TU Graz/ TU Graz/ Services/ News+Stories/

TU Graz researchers discover serious security vulnerabilities

04 Jan 2018 | Media service | Spotlight | Newsletter research monthly | News+Stories | TU Graz News

By Birgit Baustädter

An 10-strong international team of researchers – including researcher from TU Graz – has revealed two new vulnerabilities in computer processors: Meltdown and Spectre. PCs, server and cloud services are affected. A patch could help.

Four man are standing behind a black computer screen with white letters on it.
Michael Schwarz, Daniel Gruss, Stefan Mangard and Moritz Lipp from TU Graz were chiefly involved in the recent descovery of devastating vulnerabilities in computer processors.

Around the turn of the year speculation was rife about new, serious vulnerabilities that could affect all modern microprocessors. Now it is official: two newly-discovered exploits, Meltdown and Spectre, could allow unauthorised users to gain direct access to kernel memory, at the heart of computer systems. The issue was discovered by an 10-strong international research team, in which Graz University of Technology’s Institute of Applied Information Processing and Communications plays a central role. Both exploits take advantage of a central operating principle of fast processors. Intel, AMD and ARM processors are chiefly affected.

Meltdown“ and „Spectre“ info site.

Simple code with devastating consequences

“Meltdown is a very simple exploit – only four lines of code are needed to gain access,” explained Moritz Lipp, Michael Schwarz, Stefan Mangard and Daniel Gruss from TU Graz. “Spectre is significantly more labour-intensive, and consequently more difficult to protect against. It uses the code itself to trick the system into giving up its secrets.” The vulnerabilities affect private computers as well as most server infrastructure and cloud-based services currently in use.

In order for computer systems to work faster, modern processors perform calculations in parallel rather than sequentially. In parallel to lengthy tasks, the processor attempts to predict the next steps that will be required and prepare for them. “For performance reasons, at that point no check is made as to whether the program accessing data actually has permission to do so,” the Graz researchers explained. If a predicted step is not required, or if permissions are not present, the processor discards the preparations it has made. This preparation phase can be exploited to read data from the kernel – for example passwords saved in commonly used browsers.

Patch from Graz protects against Meltdown exploit

KAISER, a patch developed by the Graz researchers at the institute, is designed to help secure the vulnerabilities. Because attacks would be directed against hardware but carried out via software, developers from the major IT companies have adapted and further developed their proposal, and are delivering patches with their latest security updates. “The update affects the central functions of fast processors, and could make a difference especially in terms of speed,” explained Gruss, Lipp, Mangard and Schwarz. “Nevertheless, we would appeal to all users to install these updates. The largest providers of cloud and server solutions will implement them in the coming days.” Manufacturers still have work to do to solve the problem in the hardware itself – especially since the patch is effective against Meltdown, but not against the Spectre exploit.

The research was done in the framework of the ERC-funded project “SOPHIA”.  

Information

The international team is made up of researchers from Graz University of Technology, the independent researcher Paul Kocher, the University of Pennsylvania, the University of Maryland, Cyperus Technology, Rambus, the University of Adelaide and Data61.

Their research was published in two different papers. The papers on Meltdown and „Spectre“ can be downloaded directly and can also be found on the information website about these serious vulnerabilities.

Contact

Daniel GRUSS
Dipl.-Ing. Dr.techn. BSc
TU Graz | Institute of Applied Information Processing and Communications
Phone: +43 316 873 5544
daniel.grussnoSpam@iaik.tugraz.at