With the upgrade and intensification of the “chip vulnerability door” triggered by the two CPU vulnerabilities of Meltdown and Spectre, the market value of Intel and AMD has shrunk and shrouded in the haze over CES2018. Apple has encountered multiple class actions. The series of events is still fermenting, and the troubles are increasing. The entire industry has never felt the pressure from chip safety ever.
The cause of the chip gate
On January 3, 2018, Jann Horn, a researcher of the security team Google ProjectZero, announced two sets of chip breaches, Meltdown and Spectre, on their organization's official blog, respectively corresponding to the global unified vulnerability database CVE-2017-5754, CVE-2017-5753/CVE- 2017-5715. Meltdown's discoverers included three independent groups. The CyberusTechnology team and the Graz Technical University team reached similar conclusions.
The causes of the two groups of vulnerabilities are two characteristics that the chip manufacturer has introduced for a long time to improve the efficiency of CPU execution: Out-of-OrderExecution and SpeculativeExecution. Humans applied the great ideas of the 20th century engineering to computer science. Modern processors are different from the sequential instruction execution of early processors in order to improve the execution efficiency. The relevance analysis of instruction execution is followed by out-of-order parallel processing, which greatly improves the CPU performance. This design idea relies on the Intel processor's three-level cache architecture, sharing cache design between threads.
In order to ensure the accuracy of parallel execution, the processor performs a security check on the execution instructions and only the instructions that comply with the current user authority can be executed. However, there is a window period in which instructions that are loaded into the cache do not receive security checks during a period of parallel execution, and those that are discarded are not reset in the cache. Speculative execution differs from out-of-order execution in performance improvement methods, but the state of instructions in the cache is similar. Therefore, the objects in the cache become the targets of the well-known side channel attacks. The attacker obtains private data by extrapolating the information in the cache non-positively.
How the chip door is fermented
Reportedly, Jann Horn reported the issue to the three major chip makers in June 2017. It may be based on investor and shareholder pressures. The chip makers' responses are ambiguous and the processing results are relatively poor until the vulnerability was disclosed in January of this year. One stone provoked thousands of layers of waves, and the overwhelming inconvenience ensued, and anyone could finally escape.
At first, Intel was the first to suffer. Older rivals AMD claimed to be different from Intel's processor architecture after initial investigation. The impact of this security flaw on its own processor products was almost zero. However, soon after a heavy blow hit AMD's face, the vulnerability issuer and the tester immediately announced that the AMD processor was also affected, and ARM and Nvidia were not spared. Intel CEO Keziqi issued an open letter calling on all chip makers to join forces with related parties in the industry. This time they finally "worked well" and worked together.
A few days after the event was fermented, Intel announced updates for major operating systems. These updates will cover more than 90% of Intel's chips in the past five years. AMD from the beginning to bite the "architecture is different" do not relax and slowly admitted that "may be affected by Spectre", and then silently update the patch. Really is proud of it! The most influential cloud Linux distributions have released kernel security patches one after another. Microsoft is also very busy to save Windows10. Google announced that it had "elegantly evaded" some of its own products. Who knows what it did? At 2018 CES, all of you were tired and looked at (bitter) laughter.
Impact of the chip gate
In January, the industry's "core" was exhausted, and Meltdown and Spectre became the most profound and extensive epic security loopholes in history. Although there is still no safe case involving the vulnerability, its influence and reach have not yet been discussed. Enough to make the whole industry shiver.
Meltdown and Spectre also affected the entire series of Intel processors after 1995 except for Itanium and Atom. The latter also affected AMD, ARM, and Nvidia's chip products, affecting almost the entire computer processor world. Affected operating systems include Windows, Linux, MacOS, and Android. Scientific and technological enterprises in the hardest-hit areas also include cloud computing giants such as Microsoft, Amazon, and Google.
Although the corresponding patch for the recent vendor update has become an urgent issue, it has caused a 30% reduction in processor performance, which is equivalent to a regression of the global CPU technology process by at least five years.
In addition to being forced to trade off between performance and security, and more importantly, chip security has shaken the original computer architecture itself. In the 21st century, when human beings need resources for the development of artificial technologies such as vibrant artificial intelligence, the sound of reconstructing the modern computer architecture will continue to surface again after more than half a century.
Fiber Optic Cable Patchcord,Optic Cable Patchcord,Optical Fiber
TTI Fiber Communication Tech. Co., Ltd. , http://www.gdfiberoptic.com
没有评论:
发表评论