Spectre vulnerabilities cannot be mitigated by software alone

A team of Google researchers has demonstrated the Spectre vulnerabilities present in many of today’s processors cannot be completely mitigated by applying software fixes, as has been assumed.

Variants of the Spectre flaw discovered last year, which involves information leaking via ‘speculative execution’ or functions performed early to speed up computation, are not just software glitches but lie in the foundations of the hardware.

In their paper titled ‘Spectre is here to stay: An analysis of side-channels and speculative execution‘, the researchers concluded that Spectre fundamentally defeats an important layer of software security.

Read more…
Source: ITPro