Most of the security in the CPU of the gap in the Amount of Charge Injection (LVI)


A Team of specialists from five universities and research institutions, including the Spectrum and the Collapse-experts from the Graz University of technology, described a novel, CPU-gaps in the security, the Value of the Charge Injection (LVI). As well, there are a number LVI-variant, that may be in need of an attacker to modify the data that is processed on one processor only, and specifically.

According to the authors of the Works. “LVI: the Kidnapping, Transient application of a Microarchitectural Amount of Charge Injection, the LVI-gap, only with a good deal of effort, due to the optimization of the Compiler is to close. This effort is also reflected in an increased load on the CPU that works for you: secure the Code is executed, therefore, it will significantly slow it down.

In the Security Advisory Intel-SA-00334-CVE-2020-0551: Medium), see the Intel, especially in the case of the safety function of the Safe-Guard Extensions (SGX) for the encryption of the cities in the RAM, it is a necessary action. SGX is designed to protect the sensitive data in the RAM to which access is not authorized for administrator access. For LVI to prevent the attack of such Trusted Execution Environments (TEEs), will Intel publish the patch for the Compiler. You spend a lot of time, seem to be required for THE LVI-detector in the stress, you have to be vulnerable in April 2019 at the latest, Intel said. On the other hand, Intel has funded part of the work of security researchers.

LVI’s attacks are similar to the CPU functions, such as a Collapse or a zombie load

(Picture: Jo Van Bulck, Daniel, Moghimi, Michael Schwarz, Moritz Lipp, Marina Minkin, Daniel Genkin,Yuval Yarom, Berk Sunar, Daniel, Hubby, Frank Piessens)

The LVI-variant-LVI-ZERO for the abuse that is similar to the side-channel, such as a Breakdown, such as the Level-1 cache for data (L1D). Malware in the shoes of a value of the data in a buffer area of the processor, and it ensures that an application is reliable to this date, continue to calculate the actually required data. These “in-pushing” of the data, and then use it to weaken around the industry.

A similar Transient Fault Attack” is used to describe the experts in the field of the AES New Instructions (AES-NI), built into Intel processors to speed up the common of the AES Algorithm. For the LVI is also a barrier between the User and the Kernel, the address of the green revolution, as well as between the parallel-running processes of a User.


(ciw)