MIT finds a smarter way to fight Spectre-style CPU attacks

DAWG offers more security without a steep performance hit.

Many companies have developed patches to mitigate Meltdown- and Spectre-like speculative memory attacks. However, they can come with compromises: they can leave major gaps and still slow down your system. MIT researchers may have a better way. They've developed a new method, Dynamically Allocated Way Guard (yes, DAWG is on purpose), that promises tight security without dragging performance through the dirt.

It boils down to isolating memory caches on processors in a way that prevents them from seeing anything they don't need to know. MIT likens it to putting walls in a kitchen that prevent chefs from seeing each other's ingredients and tools. There are multiple separate cache ways with their own domain identities, each of which is validated. New policies, meanwhile, deal with cache "misses" that could signal an attack.

The result is an approach that protects against much more than Intel's pre-Spectre Cache Allocation Technology (CAT), but offers "comparable" performance. While it won't work against every possible speculative attack, it's still better -- and it protects against non-speculative attacks that CAT could never address. There's work underway to help DAWG tackle more speculative attacks, too, and it would require "very minimal" changes to operating systems.

The challenge is getting companies to use the feature. MIT's team is hopeful that companies like Intel will pick up on the idea, but that's not guaranteed. As it is, the typical development times for processors could mean a long wait even if the industry adopted the concept right away. Still, this raises hope that there's a true solution to Meltdown and Spectre that doesn't involve a significant speed hit.