With the discovery of Meltfdown and Spectre the Trend and Future of Cloud Computing
Last week when the new Bug and Design Flaw (Meltdown, Spectre) was found with Processors (Intel and other Processors) there is a question now on the future of public Cloud computing, In fact one of my friend told me Public Cloud is dead. I replied I don’t agree with it, I have been seeing the Cloud Computing Technology perhaps from its Inception.
I am going to talk about the Processor Design Flaw names Spectre.
“Spectre” is a Design Flaw in Modern Computer Processor Design.
Modern processors want to be faster to serve the growing demand of today’s substantial computing requirements. In that way, the processor designers took some of the fundamental theories into consideration.
“Instead of waiting for a task, like a conditional check, to complete and then proceed to the new function based on the outcome; the systems speculate what may be the next task based on the previous task execution experience, and then save the result in a cache memory.
If the outcome of the conditional check is favorable then the system proceeds with the speculated task otherwise it discards it and proceeds with another task. By doing this – it allows the processor to work much faster.
Let’s analyze this problem with reference to a real world scenario in our life.
“I go for lunch to a restaurant every day, I order the same menu for a week and then change that next week and follow the same for that week again before changing it.
So first day the restaurant owner prepared the dish after my order but after 3-4 days of learning that I take the same menu every day the restaurant owner prepared the dish even before I arrived at the restaurant so that he can just serve me better and other customers faster as well.
But then suddenly on the fifth day I just didn’t order the same menu, I ordered a different dish, then obviously the restaurant owner has to discard the already prepared dish and then prepare the new dish for me and serve.
Now Mr. X was following me for sometimes to know my eating pattern and habits and what exactly I prefer to eat. Now Mr. X just went to the waste bin and try to find what is that discarded and then he got the discarded food and noted it down to know my eating habit and what dish I ordered to eat, in this way Mr X got my secret without anyone noticing that he got my secrets.”
So what the owner of restaurant did was “Speculative execution” and the waste bin can be compared to the “cache memory” inside the processor but the owner of the restaurant (the processor) didn’t bother about the discarded food in the bin.
It’s a good thing to have “speculative execution” which assists in the acceleration of the performance of the system. However, the designers never thought about the security of the data which is saved in the cache memory before the conditional check result comes back. Consequently, if someone can get access to this cache memory before it is discarded then they can access the data – including such things as encryption keys, usernames/passwords, and other security credentials – sensitive data which they are not supposed to have access to. And because this memory cache is inside the processor all of the security designed into the chip is circumvented.
This is the underlying problem which has been named “Spectre”.
Understanding Speculative Execution
Let’s take the Example of a Code.
IF A=B THEN
C = C+1
C = C- 1
The IF … THEN instruction results in a branch, until this instruction is executed there is no way we would know which instruction will be computed next (addition or subtraction). Modern Processor takes advantage of “Speculative Execution”, A method where the processor may start speculating which instruction might be the next instruction based on the previous experience and then it starts executing the instruction even before the conditional branch instruction executes and comes back with the result.
So here in this case in may start executing both the instruction i.e addition and subtraction t the same time to reduce the time of waiting. And when the result of the conditional check comes back, the result of the undesired instruction is simply discarded.
Now if an attacker can read these cache memory (BTB) before it is discarded then the attacker has access to the Data which he is not supposed/allowed to access,
Branch prediction improves the performance of the instruction execution and results in faster processing of instruction of branches by making use of a special small cache called the branch target buffer or BTB. Whenever the processor executes a branch, it stores information about it in this cache memory. When the processor next encounters the same branch, it is able to make a speculation or “guess” about which branch is likely to execute.
Here is a Video which explained the Problem Spectre.
Here is video demonstrating the meltdown attack
Now I am writing my thoughts why I don’t think Public Cloud is dead. But yes there will be a change in the trends how enterprises use cloud computing.