Spectre V1 safety

Parsing any externally supplied data, such as SSL packets, can potentially expose application to Spectre V1 attacks. IMO. What's your stance on Spectre safety of your library?

[ymjing]

Thanks for submitting the first issue for MesaLink! We are well aware of this issue and so is the Rust community. The Rust compiler is currently upgrading to LLVM 6, which has integrated the fix. See this merged PR.

IIUC you are supposing a remote attack with carefully crafted SSL packets. I would say it may succeed and trigger a leak to the cache on the remote machine. However, it would require local code execution privileges on the remote machine to read the leaked data and send them back. So Spectre v1 alone would not cause serious problems in this scenario.

But wait. What about public clouds? An attacker can do the same to a "remote" VM that resides in the same machine as the attacker. This is referred as a VM co-residence attack. Fortunately, most big name public cloud providers have deployed software mitigations to Spectre and Meltdown.

Hope that answers your question. At Baidu Security Lab we have several experts in this area. You might want to read Dr. Yueqiang Cheng's article Meltdown & Spectre Attacks and Mitigations.

Thanks for the reply!

The reason behind my question was two fold:

1. Scenario where library such as mesalink is put inside SGX enclave. Here it's desired that local, even privileged attacker, should be unable to recover private key from enclave.
2. Scenario where library such as mesalink is used by an application. Here it's desired that local unprivileged attacker, or privileged attacker in different VM, should be unable to recover private key.

SSL libraries have to parse externally provided BLOBs - SSL packets, certificates (locally provided or coming from SSL handshake), locally provided private key.
These BLOBs can be "corrupt", and potentially expose sensitive data - due to code that has been speculatively executed, but not commited. Through a variation on Spectre V1 attack where attacker doesn't necessarily share pagetable with the target.

Public cloud providers deployed mitigations primarily against Meltdown and Spectre V2. Hence my question.

Thanks for keeping side-channel attacks in mind during your development!