Schlagwort-Archive: Meltdown

Meltdown and Spectre – born 40 years ago

IT developers typically don’t care about the  history of computers and programming. The underlying failing mechanism of Meltdown and Spectre was „invented“ more than 40 years ago and implemented the first time in the 801 Mini Computer at the IBM Thomas J. Watson Research Center in Labs in Yorktown Heights N.Y. George Radin (the best manager I ever worked for) was leading  a team of about 20 hardware and software researchers. They tried to integrate advanced ideas about CPU hardware, memory and I/O  (e.g. fibre channels for I/O) as well as optimizing compiler techniques and deliver a working prototype. Center piece was a CPU with a reduced instruction set (RISC), which could be implemented completely in hardware. Programs should written in a high level language and translated by an optimizing compiler to machine instructions.  Programmers should not use machine language at all.

In 1975 state of the art computers had complex instruction sets (CISC) e.g. IBM /370. Efficient programs had to be written in assembler machine language – a highly inefficient task. Key to the performance of CISC processors were the efficient use of internal registers and optimal sequencing of memory accesses by programmers. The RISC designers developed an efficient register allocation scheme (colouring) and preemptive parallel execution scheme (branch prediction and speculative execution – ref  SPECTRE paper) to speed up sequential operations of compiled programs.

A central problem of multitasking systems was the seperation of different tasks running concurrently. CISC machines used complex hardware to provide some basic security. The 801 RISC machine took a software approach to security.

ref fhe 801 Minicomputer by George Radin

Modern CPU architectures like (ARM – a direct derivative of the 801), INTEL or others use advanced 801 execution features. However, the designers seem to be not aware of the basic rule: only compiled user code should run on the CPU. If attackers can run machine code on the CPU they can break system  security.

MELTDOWN and SPECTRE are typical examples of sequencing attacks, which are quite common in software controlling hardware or asynchronous software systems. Most programmers have not been educated on design and implementation of asynchronous systems (who knows PETRI nets?). Sequencing problems in complex systems are difficult to analyse and even more difficult to correct.

Many systems designer are not aware of the concept of Trusted System Kernel in any secure system. Experienced security designers will ask „what are the trusted components and organisations“ before discussing cryptography, potential security leaks and attacks. Obviously modern IT system designers are not aware of relying on the CPU as trusted component.

MELTDOWN and SPECTRE will force the IT industry to rethink system security and business models.

801 History IBM did not persue the 801 technology being to cheap and a /370 system revenue killer. Hewlett Packard hired key 801 team members and used the RISC architecture for their line of UNIX processors.  Today ARM is the driver of RISC CPU architecture used in smartphones and IoT devices. Japanese and recently Chinese companies hold major stakes in ARM.

Advertisements