More Information on SMoTherSpectre

ID 767609
Updated 3/5/2019
Version Latest
Public

author-image

By

On March 5, researchers at IBM Research and EPFL published details and a proof-of-concept exploit they called SMoTherSpectre.

They demonstrate the creation of a side channel by taking advantage of port contention during speculative execution with simultaneous multithreading (SMT), including our implementation, called Intel® Hyper-Threading Technology (Intel® HT Technology). A malicious actor can use port contention to detect timing differences between specific speculatively executed code sequences. The differences observed in those measurements can reveal data over time.

After careful assessment, Intel determined that existing mitigation methods like single thread indirect branch prediction (STIBP) can protect software against such issues. Because this style of attack targets specific application data and does not reveal the entire contents of the targeted program, turning on STIBP only when dealing with secret data would be sufficient to mitigate SMoTherSpectre. Sensitive applications may wish to run with STIBP set more broadly in order to guard against other attacks like branch target injection (Spectre variant 2). Critical applications can enable STIBP through the prctrl operating system interface. For other operating systems, developers should refer to vendor-provided instructions or contact the operating system vendor. For more information, see Intel's guidance on STIBP.

Intel does not recommend turning off Intel® HT Technology as a mitigation technique because other programming methods are effective and higher-performing.

 

Software Security Guidance Home | Advisory Guidance | Technical Documentation | Best Practices | Resources