MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
spectre
Search

Microsoft’s compiler-level Spectre fix shows how hard this problem will be to solve

Wednesday February 14, 2018. 10:49 PM , from Ars Technica
Enlarge (credit: Aurich Lawson / Getty Images)
The Meltdown and Spectre attacks that use processor speculative execution to leak sensitive information have resulted in a wide range of software changes to try to limit the scope for harm. Many of these are operating system-level fixes, some of which depend on processor microcode updates.
But Spectre isn't a simple attack to solve; operating system changes help a great deal, but application-level changes are also needed. Apple has talked about some of the updates it has made to the WebKit rendering engine, used in its Safari browser, but this is only a single application.
Microsoft is offering a compiler-level change for Spectre. The 'Spectre' label actually covers two different attacks. The one that Microsoft's compiler is addressing, known as 'variant 1,' concerns checking the size of an array: before accessing the Nth element of an array, code should check that the array has at least N elements in it. Programmers using languages like C and C++ often have to write these checks explicitly. Other languages, like JavaScript and Java, perform them automatically. Either way, the test has to be done; attempts to access array members that don't exist are a whole class of bugs all on their own.
Read 25 remaining paragraphs | Comments
https://arstechnica.com/?p=1259363

Related News

News copyright owned by their original publishers | Copyright © 2004 - 2018 Zicos / 440Network
Current Date
May, Thu 24 - 00:51 CEST