New speculative execution micro op vulnerability PoC

chants · #2 05-02-2021, 04:32

The paper is here: https://www.cs.virginia.edu/venkat/papers/isca2021a.pdf

It's actually a more efficient way of doing Spectre. And lfence instructions wont STOP it as like I said it uses fetch and jumping to the target instead of indirect reading.

The key is how they precisely determine the micro op cache lines and monitor them. It's much more powerful than the old technique that trains the branch predictor and fools stride prediction and such with sequential reads and writes. This is next level attack, gets really into the more general details of how the processor architecture achieves good performance.

I suspect mitigation will involve isolating kernel or secured memory in a more general stronger manner. I dont think there are many tricks left now besides killing processor performance. But such isolation might require hardware changes and not micro code updates or software mitigation.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
micro-ecc	JMP-JECXZ	Electric Section	0	08-19-2024 10:05
Basic Disassembler for Delphi port of Micro Length-Disassembler Engine 32	redbull	General Discussion	0	11-04-2005 04:56
Execution Code by using real CPU! no Emulation!!	vodu	General Discussion	6	07-01-2005 19:21
Execution protection in WinXP SP2	nine	General Discussion	1	12-16-2003 04:11

The Following User Says Thank You to chants For This Useful Post:
niculaita (05-02-2021)