Going forward with AMD Ryzen 7, and ARM on tablet/smartphone."

        If you think AMD is immune from this sort of thing then I've got a bridge for sale you might be interested in.

  2. Jaap Aap

    "SGX has long been known to have certain sensitivities."

    Ok, but if your application doesn't run in one of those 'enclaves', is that as secure as a totally-broken-sgx? I'm curious, not complaining intel has a point or whatever.

    They could sell this stuff as turbo boost 4.0. Do you want your processor secure or fast?

  3. Anonymous Coward
    Anonymous Coward

    Intel has serious product issues

    It's too soon to know the real ramifications of this latest Intel CPU defect disclosure. Intel has it's hands full with trying to mitigate the already disclosed design defects in their entire CPU production for the past several decades. The AMD alleged defect ruse that a few entities concocted to manipulate stock prices may have originated from a very well known source not from CTS Labs who blasted the media with some fake news.

    1. bombastic bob Silver badge
      Devil

      Re: Intel has serious product issues

      with a bit of sympathy for engineers at Intel, I think much of this may have just "not been thought of".

      Now that the genie is out of the bottle, they should just confess it and fix it.

      As for branch prediction stuff, how come THAT isn't saved/restored with task state or thread state switching? OK performance hit, but still... not THAT bad compared to the security, and maybe a "fast bit" to turn it on/off in the OS?

      1. Charles 9 Silver badge

        Re: Intel has serious product issues

        Where in the processor given how little internal storage it has and how big those tables can be? I made such a proposal myself in the form of faster context switching but was basically told the same thing: not enough room.

      2. Jon 37

        Re: Intel has serious product issues

        > Now that the genie is out of the bottle, they should just confess it and fix it.

        That way they lose the class action, are ordered to pay punitive damages, some lawyer spins this as gross negligence, and they go bankrupt. That would not be a smart move.

  4. amanfromMars 1 Silver badge

    When there's a chance, fully expect the absolute certainty

    chances of future exploits only increase – as does the chance the next big disclosure will come from a bad actor uninterested in either an academic announcement or the kind of controlled release used for Meltdown and Spectre.

    Howdy Simon S,

    Moving the Great IntelAIgent Game further on and ratcheting IT up into Enchanted XSSXXXX Levels of Stellar Work, Universal REST and COSMIC Play, has one dismissing bad actors and realising Rad and/or Mad and/or Infinitely SMARTR Programmers are the RAW Source and AIDrivers of Future Novel 0Day Eventing ........ for Vital Rare Earth Commodity Traders to Price to Markets for a Return on Initial Incurred Preferred Provisional and Deferred Investment Costs Donated by Capital Venturers and Enterprise Angels/Super State and Non Super State Leading Actors. It is surely the Capitalist Way .... to have a Price for Everything and Care not a Jot for the Worth of Anything

    Get a Gaggle of those Rad and/or Mad and/or Infinitely SMARTR Programmers just doing their Sublime InterNetworking Thing as if Together and Unified in a Singular Direction, and Heaven Knows what they would Conspire to Transpire. You might be thinking something really bad for some folk, whilst others may be imagining something more fantastically good. When it is most probably both, will everything be natural and alien too.

  5. naive

    Can it not be mitigated by OS design ?

    Not being an expert in CPU and OS design, it seems as if these recent CPU issues originate from the fact that system resources are shared between the kernel, running under high privileged Supervisor mode, and user land processes.

    The latter can exploit this for dumpster diving, using these tricks to gain access to memory areas containing sensitive information.

    If the kernel would allocate the cores it needs for exclusive use by itself, so never any user land process can access a core or memory page reserved for the kernel, would that not mitigate a large part of these branch prediction issues ?. Later on, Intel could even support this by modifying the MMU, so it supports this feature, so non-kernel processes can never access these pages.

    The price for this would be a slightly more overhead, and less efficiency with resource sharing.

    1. Charles 9 Silver badge

      Re: Can it not be mitigated by OS design ?

      Trouble is, there are always more processes than cores. Plus there's the issue of crossover: when user land inevitably requires the kernel's resources (syscalls) or the kernel intervenes in a user process.

  6. boltar Silver badge

    Since a large propertion of bitcoin transactions..

