SAN FRANCISCO -- Five months after his vulnerability discovery rocked the technology industry, security researcher...

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

Paul Kocher shared his thoughts on the Spectre flaws, the mitigation efforts, the troubled vulnerability disclosure process and the difficult road ahead for modern processor development.

Kocher, an independent security researcher and consultant, spoke at RSA Conference 2018 on Tuesday and is one of two people who discovered the Spectre flaws in 2017 -- Jann Horn of Google's Project Zero also independently discovered the vulnerabilities, along with the Meltdown flaw.

Like the Meltdown vulnerability affecting Intel chips, Spectre flaws abuse speculative execution, which was designed to speed up processor performance. The crux of the issue, Kocher said, is speculation execution is so deeply ingrained in modern processor design that it's virtually impossible to remove. "If you build a processor the way textbooks tell you to do it to make it fast, you're going to build an insecure processor as a consequence," he said.

That fact has made short-term mitigation of the Spectre flaws, as well as long-term solutions, extremely challenging, Kocher said.

Mitigation efforts "The mitigation for Spectre is extremely messy," Kocher said, adding that the fixes that have been introduced so far are not long-term solutions to the underlying issue. Software vendors like Microsoft could put fixes for the Spectre vulnerabilities in the source code for any conditional branch path that might lead to something going wrong; Kocher called these "speculation barriers." But if those barriers are placed in every conceivable spot within the source code that might be vulnerable to the flaws, it will destroy performance. And if they are not applied, attackers will still be able to exploit the Spectre flaws. "You're kind of damned if you do, damned if you don't," Kocher said. As a result, vendors have to carefully pick and choose where they apply the fixes. Besides operating systems, he said, it's much harder to apply Spectre fixes to other types of modern software, such as databases and web servers, because those programs are used to receive data from untrusted sources. Hardware vendors, on the other hand, have applied microcode updates that modify the way the branch predictor works in the processor, but Kocher said those modifications have led to stability problems for the chips. Kocher called these fixes "a fairly unsatisfactory solution," because the microcode updates are only available to the operating system and not applications on the affected system. They also lead to performance hits. While Intel's microcode updates have had significant issues, Kocher said he'd rather have mitigations that come with problems than no mitigations at all, criticizing Arm Holdings' lack of response to Spectre.

The roadmap ahead Is Spectre even a bug? Kocher said he's had conversations with several people about that question. On one hand, all of the elements involved in speculative execution are working the way they were designed to work. But regardless of whether speculative execution is working correctly or not, the issue remains. "It's a lot of eager implementation of things to make stuff faster, but not necessarily a lot of thinking about the true consequences of putting these elements together," he said. That complicates long-term remediation efforts, Kocher said, because chipmakers will never abandon speculative execution, as it's become so intrinsic to processor performance. However, he offered some advice for the audience for short-term mitigation, starting with regularly applying updates as they become available. Kocher also recommended improving process separation within enterprise infrastructure and to be "especially cautious about hyperthreading," because he said he expects more side-channel attacks that exploit that feature are coming in the near future. But the bad news, according to Kocher, is chipmakers need to drastically alter their product roadmaps and fundamentally change how they design processors. Long term, all chips will need to be designed and built with security in mind; otherwise, the pursuit of faster speeds and performance gains is going to lead to more Spectre-like vulnerabilities.