Google geeks goe into the technical details.
The hardware problem lies in the high speed execution pipeline in modern processors. Notmally, when your computer needs to draw the screen or read the disk, it hands control of the memory bus to another processor, which is fine. The main CPU does not sit idle and wait, no, it will read in the next set of instructions and resolve any memory references it can to short cycles when the code runs. Good idea.
But the engineers never planned for security to the core, as sandbox needs. So, typical processors leave some of the execution prep work in kernel space, and the pipeline manager sometimes leaves kernel memory locations open for reading. Thus trick code can fake the pipeline manager out and collect, byte by byte, the absolution locations and sometimes contents of protected memory. Not a bug, really they just favored pipeline speed for context switching.
There is no bug because there was no real sandbox concept until a few years ago. Why doesn't the trading pits give a damn? Because the trading bot framework restricts the user code to a known and verifiable source code. Any new bot code is well tested, and there is no real user ad hoc code in the pits, nor ad hoc context switching. The trading bots are a known quantity, and everything os a collection of their transactions.
Thus, the trading pits are just fine. The only time keys might be revealed is check in and checkout, which happens about .01% of all trade actions. So trading pits can easily afford the extra software needed to protect the pipeline. The pits are more like game machines than context switchers between arbitrary apps. And, the escrow routers are fine too, being interpretive.
If anything, this bug shows why we need to develop auto priced pits, we can keep ad hoc human code out completely, so current Intel processors mostly work fine. They do not yet keep secret keys.
Who worked the issue? The Alpha Zero guys, the ones who did the chess machine. That machine is simply a version of the sandbox, pits and contracts, all combined. They gonna do auto trading, so they checked end to end security.
No comments:
Post a Comment