Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attacking Multicore CPUs

Posted by CmdrTaco on from the i-just-use-a-mallet dept.

Ant writes "The Register reports that the world of current multi-core central processing units (CPUs) just entered is facing a serious threat. A security researcher at Cambridge disclosed a new class of vulnerabilities that takes advantage of concurrency to bypass security protections such as anti-virus software The attack is based on the assumption that the software that interacts with the kernel can be used without interference. The researcher, Robert Watson, showed that a carefully written exploit can attack in the window when this happens, and literally change the "words" that they are exchanging. Even if some of these dark aspects of concurrency were already known, Watson proved that real attacks can be developed, and showed that developers have to fix their code. Fast..."

13 of 167 comments (clear)

  1. Fast? by JordanL · · Score: 5, Insightful

    and showed that developers have to fix their code. Fast...
    Ummm... no. In a world where the list of things that most developers need to fix is quite lengthy, some of which renders your average app unusable or even dangerous, fixing an exploit of a hardware configuration which has no proven virii in the wild is not at the top of the list.

    Yes, it's important to be proactive. No, such a difficult and obscure attack is not something that is priority one.
    --
    FanFictionRecs.net
    1. Re:Fast? by Anonymous Coward · · Score: 5, Informative

      "No, such a difficult and obscure attack is not something that is priority one"

      Thread one sends a command to the OS and knowing that it will take time x to complete

      Thread two waits (x-d) before overwriting the buffer used to store the command (after the OS has checked it for validity, but before the OS has actually processed it)

      what's obscure about that?

    2. Re:Fast? by Anonymous Coward · · Score: 5, Funny

      Perfect, another moron who thinks idiot is plural.

    3. Re:Fast? by g0dsp33d · · Score: 4, Insightful

      I agree. If you read the article, you'll notice that such attacks as "This was possible on both uniprocessor systems and multiprocessor systems." Also, it has been known since at least 1998. I'm guessing its not that big of a deal, because exploit code would be difficult, there are easier targets, and lastly because anti-virus software could probably still look for the code(not in real time, but only when its infected on disk or transit).

      --
      lol: You see no door there!
    4. Re:Fast? by Foolhardy · · Score: 4, Interesting
      If that's all it is, Windows NT (and its later incarnations like XP and Vista) aren't vulnerable because kernel components facing user mode are always expected to make copies of user arguments before they're validated and used. Since the NT kernel is preemptable this would be a problem even on single CPU machines because the thread handling the syscall could be interrupted by the scheduler to execute another thread while the first was validating the arguments. Only data that is treated opaquely (e.g. a buffer to write to a file) can be accessed directly safely. This has been known and accounted for since NT was originally designed. Of course, that doesn't rule out the possibility of 3rd party developers not following the rules.

      From Common Driver Reliability Issues: User-Mode Addresses in Kernel-Mode Code

      Be prepared for changes to the contents of user-mode memory at any time; another user-mode thread in the same process might change it. Drivers must not use user-mode buffers as temporary storage, or expect the results of double fetches to yield the same results the second time.
  2. Again? by DeHackEd · · Score: 5, Informative

    Looks like a variation (or maybe a dup) of this.

  3. Damn it by Frogbert · · Score: 5, Funny

    You see, Its these kind of computing professionals that make me feel like a fraud when people call me a computer genius.

    Stop raising the bar you tool!

  4. Neither submitter nor editor RTFA...? by perrin · · Score: 4, Informative

    It seems that neither the submitter nor the slashdot editor read the article in question. The attack is not specific to multi-core systems, and it works only against programs that wrap system calls to add additional system protection. So it does not pierce through standard OS security, and you already need to have execution privileges. The writeup is just hype and FUD, IMHO.

  5. The example they give is wrong by A+beautiful+mind · · Score: 4, Insightful

    to bypass security protections such as anti-virus software
    Anti-virus software isn't by any means "security protection", especially the type that works on a heuristical basis. They are simply long lists of known to be disadvantageous programs and a daemon that tries to match the list to data on the system.

    Sure, they might offer some kind of bandaid for systems operated by people who do not have the necessary knowledge to operate a computer, but it is first and foremost a security theater and it does more harm than good by providing a false sense of security.

    There are two solutions to the problem by the way. The former is educate the users and the latter is to switch to linux. No, seriously. The important part isn't linux, but switching away from a monoculture preferably to a desktop environment that is ruled by at least 3-4 systems that are different from each other and they are interoperating in well defined ways with each other. That way, you can get the platform (the systems it can possibly infect) down for a virus to a threshold where the percentage is simply too low for it to be able to spread.
    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
    1. Re:The example they give is wrong by tgd · · Score: 4, Insightful

      There's a billion PCs in the world -- if you think four OS's sharing 25% of that market makes it too small to be of interest to criminals, you're nuts.

      Monoculture is not the problem, although its a convenient flag to fly when "free as in beer" and "windows sux0rs" runs out.

  6. Re:So what? by Warbothong · · Score: 5, Insightful
    I remember watching an episode of the BBC's (very Microsoft dominated (as in, something major happens with Linux or Ubuntu or whatever, nothing. Some low-down Microsoft employee makes a comment about something he thinks might possibly someday become slightly relevant to some tiny niche and they spend 10 minutes on it)) Click program ( http://www.bbcworld.com/click ) and they had some "experts" (read: marketing guys) saying what the benefits of dual-core CPUs could be. All they could come up with was "You can use one core to do all of your normal activities, and use the other core to run antivirus and antispyware and firewall software constantly".

    I almost cried.

  7. Er, that's an OLD attack by davecb · · Score: 5, Informative

    It works on any multiprocessor, including an
    IBM 360/168 mainframe, where I first encountered it.

    --dave

    --
    davecb@spamcop.net
  8. News flash! by achurch · · Score: 4, Insightful

    In a multitasking system, you can read and write the same memory space at the same time! . . . Oh, I guess it's not news after all.

    Seriously, this is just Yet Another Race Condition. As long as you follow the rules of multithreaded programming (which for syscall wrappers means copying your arguments, since you can't negotiate mutexes with the caller), this is a non-issue.

    Neeext!