2

I've heard an expert (or "expert") laugh the current focus on Meltdown and Spectre off by arguing that dcache timing and dcache leak issues have been known and around for years (so nothing new there ...)

Does such belittlement have (some) merit or is the comparison fundamentally misplaced?

Drux
  • 371
  • 1
  • 2
  • 10
  • What "dcache" are you referring to? What attacks are you referring to? Can you please provide more details about this claims - especially what the expert really said and in which context, which might be different from what you understood. – Steffen Ullrich Jan 08 '18 at 21:39
  • @SteffenUllrich I'm just quoting the expert (perhaps "expert"). He did not go into further details. I mistrust the argument but wanted to reach out for further advice. Sorry for not being able to provide further information at this time. I'll add to my question if I learn more about context. – Drux Jan 08 '18 at 21:48
  • @SteffenUllrich, "dcache" is a processor's data cache. – Mark Jan 08 '18 at 22:20

1 Answers1

4

Your "expert" is correct that figuring out memory access patterns by cache timing is nothing new. But the "expert" has completely missed the point of Meltdown and Spectre by focusing on the method that proof-of-concept exploits are using to exfiltrate data.

At its core, Meltdown and Spectre are about on-demand reading of memory that a program doesn't have permission to read. This is new -- prior cache-timing attacks had to rely on the target program reading the memory the attacker is interested in, in a manner that the attacker can make use of. Spectre uses the branch predictor to force a target program to perform the desire reads, while Meltdown uses speculative execution to read the memory directly.

The attacks don't require the use of the cache: other timing-based side effects can be used, but don't have the favorable signal-to-noise ratio of cache timing.

Mark
  • 34,390
  • 9
  • 85
  • 134
  • 1
    This specific class of attacks (spectre, IIRC) was known for years by Intel before this was made public (someone released a presentation slide from something like 6 years ago where they were talking about this internally at Intel), so the expert/"expert" may be coming from the point of view of someone with insider knowledge. This is like someone at Raytheon SI saying "Ha, towelroot? This is nothing new, this was known for years". – forest Jan 09 '18 at 03:15
  • Thx & I'd love to hear what [Hennessy and Patterson](https://www.elsevier.com/books/computer-architecture/patterson/978-0-12-383872-8) have to say about all that. – Drux Jan 09 '18 at 07:21