OK, I am late to the party. In fact, I started the first draft of this post on January 25, 2018 🙈
Since then, a lot has happened, but it is safe to say that the whole bug class that was introduced with Meltdown and Spectre is still going strong even more than 6 years later.
On the plus side, such side-channel-attacks typically have a very low bandwidth. In other words, it takes a long time to exfiltrate reasonable amounts of data.
In my opinion, the press poorly explained what is behind the Metdown and Spectre attacks. This was the Original Publication
Red Hat provided this excellent analogy: the baristas at your coffee shop optimize in that they prepare the usual beverage for frequent customers and they even write the names of the customers to the cup. When the customers switch places, they have to throw away the cups with the coffee inside. However: the onlooker is able to get a glimpse of the names on the cups.
An early question was if Intel SGX Eclaves be used to conceal this kind of attack? Daniel Gruss et al. looked at this and found that indeed, SGX play well together with this bug class, which is bad news for all Hyperscalers.
Keine Kommentare:
Kommentar veröffentlichen