A year ago today, Intel coordinated with a web of academic and independent researchers to disclose a pair of security vulnerabilities with unprecedented impact. Since then, a core Intel hacking team has worked to help clean up the mess—by creating attacks of their own.

Known as Spectre and Meltdown, the two original flaws—both related to weaknesses in how processors manage data to maximize efficiency—not only affected generations of products that use chips from leading manufacturers like Intel, AMD, and ARM, but offered no ready fix. The software stopgaps Intel and others did roll out caused a slew of performance issues.

On top of all of this, Meltdown and particularly Spectre revealed fundamental security weaknesses in how chips have been designed for over two decades. Throughout 2018, researchers inside and outside Intel continued to find exploitable weaknesses related to this class of "speculative execution" vulnerabilities. Fixing many of them takes not just software patches, but conceptually rethinking how processors are made.

"In the past no one was aware of these issues, so they weren’t willing to sacrifice any performance for security." Jon Masters, Red Hat

At the center of these efforts for Intel is STORM, the company's strategic offensive research and mitigation group, a team of hackers from around the world tasked with heading off next-generation security threats. Reacting to speculative execution vulnerabilities in particular has taken extensive collaboration among product development teams, legacy architecture groups, outreach and communications departments to coordinate response, and security-focused research groups at Intel. STORM has been at the heart of the technical side.

"With Meltdown and Spectre we were very aggressive with how we approached this problem," says Dhinesh Manoharan, who heads Intel's offensive security research division, which includes STORM. "The amount of products that we needed to deal with and address and the pace in which we did this—we set a really high bar."

Intel's offensive security research team comprises about 60 people who focus on proactive security testing and in-depth investigations. STORM is a subset, about a dozen people who specifically work on prototyping exploits to show their practical impact. They help shed light on how far a vulnerability really extends, while also pointing to potential mitigations. The strategy helped them catch as many variants as possible of the speculative execution vulnerabilities that emerged in a slow trickle throughout 2018.

"Every time a new state of the art capability or attack is discovered we need to keep tracking it, doing work on it, and making sure that our technologies are still resilient," says Rodrigo Branco, who heads STORM. "It was no different for Spectre and Meltdown. The only difference in that case is the size, because it also affected other companies and the industry as a whole."

Evolving Response

Intel received industry criticism—especially early in 2018—for haphazard communication, and for pushing some bad patches as the company attempted to steer the Spectre and Meltdown ship. But researchers who have been heavily involved in speculative execution vulnerability response outside of Intel say that the company has largely earned back goodwill through how relentless it has been in dealing with Spectre and Meltdown.

"New things will be found no matter what," says Jon Masters, an architecture specialist at the open source enterprise IT services group Red Hat, which was recently acquired by IBM. "But in the past no one was aware of these issues, so they weren’t willing to sacrifice any performance for security. Now, for Intel, security is not just a checkbox but a key feature, and future machines will be built differently."

By some estimates, the process of adding fundamental speculative execution defense to Intel chips will take four to five years. In the meantime, in addition to patches for legacy processors Intel added its first physical defenses to its 2019 chips announced in October. But fully reconceptualizing the chips to physically defend against speculative execution attacks by design will take time. "A complete microarchitecture design from scratch is not done that often," Masters says.