Intel Analysis of Speculative Execution Side Channels

Revision 1.0 January 2018 Document Number: 336983-001 Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No computer system can be absolutely secure. Check with your system manufacturer or retailer or learn more at www.intel.com. No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. This document contains information on products, services and/or processes in development. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest forecast, schedule, specifications and roadmaps. The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request. Intel disclaims all implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps. Copies of documents which have an order number and are referenced in this document may be obtained by calling 1-800-548-4725 or by visiting www.intel.com/design/literature.htm. Intel, and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. *Other names and brands may be claimed as the property of others Copyright © 2018, Intel Corporation. i Document Number: 336983-001, Revision 1.0 Contents 1 2 3 4 5 Introduction ................................................................................................... 1 Speculative Execution Side Channel Methods ................................................. 2 2.1 Speculative Execution ............................................................................ 2 2.2 Side Channel Cache Methods .................................................................. 2 2.2.1 Bounds Check Bypass ................................................................. 3 2.2.2 Branch Target Injection ............................................................... 3 2.2.3 Rogue Data Cache Load .............................................................. 3 Mitigations ...................................................................................................... 4 3.1 Bounds Check Bypass Mitigation .............................................................. 4 3.2 Branch Target Injection Mitigation ........................................................... 4 3.3 Rogue Data Cache Load Mitigation ........................................................... 5 Related Intel Security Features and Technologies .......................................... 6 4.1 Intel® OS Guard ................................................................................... 6 4.2 Execute Disable Bit ................................................................................ 6 4.3 Control flow Enforcement Technology (CET) .............................................. 6 4.4 Protection Keys ..................................................................................... 6 4.5 Supervisor-Mode Access Prevention (SMAP) .............................................. 7 Conclusions .................................................................................................... 8 § ii Document Number: 336983-001, Revision 1.0 Revision History Document Number 336983-001 Revision Number 1.0 Initial release. Description § Date January 2018 iii Document Number: 336983-001, Revision 1.0 1 Introduction Intel is committed to improving the overall security of computer systems through hardware and software. As detailed by Google Project Zero, https://googleprojectzero.blogspot.com/, a new series of side-channel analysis methods have been discovered that potentially facilitate access to unauthorized information. These methods rely on common properties of both high-performance microprocessors modern operating systems and susceptibility is not limited to Intel processors, nor does it imply the processor is working outside its intended functional specification. All of the methods take advantage of speculative execution, a common technique in processors used to achieve high performance. Intel is working closely with our ecosystem partners, as well as with other silicon vendors whose processors are affected, to design mitigations for these methods. This white paper provides information on the methods that have been documented by Google Project Zero and describes