In January the tech world was baffled by two major security vulnerabilities in the processors called Meltdown and Spectre, which can be found in almost every computer on this planet. These vulnerabilities have arisen from the architecture of the processors themselves.
These attacks fundamentally changed our understanding of what’s trustworthy in a system, and force us to re-examine where we devote security resources. They’ve shown that we need to be paying much more attention to the microarchitecture of systems.
Ilia Lebedev, a PhD student at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL).
Accessing memory operation is most vulnerable to these timing attacks. Systems to improve their performance speed and to avoid idling perform multiprocessing.
While it pays off in performance speed, it also creates new security issues. Like the attacker can make the processor execute some code to read a part of memory he isn’t allowed to. Even if the code fails, it could still leak data that the attacker can then access.
A common way to prevent such attacks is to split up memory so that it’s not all stored in one area – called Cache Allocation Technology (CAT). But still, it’s not much a secure technique.
In contrast, the MIT CSAIL team has developed a “Secure way partitioning” technique. The researchers have named their method “DAWG”, which stands for “Dynamically Allocated Way Guard.” (The dynamic part means that DAWG can split the cache into multiple buckets whose size can vary over time.)
We think this is an important step forward in giving computer architects, cloud providers, and other IT professionals a better way to efficiently and dynamically allocate resources. It establishes clear boundaries for where sharing should and should not happen so that programs with sensitive information can keep that data reasonably secure.
says Kiriansky, a PhD student at CSAIL.
The team is quick to caution that DAWG can’t yet defend against all speculative attacks. However, they have experimentally shown that it is a foolproof solution to a broad range of non-speculative attacks against cryptographic software.
The team is now working to improve DAWG performance. In the meantime, they’re hopeful that large tech companies like Intel will be interested in adopting their approach — or others like it — to minimize the chance of future data breaches.
