search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
HIGH PERFORMANCE COMPUTING


How Meltdown and Spectre will impact future processor designs


ADRIAN GIORDANI REPORTS ON RECENT VULNERABILITIES FOUND IN MANY MODERN CPUS


If a vulnerable processor runs an


unpatched operating system, sensitive information can be leaked. Aftershocks are still being felt. Many


The start of 2018 gave the computing industry a brisk wake-up. Researchers comprising


industry and university teams discovered foundational hardware design vulnerabilities that allow the theft of data processed on computers. First a malicious program must have access to exploit this – confidential data could be taken from memory stored in running programs. These Meltdown and Spectre processor exploits, as they were dubbed, can subvert personal computers and mobile devices. Stolen data could include passwords


stored in a password manager or browser, personal photos, emails, instant messages or business-critical documents. A cloud provider’s infrastructure might also be exploited to steal data from customers. The separate research teams that found these serious flaws came from Google’s Project Zero, Cyberus Technology, Graz University of Technology and other institutes. As the repercussions of these severe


memory leak exposures emerge, it was also revealed that almost every modern processor since 1995 is vulnerable. While there are no current examples of these weaknesses being exploited yet, it is almost certain that hackers and new types of malware will use them now.


14 Scientific Computing World April/May 2018


devices from Qualcomm, Intel and AMD microprocessors to IBM CPUs as well as Arm’s processors are affected. Software applications that rely on intensive computational power from clouds to supercomputers are at risk too. Even supercomputing benchmark providers are providing Q&As for their users in the near term. Daniel Gruss, a researcher from the


team at the Graz University of Technology in Austria, said that Google’s Project Zero found the flaws independently of them. Gruss works on understanding micro- architectural attacks such as Meltdown and Spectre. Project Zero alerted Intel before the Graz team did, in fact; then they were connected with Google’s team to discuss the issues with Intel. ‘This is not an Intel-specific issue. All


vendors are affected, e.g. by Spectre. It’s not sensible to argue that you’re not affected by one problem if you’re affected by another equivalent one,’ said Gruss. Spectre attacks work on non-Intel


processors, including AMD’s and ARM’s processors. It is well known that the underlying


architecture that supports the majority of processors today was developed by Arm. To date, Arm and its partners have shipped more than 120 billion chips since the company was founded in 1991. The current estimate is that 95 per cent of smartphones contain Arm CPUs. They are also inside the tiniest sensors to larger cloud hardware and supercomputers. After being alerted by researchers at Google’s Project Zero group in June


2017, Arm’s chief architect, Richard Grisenthwaite, immediately pulled together a core team of technical experts from the company’s hardware, software and security teams to investigate the validity of the exploits and develop mitigations. Around five per cent of more than 120 billion Arm processors available are potentially impacted by Spectre; processors exposed to Meltdown are significantly less, according to Arm’s principle architect for servers and HPC, Darren Cepulis. To date, Meltdown affects only one Arm processor, the Cortex-A75, which is currently not shipping in production silicon. While Spectre is harder to exploit than


Meltdown, it is also harder to defend against. Meltdown accesses kernel memory from a user’s space. This access causes a trap. But before the trap is issued, the code that follows the access leaks the contents of accessed memory through a cache channel. ‘Our initial testing on mobile devices


indicates that any performance impact from Meltdown will be less than one per cent for some use cases and non-existent in others,’ said Cepulis. For Arm’s affected processors, software


updates, including operating system kernel-level mitigation releases, are already in the works. ‘The industry is already in the implementation stage with respect to deploying software mitigation options,’ said Cepulis. ‘The software mitigation options have been made available to operating system vendors, and original equipment manufacturers (OEM) and the deployment is being managed by them.’ Arm has not received feedback from end-customers but from its network of


@scwmagazine | www.scientific-computing.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40