Intel Forms New Security Group to Avoid Future Meltdowns

Intel just moved some high level people around to form a dedicated security group.

When news of Meltdown and Spectre broke, Intel’s public relations department applied maximum power to their damage control press release generators. The initial message was one of defiance, downplaying the impact and implying people are over reacting. This did not go over well. Since then, we’ve started seeing a trickle of information from engineering and even direct microcode updates for people who dare to live on the bleeding edge.

All the technical work to put out the immediate fire is great, but for the sake of Intel’s future they need to figure out how to avoid future fires. The leadership needs to change the company culture away from an attitude where speed is valued over all else. Will the new security group have the necessary impact? We won’t know for quite some time. For now, it is encouraging to see work underway. Fundamental problems in corporate culture require a methodical fix and not a hack.

Editor’s note: We’ve changed the title of this article to better reflect its content: that Intel is making changes to its corporate structure to allow a larger voice for security in the inevitable security versus velocity tradeoff.

57 thoughts on “Intel Forms New Security Group to Avoid Future Meltdowns

  1. In many situations speed IS valued over all else, maybe future CPUs and OSes just need to switch between fast and secure and this should be clear that fast is not so secure. Current meltdown mitigation in Linux is something like this as you can turn it on and off anytime.

          1. You could do a clock speed slider in software, since clock speed is now controllable like that. That means you could wire up a slider to your PC through USB, say, and have a daemon / program ready to do the necessary. For extra groove, attach a 7-segment LED display to the case alonside the slider. Maybe one for MHz, one as a percentage of rated max. For a giggle, if you go past 105% of rated speed, the 7-segment LEDs go red!

            You can get bicolour 7-segmenters. So it’s possible, green, yellow, orange and red numbers.

            Not sure if they do full RGB ones. I know people have fabricated their own. Maybe you could buy them.

    1. +1

      I don’t understand how this author thinks security works but I don’t expect a processor manufacturer to have security measures that protect against exploits that previously only existed in theory and heavily relied on how caching works.

      There will always be another 0 day.

      1. +1

        My number 1 argument. This is not an “INTEL” issue.
        This is a “those guys must be magicians issue”! This exploit is so far above the bar that I don’t think it could have been avoided.

          1. @ Derek (this forum doesn’t allow me to reply directly)

            First that text doesn’t say their systems are affected by Meltdown and second I think those systems are running on Intel processors. IBM only uses their own processors where it is needed for compatibility or for targeting specific workloads. The Z series, I series or Power series have not been confirmed affected (and IBM would have confessed if they were – it’s a trust issue and they can’t afford to lose the trust of their customers).

            Believe me I’d point out other with the same problem if I’d know. However the fact is that up until now Intel and one ARM core are the only ones affected.

      1. Of course.
        But it isn’t like speculation have been speculated (pun?) to be a potential security hole for a while now.

        It isn’t like shared caches haven’t been known to provide information. Demonstrations since many years.

        It isn’t like shared resources aren’t known to be leaking information – and this have been known for a long time. 60’s? The only thing is extracting useful data from that is very hard in most cases, especially in systems designed for security.

        If you don’t expect the experts making a computer not to make shortcuts in known sensitive areas _unless_ they have been proven to be safe under all circumstances, well… Want to buy a bridge?

        It isn’t like other processor manufacturers have done the same thing. There is _one_ other manufacturer with _one_ other processor design that is known vulnerable to the Meltdown exploit. That’s telling.

        1. Except every major processor is vulnerable to Spectre (convenient fact to leave out), so this argument is down right terrible. It is not ‘telling’ that only Intel is this lazy and bad at security (as you are implying), it is telling that a very strange X86 instruction can be used to exploit systems via meltdown but spectre relies on no such feature. What point are you trying to make other then, different processors are different.

          1. Spectre is much harder to pull off. Not really the same thing, though they accomplish similar goals. Meltdown is like riding a bike, just because you can ride a bike doesn’t mean you can Spectre a unicycle. Intel took a shortcut because they didn’t think it would matter. It’s not exactly Intel’s fault though, since the entire industry operates on Scotch tape and bubble gum. We need to redesign the entire computing and networking stacks from the ground up, with security in mind. It will be better, but not perfect. Anything built can be broken.

          2. Metldown was stupid. Meltdown could have been easily avoided by Intel. If you don’t know the details go and read about it.
            Spectre is much nastier and is relaed to how modern CPUs work. So, no this argument is valid. Especially since meltdown is ONLY applicable to Intel chips, and I think ARM’s A75 and A53

          3. Which is a whole another thing. Note what this article is about – is it about general attacks based on speculative execution? No.

