Brian Gregory  writes:
> The Natural Philosopher wrote:
>> Martin Gregorie wrote:
>>> I'm really disapointed that there hasn't been more work done on both
>>> hardware as OS design to make cross-process interference impossible
>>> and to properly implement hardware protection rings to stop
>>> application-level code clobbering the OS and the OS from clobbering
>>> to low-level drivers.
>>
>> Problem is look-ahead caching

Use of the cache is only one exfiltration option (albeit a popular one);
there’s a cache-free Spectre variant that uses variation in the
execution time of AVX2 instructions.

>> Modern processors use it to gain speed, but it blows away process
>> compartmentalisation.
>
> It doesn't blow it away; it makes a very very difficult and very very
> ineffective attack theoretically possible.

I think that’s an optimistic assessment.

The Foreshadow researchers extracted high-value key material from SGX
architectural enclaves - a real security breach and not an artificial
proof of concept.

> I'm pretty certain none of these timing related speculative execution
> vulnerabilities have ever been found being used "in the wild" by
> malicious hackers.

Found, sure, but that’s absence of evidence. It’d be rather surprising
if the major threat actors hadn’t added these tools to their repertoire,
and you wouldn’t necessarily expect to find out about successful
exploitation in the short term.

--
https://www.greenend.org.uk/rjk/

--- SoupGate-Win32 v1.05