Open Source Security Inc. Announces Respectre®: The State of the Art in Spectre Defenses
October 4, 2018
Open Source Security Inc. is proud to announce the release of the world's most advanced, effective, and high-performance defense against Spectre speculation attacks. Today's release is the result of its months of investment in prototyping different Spectre defense strategies, finally resulting in Respectre®.
Since its discovery in 2017, Spectre has shaken the foundations of computer security. Its name and logo signify a ghost, hinting at the significance of vulnerabilities that have been widely reported as "haunt[ing] us for years to come." The industry has struggled to deal with Spectre to date, in large part because it cannot be fully addressed by simple OS or hardware updates, but instead requires code modifications.
Respectre® is a nod to the Spectre speculation attack and signifies that it (re)veals potential Spectre vulnerabilities, (re)spects the original intent of the code, and automatically (re)factors it via a compiler plugin to eliminate speculation-based side channels. All plugin-capable versions of the compiler commonly used to compile Linux are supported, and the plugin itself is architecture-independent. The initial release to grsecurity® customers focusing on Spectre v1 supports the ARMv7, AArch64, PPC64, x86, and x86_64 architectures. Special care was taken in designing the plugin to ensure both low impact to compilation time as well as negligible impact to runtime performance (measured as 0.3% in a kernel-focused stress test). The plugin incorporates advanced static analysis far beyond the level of any existing tools for any OS, and is the 4th largest plugin of the 14 available in the grsecurity® kernel patches. Work is already underway to enhance the static analysis of the plugin even further and add coverage for other similar Spectre types.
"The release of Respectre makes good on our promise to customers earlier this year to develop a more comprehensive strategy to Spectre defense than the rudimentary, ad-hoc approach employed to date by upstream Linux kernel developers and other Linux vendors. This solution not only scales to codebases the size of the Linux kernel, but can also protect third-party code and other modifications automatically," said Brad Spengler, president of Open Source Security Inc.
More information on Respectre® will be available to current grsecurity® subscribers via their Customer Knowledge Base.
grsecurity is a registered trademark of Open Source Security Inc.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
About Open Source Security Inc.
Open Source Security Inc, the creator of grsecurity®, is a boutique security development studio and consultancy. At the forefront of Linux kernel security, it specializes in robust and high-performance defensive technologies. Today grsecurity protects millions of servers on the Internet and embedded devices in mission-critical infrastructure. For more information, visit https://www.grsecurity.net/.