Meltdown-Spectre amplifies call for new hardware-software contract

Data61's Gernot Heiser says the traditional instruction set architecture (ISA) model is past its use-by date. Meanwhile, the seL4 microkernel team he leads is now conquering time as well as space.
Written by Stilgherrian , Contributor

The Meltdown and Spectre hardware vulnerabilities have highlighted more than just the absolute sh*t show of an embargo process that has led, among other things, to questions from the US Congress. There's a deeper problem, one that goes back more than two decades.

Both Meltdown and Spectre are "timing-channel attacks". They subvert a computer's security mechanisms by analysing the time taken to perform various operations.

Intel's statement of January 3 described these hardware flaws as "methods that, when used for malicious purposes, have the potential to improperly gather sensitive data from computing devices that are operating as designed".

Gernot Heiser describes them another way.

"Remove the spin. This means our hardware operates according to a contract we defined. It's your problem the contract doesn't work for you," Heiser told ZDNet.

Heiser is a scientia professor and the John Lions Chair of Operating Systems at the University of New South Wales, and leader of the Trustworthy Systems Group at Data61. In what he describes as "exquisite timing", just two months before news of Meltdown and Spectre broke, a brief paper he'd written was accepted by the journal IEEE Design and Test. Titled For safety's sake: we need a new hardware-software contract! [PDF], it will be published in April.

That contract is currently something called the instruction set architecture (ISA).

"The ISA describes the functional interface of the hardware to software. Specifically, it describes all you need to know for writing a functionally correct program," Heiser wrote. Write software according to the rules, and the vendor "promises" that the hardware will execute it correctly.

Safety and security require more than just functional correctness, however. They must also account for time. That's not part of the ISA.

"Hard real-time systems, where failure to complete an action by a deadline is disastrous, used to be small control programs running on simple microcontrollers without internal protection. This model has reached its use-by date, with even critical systems becoming complex and rich in functionality. This means that modern real-time systems are increasingly mixed-criticality systems (MCS), where functions of different criticality co-exist on the same processor. A core property of an MCS is that the ability of a critical task to meet its deadlines must not depend on the correct behaviour of less critical components," Heiser wrote.

Download now: IT leader's guide to the threat of cyberwarfare(free PDF)

"If the safety story was not bad enough, the security situation is worse. One defence against timing-channel attacks, especially for crypto algorithms, is constant-time implementations, where execution time is independent of inputs. However, these are only possible if the implementer understands exactly what the hardware does, and in general they do not have sufficient information about the hardware. The result is frequently that 'constant-time' implementations are not constant-time at all, as we have recently demonstrated on the supposedly constant-time implementation of TLS in OpenSSL 1.0.1e."

Heiser's paper was a by-product of research conducted for the formally-verified seL4 microkernel. seL4 is a proven-correct secure operating system that's already being used in Qualcomm modem chips, amongst others, as well as by Apple for the iOS secure enclave. The US Defense Advanced Projects Agency (DARPA) is using it in experiments with Boeing on an autonomous drone helicopter, and in autonomous trucks that are already driving the streets of Detroit.

Timing issues were critical to the development of the recently released MCS branch of seL4, which Heiser discussed in his presentation to the linux.conf.au open-source software conference in Sydney on Friday. Part of that project included writing a whole new architecture for the kernel thread scheduling system, which is claimed to be 10 times faster than the Linux kernel.

But the complete verification of that branch is impossible without all the hardware details.

"It's proofed against the model of the hardware, which is incomplete, and often incorrectly implemented. Verified or not, there's nothing you can do against that," Heiser told ZDNet.

"The argument in this paper is it's very little that is needed to actually make this stuff sane. Well, so I thought before the Spectre attack, which is, wow, this is worse than I thought."

Heiser's call for a new contract echoes a research paper published more than two decades ago.

The US National Security Agency (NSA) commissioned research which was published in 1994 under the title An Analysis of the Intel 80x86 Security Architecture and Implementations [PDF].

Not only did the researchers find the potential for timing channel and other attacks, as well as hardware implementation errors, they also issued a warning about increasing hardware complexity, and called for more transparency from the hardware vendors.

"Currently, our penetration effort is limited by availability of information about the processors. In traditional penetration testing efforts, evaluators have complete access to internal design and implementation information about the system. Here, we are using only public information," they wrote.

The researchers noted the "imbalance of scrutiny" between hardware and software, and that the imbalance was "increasingly difficult to justify" as hardware became more complex.

"Our findings point out the utility -- indeed the necessity -- for the closer examination of microprocessors in high-assurance secure systems development."

Here in 2018, concerns over closed processor hardware are not limited to the lack of timing information, or implementation errors. There's also the possibility that malicious systems could be built into the hardware or firmware itself.

"That is a big can of worms, and that's the really scary bit," Heiser told ZDNet.

"Depending on where you buy your processor from, you either get the NSA back door, the Chinese back door, or the Russian back door, which is of course something not a lot of people talk much about."

That's why Heiser is "excited" about RISC-V, an open instruction set architecture currently under development.

Related Coverage

Linux 4.15: Good news and bad news about Meltdown and Spectre

Linus Torvalds released the next version of the Linux kernel and, while are things are better with the chip security problems Meltdown and Spectre, more work needs to be done.

Meltdown and Spectre response hampered by 'exclusive club' secrecy

Open-source community leaders have slammed the 'absolute sh*t show' of an embargo process that left many key constituencies just days to develop complex software patches.

Fake Meltdown-Spectre patch emails hiding Smoke Loader malware

Cybercriminals are attempting to profit from confusion around the two vulnerabilities.

Intel CEO: New chips will have built-in protections against Meltdown, Spectre (TechRepublic)

Intel's profits were up in Q4 2017 despite the massive security issues, according to CEO Brian Krzanich.

Spectre and Meltdown: Cheat sheet (TechRepublic)

What are the Spectre and Meltdown vulnerabilities, and how do they affect you? This essential guide will tell you everything you need to know about Spectre and Meltdown.

Editorial standards