ltechnologygroup.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
Google has published details about a new coding technique created by the company’s engineers that any developer can deploy and prevent Spectre attacks.
The company claims this new technique, called Retpoline, has a “negligible impact on performance” compared to other patches rolled out in the past few days that in some cases caused big CPU performance dips.
Authored by Paul Turner, Senior Staff Engineer for Google’s Technical Infrastructure, the technique is described as a binary modification technique.
Google says it already deployed both Retpoline for the Linux-based servers deployed in its private data centers, where the company saw minimal performance impact.
Retpoline may end up in the Linux kernel
Turner also submitted a patch to the Linux kernel project to implement the Retpoline technique for the Linux kernel. In presenting the technique to other Linux kernel developers, Turner said that Retpoline added an “average overall overhead within the 0-1.5% range for our internal workloads, including some particularly high packet processing engines.”
Retpoline also seems to have the support of Intel developers, such as Andi Kleen, who also commented favorably on using the technique for the Linux kernel.
“So we want to avoid speculative indirect calls in the kernel,” Kleen said. “There’s a special code sequence called a retpoline that can
do indirect calls without speculation.”
Retpoline addresses “speculative execution”
By “speculation” Kleen is referring to “speculative execution,” a code optimization technique used by all modern CPUs, and which is the root cause exploited by the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerabilities.
According to several developers commenting on the new technique, Retpoline creates something akin to an infinite loop that is never called in the actual code but keeps the CPU from entering speculative execution.
Developers can code their application binaries to use Retpoline and prevent exposing their apps to Spectre attacks.
“This mitigation may be applied to the operating system kernel, system programs and libraries, and individual software programs, as needed,” Google says.
At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.
Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group, https://www.ltechnologygroup.com.