            X86 have nothing to do with it. I guess you have read that the TSX instruction set is buggy as claimed on some sites? It isn’t, it’s working as intended. And it wouldn’t be a problem if there weren’t a glaring security hole in their implementation that allows bypassing essentially the only kind of security normal operating systems can rely on: that of the separation of user and kernel states (ring 3 v.s. ring 0 on x86).

            Mixing the two problems into one like Intel does is just fuzzing the issue. That it is so easy (still very hard in general) to use shared resources to leak privileged information will require a rethinking of how speculative states are exposed, it will require redesigns in how a processor will handle speculative information. But this Intel issue is simple to fix: never ever allow user processes to access kernel data. That’s what Intel should have done in the first place, that’s what everyone else have always done.

  2. Consumers want price and speed numbers more than security. If Intel makes a good cpu, secure and etc, but not as fast as the competition ( even if the competition has flaws/bugs/spectres ) , people will still buy the competitor´s cpus, and complain that Intel is “losing to manufacturer X, because their cpus are faster ) .

    And if you try to explain to them that the cpus are slower but more secure, they will still state ( “but the other ones are faster, Intel should do something to make their cpus faster too “.

    I agree there is a problem with cpus ( not only Intel, but AMD , ARM and others ) . But that is not only Intel´s fault, it is more of a design problem of our current “cpu model”. Maybe more pure research nees to be done to implement better ways, or even radically different ways to achieve better performance along with security.

  3. Lets just hope the newly announced 49-Qbit quantum processor comes with more security in mind than the old binary silicon generation… But i’m pretty shure, the kind of security issues like Meltdown/Spectre were not even considered in the design of the chip. Security was just in the possible applications of quantum processing as encryption cruncher.

  4. Is this the same Hackaday that said being angry because Intel’s CEO Bryan Krzanich sold off his Intel stock was just a ‘distraction’? First you run interference for guys at the top and now you are ripping them a new one. Make up your mind already.

  5. “When news of Meltdown and Spectre broke, Intel’s public relations department applied maximum power to their damage control press release generators. ”

    Not making clear that Meltdown affected ONLY Intel.

  6. Intel is possibly the number one reason to hate corporate ‘culture’. The one and absolutely only reason to work for Intel is money. Every time I want to think of a reason that corporations are evil, I think of the fact I can’t drive 5 miles without passing three Intel campuses, yet I have never seen that conglomeration actually retain anyone I know as an employee. They just do the shuffle and next thing you know, there’s New Mexico license plates everywhere. Can I get you a list of my friends that company has chewed up and spat out?
    Intel was all “we’re going to make your city so much better and provide all these jobs” then didn’t do anything but help a ton of apartments get built and fill them with people from other states and countries.
    If I conducted my business like Intel does, I reckon I’d be lynched. They earned a security hack and worse. The only actual solution is to retire out the upper echelon of mongers and actually make good on those promises of retention and promotion.

    1. >Intel is possibly the number one reason to hate corporate ‘culture’.

      Mate, they have SO much competition in that category. I mean, huge, huge range of utterly evil arsehole companies.

      In a way they’re obligated to do it through the way the economy works. Companies are obliged to do what’s most profitable for their shareholders. If they do not, and a competitor does, then Nice Company will suffer, people won’t want their shares, and the company’s existence is threatened.

      It’s impossible for a publically traded company to do ANYTHING that might negatively impact profit. Not just cause a loss, but sub-optimum profit cannot be allowed. If ethics are free, then I suppose why not. Then it’s only the mountain of psychological issues that keep a company’s bosses from acting ethically! Otherwise, any time someone mentions “corporate responsibility” you should laugh, then go home and wash the piss off your trouser leg.

      Of course there’s stuff like Fairtrade food, but their ethics are being sold as part of the product. Their ethics are something their customers desire and will pay money for. Ethics that are profitable, they’re fine.

      Anyway… I don’t keep a list, but off the top of my head Monsanto is a good place to start, if you wanna browse evil corporations. But pretty much any big enough company will do. If they’re involved in finance, that’s a good place to find the worst of humanity. Medicine is another. Privatised medicine doesn’t even make sense!

      Intel sound like dicks, but really the stuff you describe is nursery-level Evil!