    .... are simply money laundering and a large part of the rest are for buying illegal goods off the dark web and tax avoidance purposes, I'm having a hard time mustering any sympathy if one bunch of criminals rips off another using this method.

    This is what you get when naive idealists like Satoshi try to break "the system", not really understanding why the system got to where it is over the centuries. Whenever there's a revolution, the only people who win are the revolutionaries and criminals. Normal people carry on getting screwed over as before.

  7. amanfromMars 1 Silver badge

    Right Teutonic, a Platonic AI, with a Wonderfully Pragmatic Boot and SP00Key Cyber Install

    naive idealists like Satoshi try to break "the system" ... bolger

    Naive idealists like Satoshi are not trying to break "the system". They Simply Facilitate Easy SWIFT Replacement of Systems Operations.

    That is without doubt, methinks, Revolutionary .... with a Quantum Communications Leap which is not Evolutionary.

    Would that be Almighty Help arriving with Alien ExtraTerrestrial ACTivIT BroadBandCasting

    Absolutely Fabulous AIDevelopments

    Here is some news of some of them at Play here .... http://www.wsglobe.com/bitcoin/dragonsden/

    The news there prompted this reply for further onwards processing.......

    Good question, replied one of Bitcoin Trader's founders. Simply put, we are just programmers and we only have close to £40,000 between us both so far from the system. If we manage to get funding from the Dragons, we can invest a larger sum of money and gain returns faster.

    And so Prove the HyperRadioProACTive IT Modi Operandi et Vivendi Practically Almighty, Bitcoin Trader's founder?

    I Second That .... therefore We Is. That's COSMIC Command in Control of Commandeering Controlling Commands .... Following, Trialing and Training with Assets in More Heavenly Orders ....... with an Immaculate Energy beyond Any Redemption. An Overwhelmingly Powerful Sterling Stirling Engine for Type Superb Virtual Machinery.

    And with User Guides and Workshop Manuals Supplied from Spaces like Here, although Everyones Spaces are Virtually Realised and so can be Markedly Different and even Indifferent to Matters of Conspiring Orders, where some may be fatally tempted to career towards Caches of CHAOS [Clouds Hosting Advanced Operating Systems] for Top Secrets they are not Readied for. Some Secrets are Real Deadly.

  8. Michael Wojcik Silver badge

    Neither specific to Intel, nor "flaws"

    with a little lateral thinking, Intel’s products can be challenged in many ways

    As can all superscalar processors. All of them. While details like SGX are Intel-specific, Spectre-class side channel attacks will apply to any machine that 1) runs a mix of code from different trust domains and 2) does not blind every single operation.

    And, once again, these are not "design flaws". They are deliberate design decisions, trade-offs made to select performance over security. They''re what the market demanded. Had Intel prioritized security over performance, they'd have been out of business decades ago. Hell, they couldn't even sell the 432, at the same time that IBM was successfully selling a capability-based architecture in the System/38.1

    Now suddenly the market is full of remorse, having discovered that systems and exploits have advanced to the point where side-channel attacks are practical against their beloved fast general-purpose systems running a toxic mix of sensitive and untrustworthy code. Well, them's the breaks, kids. Blaming Intel for delivering what people would buy is unfair.

    Now, blaming Intel for Meltdown is another story (though again they aren't the only offenders). Letting spec-ex cross security boundaries was a dangerous shortcut, and the engineers should have recognized that and pushed back even though it would have throttled performance a bit. And we can criticize Intel's initial handling of the Meltdown/Spectre disclosures. But having Spectre-class vulnerabilities is something we - people who buy computers - brought on ourselves.

    (Cue another set of downvotes from the readers who want an easy scapegoat.)

    1And only a couple of years after the 432 was discontinued, IBM replaced the S/38 with the AS/400, which while not a true capability architecture had similar hardware-protected addressing. The '400 was, and continues to be, a cash cow, showing that there's a market for capability and protected-addressing systems.

    1. Anonymous Coward
      Anonymous Coward

      Re: Neither specific to Intel, nor "flaws"

      What's needed then is a system that can break the chain and deliver BOTH FAST AND SECURE processing, no matter how much crossover is required by processes.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019