Announcement

Collapse
No announcement yet.

Google Engineer Shows "SESES" For Mitigating LVI + Side-Channel Attacks - Code Runs ~7% Original Speed

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Google Engineer Shows "SESES" For Mitigating LVI + Side-Channel Attacks - Code Runs ~7% Original Speed

    Phoronix: Google Engineer Shows "SESES" For Mitigating LVI + Side-Channel Attacks - Code Runs ~7% Original Speed

    Disclosed last week was the Load Value Injection attack affecting Intel CPUs and requiring new mitigations. While the GNU Assembler mitigation options were quickly added, on the LLVM toolchain side the developers there continue evaluating the proposed LVI mitigation along with another option that looks to mitigate more than just LVI. The "SESES" proposal looks more broadly at mitigating CPU side-channel vulnerabilities but with shattering performance hits...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Wow, what a joke Intel processors look like now.

    Comment


    • #3
      Looks good. Merge to master.

      Comment


      • #4
        ..and enable by default! LGTM!

        Comment


        • #5
          Intel was simply cheating us. I don't believe they're so incompetent.

          Comment


          • #6
            At this point it seems like the only actual mitigation for those with severe paranoia (like hardware holding classified data), is to move to an architecture that doesn't have Spectre attacks. Mitigations are not cures. Mitigations just make it harder to exploit the problem, not bar exploitation entirely. Right now, that's only certain ARM 32 CPUs, and perhaps MIPS. Even OpenPOWER was hit by Spectre problems though not as badly as Intel's CPUs. I'd really like to see Google's Red Team dig into the POWER 9 CPUs to see if they are a viable, if expensive, alternative for actual security, and not just the market-speak from Talos and IBM.

            Comment


            • #7
              Originally posted by stormcrow View Post
              At this point it seems like the only actual mitigation for those with severe paranoia (like hardware holding classified data), is to move to an architecture that doesn't have Spectre attacks. Mitigations are not cures. Mitigations just make it harder to exploit the problem, not bar exploitation entirely. Right now, that's only certain ARM 32 CPUs, and perhaps MIPS. Even OpenPOWER was hit by Spectre problems though not as badly as Intel's CPUs. I'd really like to see Google's Red Team dig into the POWER 9 CPUs to see if they are a viable, if expensive, alternative for actual security, and not just the market-speak from Talos and IBM.
              To be fair AMD still has extremely few sidechannel attacks and none that are serious... the one hitting the news a week or so ago doesn't even have a proof of concept and was "discovered" in simulation... not on real hardware.

              Comment


              • #8
                Originally posted by Volta View Post
                Intel was simply cheating us. I don't believe they're so incompetent.
                They always knew about it, but they thought they could get away with it. And, frankly, they are.

                Comment


                • #9
                  With that much of a performance hit probably should just leave it as a flaw. Not much reason to have a processor that gets slow as a boat after patches. People should just throw them out at that lame point

                  Comment


                  • #10
                    Originally posted by stormcrow View Post
                    At this point it seems like the only actual mitigation for those with severe paranoia (like hardware holding classified data), is to move to an architecture that doesn't have Spectre attacks. Mitigations are not cures. Mitigations just make it harder to exploit the problem, not bar exploitation entirely. Right now, that's only certain ARM 32 CPUs, and perhaps MIPS. Even OpenPOWER was hit by Spectre problems though not as badly as Intel's CPUs. I'd really like to see Google's Red Team dig into the POWER 9 CPUs to see if they are a viable, if expensive, alternative for actual security, and not just the market-speak from Talos and IBM.
                    It could be that arm and mips have some designs not affected,
                    But I believe that the future is VLIW..

                    We cannot afford CPUs to have performance of micro-controllers( when working correctly ), nowadays..
                    Last edited by tuxd3v; 20 March 2020, 10:08 PM.

                    Comment

                    Working...
                    X