|
Speculative Store Bypass
Speculative Store Bypass (SSB) () is the name given to a hardware security vulnerability and its exploitation that takes advantage of speculative execution in a similar way to the Meltdown and Spectre security vulnerabilities. It affects the ARM, AMD and Intel families of processors. It was discovered by researchers at Microsoft Security Response Center and Google Project Zero (GPZ). After being leaked on 3 May 2018 as part of a group of eight additional Spectre-class flaws provisionally named ''Spectre-NG'', it was first disclosed to the public as "Variant 4" on 21 May 2018, alongside a related speculative execution vulnerability designated " Variant 3a". Details Speculative execution exploit Variant 4, is referred to as Speculative Store Bypass (SSB), and has been assigned . SSB is named Variant 4, but it is the fifth variant in the Spectre-Meltdown class of vulnerabilities. Steps involved in exploit: # "Slowly" store a value at a memory location # "Quickly" load that value fr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Speculative Execution
Speculative execution is an optimization technique where a computer system performs some task that may not be needed. Work is done before it is known whether it is actually needed, so as to prevent a delay that would have to be incurred by doing the work after it is known that it is needed. If it turns out the work was not needed after all, most changes made by the work are reverted and the results are ignored. The objective is to provide more concurrency if extra resources are available. This approach is employed in a variety of areas, including branch prediction in pipelined processors, value prediction for exploiting value locality, prefetching memory and files, and optimistic concurrency control in database systems.Lazy and Speculative Execution |
Rogue System Register Read
Spectre refers to one of the two original transient execution CPU vulnerabilities (the other being Meltdown), which involve microarchitectural timing side-channel attacks. These affect modern microprocessors that perform branch prediction and other forms of speculation. On most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack. Two Common Vulnerabilities and Exposures IDs related to Spectre, (bounds check bypass, Spectre-V1, Spectre 1.0) and (branch target injection, Spectre-V2), have been issued. JIT engines used for JavaScript were found to be vulnerable. A website can read data stored i ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |