Announcement

**uid313** · 31 August 2021, 08:46 AM

Imagine if there were a computer that had no side channels so that side-channel attacks were impossible and wouldn't have to be mitigated in software.

**Developer12** · 31 August 2021, 10:12 AM

rop = return oriented programming
cop = call oriented programming?
job = jump oriented something?

**Developer12** · 31 August 2021, 10:18 AM

Originally posted by uid313 View Post

Imagine if there were a computer that had no side channels so that side-channel attacks were impossible and wouldn't have to be mitigated in software.

A nice concept, but it would take monumental effort to formally verify that none existed, and it would be a massive drag on the entire design effort. It might not even be compatible at all with a lot of modern performance enhancements, spectre aside.

Intel recently patched out a don't-load-zeros optimization in their skylake (and above) microcode. It made memory loading a lot more power efficient, but it also allowed you to guess the contents of memory based on timing. Speculative execution wasn't even involved in that side channel.

And then there's the really crazy stuff. There are designs out there that load both a register, and it's compliment into a shadow register, just so that the total number of 1's and 0's loaded is always the same. Why? You can guess what the contents being loaded are based on power consumption.

**tildearrow** · 31 August 2021, 01:40 PM

Originally posted by uid313 View Post

Imagine if there were a computer that had no side channels so that side-channel attacks were impossible and wouldn't have to be mitigated in software.

There was already... The 68000, the first Intel Atom processors and earlier ARM processors were immune to these attacks because they ran in-order...

**xfcemint** · 31 August 2021, 03:09 PM

Originally posted by Developer12 View Post

A nice concept, but it would take monumental effort to formally verify that none existed, and it would be a massive drag on the entire design effort. It might not even be compatible at all with a lot of modern performance enhancements, spectre aside...

This person wants you to believe that a computer system can't be very secure without complete formal verification, which is false. At least, the major problem in today's designs isn't a lack of formal verification, but intentional chase of even higher profit margins by hardware-design companies.

Originally posted by tildearrow View Post

There was already... The 68000, the first Intel Atom processors and earlier ARM processors were immune to these attacks because they ran in-order...

This person wants you to believe that a very secure design cannot be high-performance, citing some outdated examples from the past. IMO, there is no inherent reason why a high-performance design couldn't be very secure, except for a rather small (less than 15%) performance penalty compared to a common high-performance design.

This person might be some kind of a high-performance enthusiast, and their mindset is stuck in a never-ending chase of ultimate speed, always worshipping the current king of the hill.

**tildearrow** · 31 August 2021, 03:28 PM

Originally posted by xfcemint View Post

This person wants you to believe that a computer system can't be very secure without complete formal verification, which is false. At least, the major problem in today's designs isn't a lack of formal verification, but intentional chase of even higher profit margins by hardware-design companies.

One thing is being very secure. Another is having a seal that ensures it is very secure.
Just like jobs. You may be skilled enough to take a specific job, but sadly most require you to have verification of formal study on specific topics (usually learned from academies, college or university) to ensure you are fit for the task.

Originally posted by xfcemint View Post

This person wants you to believe that a very secure design cannot be high-performance, citing some outdated examples from the past. IMO, there is no inherent reason why a high-performance design couldn't be very secure, except for a rather small (less than 15%) performance penalty compared to a common high-performance design.

Yes, in fact these are old examples. Back when out-of-order execution, branch prediction and the rest of that magic dust was unknown to human (68000) or too difficult to apply on a low cost design (Atom).
I wonder, how would you implement a high performance secure design? AMD made a Meltdown-proof design, but.... Spectre

I've heard some security researchers made a processor design that is immune to Spectre as well but nobody has ever considered that paper from the moment it was released...

Originally posted by xfcemint View Post

This person might be some kind of a high-performance enthusiast, and their mindset is stuck in a never-ending chase of ultimate speed, always worshipping the current king of the hill.

The result of poor application design with layer on top of layer on top of layer, just like a burger that has too many layers.
By the way, not a high-performance enthusiast. Even though I do appreciate speed improvements, I am not the wow guy.

**xfcemint** · 31 August 2021, 04:08 PM

Originally posted by tildearrow View Post

One thing is being very secure. Another is having a seal that ensures it is very secure.
Just like jobs. You may be skilled enough to take a specific job, but sadly most require you to have verification of formal study on specific topics (usually learned from academies, college or university) to ensure you are fit for the task.

Yes, the original question was about "no side channels so that side-channel attacks were impossible". So, that would require formal verification.

On the other hand, I estimated that an answer to the original question should mention that formal verification is asking a bit too much given the current state of affairs. For example, it is extremely uncommon to formally verify software in general.

Therefore, I used the phrase "very secure" to indicate something which is not formally verified, but possible in the notion of today's expectations.

... I'll split the answer into several posts...

**xfcemint** · 31 August 2021, 04:26 PM

Originally posted by tildearrow View Post

I wonder, how would you implement a high performance secure design? AMD made a Meltdown-proof design, but.... Spectre

I've heard some security researchers made a processor design that is immune to Spectre as well but nobody has ever considered that paper from the moment it was released...

A high-performance design which is "very secure":
- uses OoO
- uses speculative execution
- has speculation-aware caches (at least L1, maybe L2)
--- doesn't modify a cache line untill all security checks are green. Data can be speculatively fetched to registers from the cache (without modifying the last-access tracking bits). Data can be speculatively stored from registers to a "speculative cache buffer" which then forwards the data to the cache when security checks are green.
- general design idea for speculative execution: the design should try to avoid making speculative writes to registers/buffers/latches where those writes are hard to track and undo. So, speculation should be mostly in the core (on instruction fetch, decode, instruction order, ALU registers, some buffers in the core), and should not "spill out" to I/O, memory, etc...

Originally posted by tildearrow View Post

By the way, not a high-performance enthusiast. Even though I do appreciate speed improvements, I am not the wow guy.

I thought that you possibly just wrote the original answer with a bit too much of haste.

**xfcemint** · 31 August 2021, 04:35 PM

In fact, to mitigate Spectre v1/v4 (Spectre v1/v4 can defeat software-based privilege isolation), the CPU shouldn't be able to modify the cache untill the speculation window is closed (the moment when the conditional branch is resolved).

Announcement

Linux 5.15 Adds Another Knob To Harden Against Side Channel Attacks

Linux 5.15 Adds Another Knob To Harden Against Side Channel Attacks

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment