Teaching of Architecture and Performance-Taken Predictions vs. Security-Not-Taken Predictions: Meltdown and Spectre Vulnerabilities

Authors

  • Ana Cláudia M. P. da Costa UFV
  • Kristtopher Kayo Coelho UFV
  • Jeronimo Costa Penha UFV
  • Ricardo dos Santos Ferreira UFV
  • José Augusto M. Nacif UFV

DOI:

https://doi.org/10.5753/ijcae.2018.4851

Keywords:

Out-of-order execution, Speculative execution, Cache memory, Spectre, Meltdown

Abstract

In the pursuit of performance, the side effects generated by the correlations between optimizations were not taken into account, resulting today in vulnerabilities such as Spectre and Meltdown that threaten the security of processors manufactured in the last two decades. This article presents an approach to motivate the teaching of computer architecture to better understand these vulnerabilities, showing that a broader and more correlated view of various topics is necessary. These topics include out-of-order execution, speculative execution, caches, hardware counters, virtual memory, among others. The first part of this work presents a simplified proposal for teaching optimizations aimed at achieving performance and how to correlate them to underpin the explanation of the vulnerabilities. The methodology is based on examples. The second part shows experiments that can be used to evaluate some impacts of the vulnerabilities. Major companies in the field, such as Intel, AMD, ARM, among others, have developed patches. However, these patches directly impact system performance. In addition to the teaching approach, the impact on computational performance with and without security patches is illustrated. Based on tests conducted on benchmarks, performance losses of around 10% were observed for the Linux-Bench program suite, which can reach up to 16% for the GtkPerf program suite to ensure system protection.

Downloads

Download data is not yet available.

References

AMD. Amd processor security updates. Disponível em: [link]. Acessado em: 17/06/2018, 2018.

Android. Android security bulletin—january 2018. Disponível em: [link]. Acessado em: 17/06/2018, 2018.

Apple. About speculative execution vulnerabilities in arm-based and intel cpus. Disponível em: [link]. Acessado em: 17/06/2018, 2018.

ARM Developer. Speculative processor vulnerability. Disponível em: [link]. Acessado em: 17/06/2018, 2018.

H. P. Baranda, J. C. Penha, and R. Ferreira. Implementacao de um preditor de desvio no mips 5 estagios. International Journal of Computer Architecture Education, 6, 2018.

J. Charles, P. Jassi, N. S. Ananth, A. Sadat, and A. Fedorova. Evaluation of the intel® core™ i7 turbo boost feature. In Workload Characterization, 2009. IISWC 2009. IEEE International Symposium on, pages 188–197. IEEE, 2009.

I. Coorporation. Intel 64 and ia-32 architectures optimization reference manual, 2009.

Google. Today’s cpu vulnerability: what you need to know. Disponível em: [link]. Acessado em: 17/06/2018, 2018.

GtkPerf. Gtkperf benchmark. Disponível em: [link]. Acessado em: 02/08/2018, 2018.

M. Hashemi, E. Ebrahimi, O. Mutlu, Y. N. Patt, et al. Accelerating dependent cache misses with an enhanced memory controller. In ACM SIGARCH Computer Architecture News, volume 44, pages 444–455. IEEE Press, 2016.

J. Horn. Reading privileged memory with a side-channel. Project Zero, 3, 2018.

Intel. Intel responds to security research findings. Disponível em: [link]. Acessado em: 17/06/2018, 2018.

M. Klein. Meltdown and spectre, explained, 2018.

P. Kocher, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y. Yarom. Spectre attacks: Exploiting speculative execution. ArXiv e-prints, Jan. 2018.

J. Levin. Mac OS X and IOS Internals: To the Apple’s Core. John Wiley & Sons, 2012.

R. H. E. Linux. Kernel Side-Channel Attacks - cve-2017-5754 cve-2017-5753 cve-2017-5715, 2018.

R. H. E. Linux. Speculative Execution Exploit Performance Impacts - describing the performance impacts to security patches for cve-2017-5754 cve-2017-5753 and cve-2017-5715, 2018.

Linux-Bench. Linux-bench benchmark. Disponível em: [link]. Acessado em: 02/08/2018, 2018.

M. Lipp, M. Schwarz, D. Gruss, T. Prescher, W. Haas, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, and M. Hamburg. Meltdown. ArXiv e-prints, Jan. 2018.

Microsoft. Windows client guidance for it pros to protect against speculative execution side-channel vulnerabilities. Disponível em: [link]. Acessado em: 17/06/2018, 2018.

Microsoft Azure. Securing azure customers from cpu vulnerability. Disponível em: [link]. Acessado em: 17/06/2018, 2018.

I. of Applied Information Processing and Communications. Meltdown proof-of-concept, 2018.

O. Sibert, P. A. Porras, and R. Lindell. The intel 80/spl times/86 processor architecture: pitfalls for secure systems. In Security and Privacy, 1995. Proceedings., 1995 IEEE Symposium on, pages 211–222. IEEE, 1995.

J. E. Smith. Dynamic instruction scheduling and the astronautics zs-1. Computer, 22(7):21–35, July 1989.

R. M. Tomasulo. An efficient algorithm for exploiting multiple arithmetic units. IBM Journal of Research and Development, 11(1):25–33, Jan 1967.

E. Tromer, D. A. Osvik, and A. Shamir. Efficient cache attacks on aes, and countermeasures. Journal of Cryptology, 23(1):37–71, 2010.

Y. Yarom and N. Benger. Recovering openssl ecdsa nonces using the flush+ reload cache side-channel attack. IACR Cryptology ePrint Archive, 2014:140, 2014.

Published

2018-12-01

How to Cite

Costa, A. C. M. P. da, Coelho, K. K., Penha, J. C., Ferreira, R. dos S., & Nacif, J. A. M. (2018). Teaching of Architecture and Performance-Taken Predictions vs. Security-Not-Taken Predictions: Meltdown and Spectre Vulnerabilities. International Journal of Computer Architecture Education, 7(1), 19–28. https://doi.org/10.5753/ijcae.2018.4851

Issue

Section

Full Papers