Intel Analysis of Speculative Execution Side Channels
Revision 1.0
January 2018
Document Number: 336983-001
Intel technologies’ features and benefits depend on system configuration and may require enabled hardware,
software or service activation. Performance varies depending on system configuration. No computer system can be
absolutely secure. Check with your system manufacturer or retailer or learn more at www.intel.com. ...
No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this
document.
This document contains information on products, services and/or processes in development. All information
provided here is subject to change without notice. Contact your Intel representative to obtain the latest forecast,
schedule, specifications and roadmaps.
The products and services described may contain defects or errors known as errata which may cause deviations
from published specifications. Current characterized errata are available on request.
Intel disclaims all implied warranties, including without limitation, the implied warranties of merchantability, fitness
for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course
of dealing, or usage in trade.
All information provided here is subject to change without notice. Contact your Intel representative to obtain the
latest Intel product specifications and roadmaps.
Copies of documents which have an order number and are referenced in this document may be obtained by calling
1-800-548-4725 or by visiting www.intel.com/design/literature.htm.
Intel, and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries.
*Other names and brands may be claimed as the property of others
Copyright © 2018, Intel Corporation.
i
Document Number: 336983-001, Revision 1.0
Contents
1 2
3
4
5
Introduction ................................................................................................... 1
Speculative Execution Side Channel Methods ................................................. 2
2.1 Speculative Execution ............................................................................ 2
2.2 Side Channel Cache Methods .................................................................. 2
2.2.1 Bounds Check Bypass ................................................................. 3
2.2.2 Branch Target Injection ............................................................... 3
2.2.3 Rogue Data Cache Load .............................................................. 3
Mitigations ...................................................................................................... 4
3.1 Bounds Check Bypass Mitigation .............................................................. 4
3.2 Branch Target Injection Mitigation ........................................................... 4
3.3 Rogue Data Cache Load Mitigation ........................................................... 5
Related Intel Security Features and Technologies .......................................... 6
4.1 Intel® OS Guard ................................................................................... 6
4.2 Execute Disable Bit ................................................................................ 6
4.3 Control flow Enforcement Technology (CET) .............................................. 6
4.4 Protection Keys ..................................................................................... 6
4.5 Supervisor-Mode Access Prevention (SMAP) .............................................. 7
Conclusions .................................................................................................... 8
§
ii
Document Number: 336983-001, Revision 1.0
Revision History
Document Number
336983-001
Revision Number
1.0
Initial release.
Description
§
Date
January 2018
iii
Document Number: 336983-001, Revision 1.0
1
Introduction
Intel is committed to improving the overall security of computer systems through hardware and
software. As detailed by Google Project Zero, https://googleprojectzero.blogspot.com/, a new series of
side-channel analysis methods have been discovered that potentially facilitate access to unauthorized
information. These methods rely on common properties of both high-performance microprocessors
modern operating systems and susceptibility is not limited to Intel processors, nor does it imply the
processor is working outside its intended functional specification. All of the methods take advantage of
speculative execution, a common technique in processors used to achieve high performance.
Intel is working closely with our ecosystem partners, as well as with other silicon vendors whose
processors are affected, to design mitigations for these methods.
This white paper provides information on the methods that have been documented by Google Project
Zero and describes
Read the full Intel Analysis of Speculative Execution Side Channels.