Oracle security researchers have been working on security feature for Linux kernels that could protect Linux-based systems against attacks that affect Intel’s Hyper-Threading (HT) feature. Multiple side-channel threats the feature’s vulnerable against, including L1TF/Foreshadow and the MDS attacks, have been revealed over the past few months.
The Oracle developers didn’t specify whether or not the recent MDS attacks against Intel’s HT would also be mitigated through its Kernel Address Space Isolation (KASI), only that it will protect against L1TF/Foreshadow. Other side-channel attacks seem to be up for debate, as any extra isolation being introduced into the kernel could potentially impact the performance of Linux systems.
Kernel Address Space Isolation
The Oracle team first proposed the Kernel-based Virtual Machine (KVM) Address Space Isolation solution in order to isolate the KVM’s address space from the rest of the kernel, as well as the user space. However, the team has now released an experimental version 2 of the feature redesigned as a framework. That means all sorts of kernel-level applications can isolate their address spaces.
The researchers also renamed the feature from KVM Address Space Isolation to KASI. The code is still a proof of concept, but it’s already said to be more stable than the first version of the mitigation feature.
Intel Hyper-Threading Security Vulnerabilities
Last year, two major side-channel attacks were exposed against Intel’s HT CPU feature, TLBleed and L1TF/Foreshadow.
However, it wasn’t until the MDS side-channel attacks appeared that Google and Apple started taking the advice seriously. Google disabled HT on Chromebooks, but stopped at recommending the disabling of HT as an additional security measure against the MDS attacks. Even Intel admitted that some customers should consider disabling HT on their systems.
- How to Protect Against Dog Attacks and Dog Bites
- 5 Threats that make your Website Vulnerable, Part 4: Limits of Traditional Tools to Protect Websites
- Identity Theft Protection - How to Protect Yourself from Identity Theft
- Dragon Meditation as Self Protection
- Is Stress Making You Fat? Exploring The Link Between Stress and Weight Gain
- New Airborne Sample Analysis Platform (ASAP) Protects Americans from Biological Attack
- Self Defense - Dog Attack Prevention
- Basic Linux For Ease of Use and Management of a Hosted Website - Getting Started!
- Basic Linux For Ease of Use and Management of a Hosted Website - Exploring the Shell!
- Why Linux Hosting is Gaining More Presence than Windows Hosting?