Software can’t completely fix Spectre vulnerability, Google researchers say
They concluded that all processors performing predictive execution are always susceptible to different side-channel attacks, even though mitigation methods may be discovered in the future. Malicious programs can exploit Spectre vulnerabilities to steal sensitive data stored in memory while other programs are executing. To truly address existing and future Spectre vulnerabilities, CPU manufacturers need to come up with new CPU microarchitecture designs.
Our models, our mental models, are wrong; we have been trading security for performance and complexity all along and didn’t know it. It is now a painful irony that today, defence requires even more complexity with software mitigations, most of which we know to be incomplete.
“And complexity makes these three open problems all that much harder. Spectre is, perhaps, too appropriately named as it seems destined to haunt us for a long time.”