Meltdown melted down everything, except for one thing
A side channel attack is a way to extract sensitive information from a system by some means other than the intended input and output channels
While recently discovered CPU vulnerabilities such as Spectre and Meltdown have caused great security upheaval, including emergency patching and general instability, they are only a small subset of a larger category of threats – side channel attacks. If organizations don't use this opportunity to protect from general side channel attacks, more pain is coming.
Side Channel Attacks
A side channel attack is a way to extract sensitive information from a system by some means other than the intended input and output channels, thus a side channel. A conventional attack on the security of a digital system might work by supplying malicious input that results in sensitive data being included with the output. In contrast, a side channel attack might look at a property, such as the response time of the system, and determine secret information based on changes in this property.
For a real-world analogy to side channel attacks, consider how one might secure their home. Keeping the front door locked is conventional security, but attackers may also use a broken window as the side channel entry point into the house. Side channels are just as damaging as conventional attacks, and proper security strategy must address both types of attacks.
A side channel attack is the digital equivalent of a safecracker using a sensitive listening device to determine the state of the mechanical components in a lock. The sensitive information gleaned by a side channel attack is known as side channel leakage. Side channel leakage can take many forms, including variation in the time taken by the system to process different inputs, variation in the electrical activity of a circuit when processing different inputs, electromagnetic emissions from a circuit, and even sound emitted from a cryptographic device. In addition to monitoring side channel leakage, the attacker may supply the system with chosen inputs or otherwise tamper with the operation of the system to maximize the utility of the leakage.
Side channel attacks are usually described in the context of cryptographic systems, where the leaked information is a cryptographic key. The threat of side channel attacks becomes even more prominent in the context of cloud computing, given the risk they pose for hardware infrastructure shared by co-resident virtual machines or processes. The primary concern in cloud computing revolves around side channels that exist in hardware shared by co-resident virtual machines or processes. Most proof-of-concept side channel attacks in cloud environments infer secrets based on observing changes to shared hardware caches. The caches are part of the CPU's memory subsystem, so these attacks are classified as using a memory side channel.
Spectre and Meltdown
Many organizations had a recent experience with side channel attacks when security researchers announced the discovery of Meltdown and Spectre. Meltdown and Spectre are side channel vulnerabilities affecting the CPU, arising from the speculative execution functionality in modern high-performance CPUs. Unlike early CPUs, which executed a sequence of machine instructions one by one, modern CPUs may begin processing subsequent instructions while a previous instruction is still in flight. If the previous instruction fails, the CPU must ensure that the machine state exposed to software does not reflect any effects of the executed instructions. The Meltdown and Spectre vulnerabilities arise because a process can cause the CPU to speculatively access data that the process should not have access to. The CPU will not expose the data to the process directly, but the process may be able to recover the accessed data via a side channel.
In the case of digital computation, a side channel vulnerability can exist when execution of a program modifies externally visible state outside of explicit inputs and outputs to the program. In this case, the side channel can be organized by the resource(s) used to construct the channel. For example, a timing side channel attack is an attack in which a secret or password is inferred from the execution time of the application. Another side channel attack may use the branch predictor side channel. The CPU's branch predictor holds information about observed branch behavior and thus may reveal control flow within an enclave.
Securing against Spectre, Meltdown and future unknown attacks
While these CPU vulnerabilities rendered most x86 applications vulnerable, making it possible for attackers to access almost all private data from the software, a small class of applications remained protected and completely secure. In fact, these applications didn't even need to do anything specific to remain protected from Meltdown even when the system is compromised. Intel® SGX is a technology that encrypts all application memory, making it impossible for the kernel to access application data. AMD SEV is a similar technology available on AMD x86 platforms.
Furthermore, organizations can easily combine other techniques available to fragments of the applications running inside Intel SGX to further protect applications from Spectre and the general class of side channel attacks.
For example, runtime encryption is a general approach to solving data security that emphasizes keeping data encrypted even when in use. This means that no software, other than the application itself, not even software running with higher privilege levels, can access the application memory. Thus, even if the system itself is compromised, applications remain secure because attackers can get only encrypted data but never decrypted plaintext.
With the addition of runtime encryption, all cryptographic algorithms are hardened against side channel attacks. Varying protection strategies are used for different algorithms, and when needed, non-cryptographic algorithms are also protected against side channel attacks. Runtime encryption solutions ensure data remains protected even when in use, so that if ever exposed the data can't be used because it remains encrypted. In addition, runtime encryption ensures that cryptographic primitives internal to the library are protected.
Side channel attacks are a very real concern in any digital system that operates on sensitive data. As with many aspects of digital security, new attacks are continually under development and systems must be constantly updated to remain secure. SGX offers the power to run most x86 applications in a secure enclave to protect applications' data against unauthorized memory reads. To ensure that enclaves are secure in practice, great care is needed, including the care to avoid leaking secrets through side channels. Runtime encryption has been designed with various defenses, leveraging expertise in hardware-based security and cryptography, to protect against side channel attacks.
If organizations can proactively apply the pain and suffering from Spectre and Meltdown into hardening systems against not just current attacks but also future streams of attacks, 2018 may go down as a good year for security.
Ambuj Kumar is co-founder and CEO of Fortanix.