, 11 tweets, 6 min read Read on Twitter
Speculative Side-Channel Attacks is misleading terminology and usually used incorrectly. We should all avoid using it and @intel, you should avoid using it too. Not only because it is misleading, but because it hinders successful communication on mitigations.
Let me elaborate:
A side-channel attack uses measurements of side effects to gather enough *meta data* (power consumption, runtime, cache state, etc) to *infer* secret information.
#meltdown #spectre #zombieload and related attacks and variants do not leak meta data. They leak the actual data.
There is no need to infer secret information from meta data, there is no meta data involved. Hence, they are *no side-channel attacks*.

"But they use flush+reload". Sure, but that doesn't make the attack a side-channel attack. Let's assume the following:
You have a bug in $cloud which allows you to run a program in another tenants VM. Full privileges but no network access for the process. You decide to exfiltrate the data via a cache covert channel. Does that make the entire attack a side-channel attack? Clearly not.
So what about speculative. #spectre exploits speculative execution. #meltdown does not, #zombieload does not. Speculative execution refers to execution based on a prediction. In #meltdown and #zombieload there are no predictions involved.
Now I've heard various arguments why it still must be speculative execution. "But the CPU speculates that the instruction won't fault".
Well, but then any strict in-order pipeline must be called speculative execution: fetch and decode happen before we know what happens next.
Another one: "speculation is just a normal English word and it naturally includes all these attacks because it just refers to anything that is not yet certain."
Exactly. It's imprecise, and it is wrong for many attacks including #meltdown and #foreshadow and #zombieload.
When the processor forwards the data in these attacks it often *knows* that this data is not the right one. It is not speculating. It knows that it's incorrect and still does it.

Now, to the last part: why would we care and why should @intel care?
Because: Many of these attacks are almost trivial to mitigate (possibly with new silicon required) - there are silicon fixes for #meltdown #Foreshadow and #zombieload.
All these (we call them meltdown-type) attacks can be eliminated at little or no cost.
The case of #spectre and speculative execution is different. Here, the processor does not do any wrong things, it does not forward the wrong data, it does exactly what we want the CPU to do. It just speculates, to gain performance.
This is a problem well beyond some CPU design.
Keep them separate in communication: one class is just bug fixing, the other requires fundamental design changes.
Mixing them suggests incorrectly that #meltdown-type attacks are just as fundamental design problems and just as "unfixable" as #spectre and not fixable bugs.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Daniel Gruss
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!