      1. Touche. I’m ever annoyed and disheartened with every little guy that takes their high quality product and sells out to the big corporations. Some of my favorite local brews are now Anhauser-Busch sterile and I tossed almost the last container of General Hydroponics product floating around from some time before they sold out.
        Indeed, every time the reasoning is profits, ethics are usually tossed out the window like a bag of fast food trash. Backing increases longevity and supports growth, so yeah, the problem really is just that a corporation is such by definition. Whadya do about it? Go fight to save the corporations in a cubicle, or 3D print your own guns and car in the garage!?

      2. “Companies are obliged to do what’s most profitable for their shareholders.”

        But that is a flaw in the Intel argument. Intel long ago screwed their “stockholders” by not paying dividends during profitable times, instead using the money to reward management as well as create new shares (diluting stockholder strength) which were only awarded to employees.

  7. The ENTIRE DRAM industry needs to go sit in a corner after Rowhammer.

    But it hasn’t. New memory chips are still vulnerable, last I heard.

    It’s my understanding that, if you refresh the memory at the specified timings, and sometimes you get out data different than what you stored, that means the chip is defective or the specification is wrong. Why aren’t we pressuring Micron et al, the way we’re pressuring Intel over this?

    1. Is it possible to do anything about Rowhammer? It seems like (far as I remember) an innate problem to DRAM. If there’s some better way of making DRAM, some new principle, I’m sure the chip makers would love to hear about it. If there’s nothing you can do, you just put up with it, and maybe try limit the problem in software, and perhaps a bit of extra hardware, where you can.

      I suppose you could get an OS to check how many times a process accesses certain addresses, keep an eye out for Rowhammers. Though I’ve an idea that that sort of behaviour isn’t built into MMUs. Sure a CPU can monitor memory accesses, but not every single one! At least at any sort of tolerable execution speed.

      Maybe some MB hardware or the DRAM interface on CPUs could do something to mitigate, again, keep track of recent RAM accesses and throw an exception if somebody starts being naughty. Or else an interrupt, or some kind of external DRAM monitoring stuff. Maybe DRAM itself could do it, but you’d need to adapt PCs to the new feature.

      1. OK I’ve thought about it and solved Rowhammer…

        On PC motherboards, randomly route the least significant few address bits from the CPU to the RAM. Whether that’s done on-die in the CPU or on-RAM or wherever in between doesn’t matter.

        That was, a program can’t select RAM addresses either side of their target address. Because they might be a few cells away.

        You could of course scramble as many address bits as you like, and it’d still work. But in the case of DRAM, page access and RAS / CAS play a large role in timing (and refresh). If it were SRAM it wouldn’t matter, but DRAM has limits.

        You could maybe do this on the motherboard. Probably easiest though to do it on-CPU since most now contain DRAM controlllers onboard. They could make the routing programmable like microcode is. So every PC will have different routing for some LSB address bits. Well, not every PC, but there’ll be, say, 32 variations to choose from. Or more, haven’t done the permutations.

        A program would have no way of knowing what physical RAM locations are adjacent, which is what Rowhammer relies on. Mmmmmmaybe there’d be a way of divining it, I suppose you could randomly hammer rows, then check to see where any damage shows up. It’s certainly make Rowhammer a lot slower and maybe less reliable though. To that, you could add detection for the relevant access patterns, and the relevant instructions used to access those addresses (ie loading and storing data is suspicious, loading opcodes probably not so much).

        If Intel want to throw millions at me, I’ll take their filthy money. If anyone has a reason why this doltish scheme won’t work, I’ll take that too!

  8. Seems to me that computers are fundamentally flawed. At some low level point you need full access to allow the system to function. And I don’t see how that can change. Maybe it’s time for thinking differently and using computers differently so that when a new exploit shows up the damage is limited simple because the attack surface is small. Again, no idea how and what this would look like. Maybe delete the internet and pretend it didn’t happen. LoL :-)

    1. Yeah but as long as the relevant processes are kept separate, it works fine. They’re not fundamenally flawed. Maybe Murphy’s Law, but that applies to everything.

      Low-level access is fine as long as it’s trusted code, ie the operating system you got from that huge corporation / those tetchy nerds. It’s in no way in insoluble, fundamental problem.

      This is just an obscure implementation bug. And it’s been around a long time, took this long for anyone to discover it. Like all the best discoveries, it’s obvious once you’ve been told about it. But completely unimaginable before. It can be fixed. Computers don’t have to be buggy pieces of shit, that’s just the low expectations Microsoft et al have programmed into you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.