Abstract
Threat actors continue to design exploits that specifically target physical weaknesses in processor hardware rather than more traditional software vulnerabilities. The now infamous attacks, Spector and Meltdown, ushered in a new era of hardware-based security vulnerabilities that have caused some experts to question whether the potential cybersecurity risks associated with simultaneous multithreading (SMT), also known as hyperthreading (HT), are potent enough to outweigh its computational advantages. A small pool of researchers now touts the need to disable SMT completely. However, this appears to be an extreme reaction; while a more security focused environment might be inclined to disable SMT, environments with a greater level of risk tolerance that may need the performance advantages offered by SMT to facilitate business operations, should not disable it by default and instead evaluate software application-based patch mitigations. This paper provides insights that can help make informed decisions when determining the suitability of SMT by exploring key processes related to multithreading, reviewing the most common exploits, and describing why Spectre and Meltdown do not necessarily warrant disabling HT.
Highlights
The news fervor regarding hardware-based vulnerabilities has begun to subside, the potential risk to unprotected systems remains just as relevant
The infamous attacks, Spector and Meltdown ushered a new era of hardware-based security exploits by attacking vulnerabilities in computer processor hardware instead of attacking software vulnerabilities
[1] He went on to explain that the risk of side-channel attacks like Spectre and Meltdown are dangerous enough to warrant disabling Hyper-threading on all computers running OpenBSD OS [2]
Summary
The news fervor regarding hardware-based vulnerabilities has begun to subside, the potential risk to unprotected systems remains just as relevant. The infamous attacks, Spector and Meltdown ushered a new era of hardware-based security exploits by attacking vulnerabilities in computer processor hardware instead of attacking software vulnerabilities Following their disclosure, Intel and AMD scrambled to quickly release firmware patches to their processors in order to mitigate the potential risk of exploitation. The following provides insights that can help architects make informed decisions when determining the suitability of SMT by exploring key processes related to SMT, reviewing prominent SMT exploits, and describing why Spectre and Meltdown does not necessarily warrant disabling SMT. Building this case, the remainder of the paper will first provide a high-level description of the key processes and components involved during speculative execution. Leveraging the Common Vulnerability Scoring System, provide a methodology to characterize these exploits‟ severity
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have