Speculative execution vulnerable again; artificial neuron; multi-kilowatt contactless power.
Speculative execution vulnerable again
Computer scientists from the University of Virginia and University of California San Diego warn of a processor architecture vulnerability that gets around the techniques used to secure processors in the wake of Spectre.
In 2018, Spectre and the similar Meltdown vulnerability were announced. These types of attacks could allow malicious agents to exploit speculative execution (in which a processor predicts instructions it may receive and prepares to pull the instruction from memory) by getting a processor to predict instructions along an incorrect path and discern confidential information.
Since, various protective methods have been developed to protect vulnerable aspects of the speculative execution process. However, they focus on protecting a later stage of the process.
The newly-discovered vulnerability allows for exploits of the micro-op cache. The micro-op cache speeds up computing by storing simple commands and allowing the processor to fetch them early in the speculative execution process. The researchers said that micro-op caches have been built into Intel processors manufactured since 2011.
“Think about a hypothetical airport security scenario where TSA lets you in without checking your boarding pass because (1) it is fast and efficient, and (2) you will be checked for your boarding pass at the gate anyway,” said Ashish Venkat, assistant professor of Computer Science at UVA Engineering. “A computer processor does something similar. It predicts that the check will pass and could let instructions into the pipeline. Ultimately, if the prediction is incorrect, it will throw those instructions out of the pipeline, but this might be too late because those instructions could leave side-effects while waiting in the pipeline that an attacker could later exploit to infer secrets such as a password.”
Of the three attacks the researchers document in their paper, two can steal speculatively accessed information from Intel and AMD processors, they said.
“Intel’s suggested defense against Spectre, which is called LFENCE, places sensitive code in a waiting area until the security checks are executed, and only then is the sensitive code allowed to execute,” Venkat said. “But it turns out the walls of this waiting area have ears, which our attack exploits. We show how an attacker can smuggle secrets through the micro-op cache by using it as a covert channel.”
“In the case of the previous Spectre attacks, developers have come up with a relatively easy way to prevent any sort of attack without a major performance penalty” for computing, said Logan Moody, a Ph.D. student at UVA. “The difference with this attack is you take a much greater performance penalty than those previous attacks.”
Xida Ren, a Ph.D. student at UVA, added, “Patches that disable the micro-op cache or halt speculative execution on legacy hardware would effectively roll back critical performance innovations in most modern Intel and AMD processors, and this just isn’t feasible.”
In April, the team disclosed the vulnerability to the product security teams at Intel and AMD.
“It is really unclear how to solve this problem in a way that offers high performance to legacy hardware, but we have to make it work,” Venkat said. “Securing the micro-op cache is an interesting line of research and one that we are considering.”
The disclosure prompted a response from Intel. The chipmaker said no additional mitigation would be required if software developers write code using a method called “constant-time programming,” which is not vulnerable to side-channel attacks. The company also said programmers adhering to Intel’s secure coding guidance should be protected against most side-channel attacks; this guidance states that code should ensure runtime is independent of secret values, that code access patterns are independent of secret values, and that data access patterns are independent of secret values.
UVA’s Ashish Venkat followed up, saying that urging programmers to adopt constant-time programming isn’t enough. “Certainly, we agree that software needs to be more secure, and we agree as a community that constant-time programming is an effective means to writing code that is invulnerable to side-channel attacks,” Venkat said. “However, the vulnerability we uncovered is in hardware, and it is important to also design processors that are secure and resilient against these attacks. In addition, constant-time programming is not only hard in terms of the actual programmer effort, but also entails high performance overhead and significant deployment challenges related to patching all sensitive software. The percentage of code that is written using constant-time principles is in fact quite small. Relying on this would be dangerous. That is why we still need to secure the hardware.”
Artificial neuron
Researchers at University of California San Diego developed a new artificial neuron device to run neural network computations in less area and with less energy.
“Neural network computations in hardware get increasingly inefficient as the neural network models get larger and more complex,” said Duygu Kuzum, a professor of electrical and computer engineering at the UC San Diego Jacobs School of Engineering. “We developed a single nanoscale artificial neuron device that implements these computations in hardware in a very area- and energy-efficient way.”
The device implements a rectified linear unit, which relies on the device being able to gradually change resistance. The switch is a Mott transition, which takes place in a nanometers-thin layer of vanadium dioxide. Above this layer is a nanowire heater made of titanium and gold. When current flows through the nanowire, the vanadium dioxide layer slowly heats up, causing a slow, controlled switch from insulating to conducting.
“This device architecture is very interesting and innovative,” said Sangheon Oh, a Ph.D. student at UC San Diego. Typically, materials in a Mott transition experience an abrupt switch from insulating to conducting because the current flows directly through the material, he explained. “In this case, we flow current through a nanowire on top of the material to heat it and induce a very gradual resistance change.”
The team fabricated an array of the activation (or neuron) device, along with a synaptic device array. Then they integrated the two arrays on a custom printed circuit board and connected them together to create a hardware version of a neural network.
The researchers used the network to process an image using edge detection to demonstrate the ability to perform convolutions. They think more complex tasks, such as facial and object recognition, are possible. “Right now, this is a proof of concept,” Kuzum said. “It’s a tiny system in which we only stacked one synapse layer with one activation layer. By stacking more of these together, you could make a more complex system for different applications.”
Multi-kilowatt contactless power
Physicists at the Technical University of Munich, Würth Elektronik eiSos, Slovak Academy of Sciences, and Theva Dünnschichttechnik are working to make contactless power transmission more powerful.
Their system uses a coil with superconducting wires capable of transmitting power in the range of more than five kilowatts contactless and with only small losses. Contactless power transmission is currently used for cellphones and small household devices, but the team sees a future for it in charging industrial robots, medical equipment, and vehicles.
Typically, high-performance charging in the kilowatt range relies on copper coils. In this device, high-temperature superconducting coil windings are separated from one another by spacers. “This trick significantly reduces alternating current loss in the coil,” said Christoph Utschick of TUM. “As a result, power transmission as high as the kilowatt range is possible.”
The team chose a coil diameter for their prototype that resulted in a higher power density than is possible in commercially available systems. “The basic idea with superconducting coils is to achieve the lowest possible alternating current resistance within the smallest possible winding space and thus to compensate for the reduced geometric coupling,” said Utschick.
An important tradeoff was the distance between coil windings. Too large, and the power density is lowered. Too small, and superconduction would collapse. “We optimized the distance between the individual windings using analytical and numerical simulations,” said Utschick. “The separation is approximately equal to half the width of the tape conductor.”
The researchers plan to work on further increasing the amount of transmittable power. There is an issue with wide-scale applicability, however: the coils need constant cooling from liquid nitrogen, and the cooling vessels can’t be metal. “There is as yet no cryostat like this which is commercially available. This will mean an extensive amount of further development effort,” says Rudolf Gross, Professor for Technical Physics at the Technical University of Munich and Director of the Walther-Meissner-Institute of the Bavarian Academy of Sciences and Humanities. “But the achievements up to now represent major progress for contactless power transmission at high power levels.”
Leave a Reply