Speculative Execution and Side Channels Attacks

A few weeks back Intel have disclosed details of new vulnerabilities that effect their current and past CPU ranges from at least 2009 up to their latest – so, it would seem, most Intel CPUs in living memory!

The vulnerabilities relate to speculative execution as was the case with Spectre and to a lesser extent Meltdown.

If you’ve not yet read up on the problems that Spectre and Meltdown presented there are two mechanisms that come into play:

  1. speculative execution and
  2. side channel attack

If you are not already aware then now is the time to start. With the bug bounties now being offered, we at ComputerWorld expect to see more of these vulnerabilities being exposed together with new ways to exploit them as time goes on.

There are numerous other blog articles out there that explain these exploits in detail, but they can get overly technical and complex very quickly with lots of jargon and I wanted to try and simplify the explanation – so this post is not intended as a deep dive but more of a very high level description.

Speculative Execution. In the race to make CPUs faster and faster, a technique was developed in microprocessor operation to try and anticipate the next information or data that would be required by the CPU for a specific task. This is tantamount to the CPU guessing what the current thread being executed is going to do and therefore what data might be needed. If and when that information is needed, the CPU already has it and any other information gathered during the guessing gets discarded.

So if we could fool the CPU into gathering sensitive information that might be needed then cause a kernel dump then we can access the sensitive information. It’s encrypted, but that is where the second mechanism comes into play.


Side Channel Attack. In the process of the CPU guessing information, it needs to reread that information. The information is encrypted so the CPU decrypts the information behind the scenes. In doing this, the CPU does not expose the actual algorithms used for decryption but it does show part of its hand by exposing certain other information often referred to as side channel information. This side channel information can be in the form of power consumption of the CPU, heat dissipation of the CPU or cryptographic computation time, to name just a few.

An attacker can then use that information to narrow down or even determine the cryptographic key used, and once they have that they have access to the data itself. This is known as a side-channel attack.

The CPU vulnerabilities that have been and continue to be discovered relate to different methods of using speculative execution and side channel information to be able to export encrypted sensitive data and then break the encryption to expose the sensitive data.

My next post details the latest vulnerabilities that have recently been disclosed by Intel and relate to VMware hypervisors so click below if you are using vSphere…

Want more information about how to secure your business?