Security meltdown due to protected memory access within CPUs

(originally posted on Google+ 01/2018)


This week probably the biggest security problem of the modern IT age has come to light. Due to CPU design problems of Intel and other CPU vendors, it is possible to read the entire CPU memory via special faked CPU instructions. This is a major security problem because today’s operating systems (including VMware) cannot secure systems anymore. Any non-privileged application has total read access to the entire system memory. Some of the scenarios I can think about:


Virtual Server Solutions
Very often multiple servers are consolidated into a virtual machine using a hypervisor like VMware or HyperV. Now customers must assume that a single application running in one VM can read out the entire memory of each isolated VM running on the same server. Cloud VM server offerings are affected in a big way because one VM could read data from other VMs of different customers. Internal server virtualization is also affected. One solution to limit the security hole is to ensure that one physical host serves only a single customer’s VMs. Certainly the problem would still exist within that customer’s VMs, but at least other customer’s VMs cannot access your data.


Workstations (e.g. Windows, Mac, etc.)
As long as a physical workstation is dedicated to a single user and the user is allowed to see all data on this workstation, or the user has Admin access anyways, there is no direct problem. However, when software from other vendors is used or installed, it must be assumed that these additional tools/applications can read out the entire memory even when they don’t have administrative rights, which results in serious security problems. When such a workstation is connected to the Internet, suspect software can forward complete memory content to a remote site to analyze it and pull information out of it, including data, user names, passwords, keys, certificates, etc.


The same concerns as for workstations apply here. However, if only trusted software runs on a server, then there is no security problem deploying that physical server. Database, web servers, file servers, etc. can be assumed to be safe because they serve data only.


However, server sites allowing customers to install native software or to allow remote access via ssh, etc., which allows transferring and running software, must assume that these software (even with total restrictions) can read out all physical memory of the server.


I don’t see any solution until new processor generations address this design issue. In the meantime, it is only possible to separate servers and workstations depending upon the security requirements. Several vendors propose updates, however at this point it is not clear if this hardware design problem can be solved by software patches.