Processor Security Issue: Intel Says Processors Working As Designed


Printer-friendly version Email this CRN article

Intel said the processor side-channel analysis security issues known as Spectre and Meltdown are not a result of flaws in processors, which are performing as designed.

The issues, which many in the industry have blamed on Intel's processor design, instead stem from side-channel analysis, which Intel said impacts most modern processors.

Steve Smith, Intel's corporate vice president and general manager for data center engineering, late Wednesday told financial analysts that the security issues lie in the approach researchers used to compromise a system, and not in the processors themselves.

[Related: 7 Things You Need To Know About Spectre And Meltdown Security Exploits]

"The processor is, in fact, operating as it is designed," Smith said. "And in every case, it's been this side-channel approach that the researchers used to gain information even while the processor is executing normally its intended functions."

Side-channel analysis, as defined by Intel, is "some observable aspect of a computer system’s physical operation, such as timing, power consumption or even sound" which can be analyzed to potentially expose sensitive data on computer systems that are operating as designed.

According to a blog post from the Google Project Zero team, one of the first research teams to notice the potential impact of the side-channel analysis issue in processors from Intel, AMD, and ARM Holdings, there are three possible ways it could be exploited, based on proofs-of-concept tests it developed.

Two of those variants are known as Spectre and include one that under certain circumstances be used to leak Linux kernel memory and another that could change how an application works based on the contents of memory.

The third, known as Meltdown, could let an application read kernel memory from userspace without misdirecting the control flow of kernel code, the Google Project Zero team wrote.

"Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01," the Project Zero team wrote.

Processors tested by the Project Zero team include the "Haswell" Intel Xeon CPU E5-1650 v4 at 3.5-GHz, the AMD FX-8320 eight-core processor, and the ARM Cortex "A57 from a Google Nexus 5x phone.

Printer-friendly version Email this CRN article