Intel researchers propose Speculative-Access Protected Memory (SAPM)

Posted on Thursday, October 03 2019 @ 11:03 CEST by Thomas De Maesschalck
INTC logo
In a new research paper, Intel engineers propose the creation of a Speculative-Access Protected Memory (SAPM). The company's STrategic Offensive Research & Mitigations (STORM) team came up with the idea to replace the existing CPU memory with a more secure memory standard that will prevent speculative execution side-channel attacks like Spectre.

At the start of 2018, a shockwave went through the computer industry after researchers publicly disclosed the existence of the Meltdown and Spectre CPU security vulnerabilities. Since that date, various other attacks have been found as this was an area of security that, until that point, didn't receive a lot of scrutiny. The speculative execution side-channel attacks pose a big headache in situations where a lot of users share the same computer resources, like hosting services or cloud service providers.

Tom's Hardware has more details about SAPM over here, but keep in mind that this is still all on the theoretical level. The paper offers some possible implementation options but at the moment there's still a lot of work until this can actually be implemented.
The STORM researchers said that most Spectre-class attacks tend to perform the same sort of action in the “back-end.” SAPM will deal with this type of attack by blocking those back-end actions by default. This should not only prevent known speculation execution side-channel attacks from working, but also potential future ones.
The paper mentions that SAPM would result in a performance hit, but it could be less than the performance impact of all the software-based fixes that have been rolled out so far:
"Although the performance cost for each memory access to SAPM is relatively big, considering such operations shall only be a very small portion of the total software execution, the overall performance overhead is expected to be low and potentially less than the performance impact of current mitigations," the paper says.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments