April 8, 2021

Memory Protection: An Extra Line of Defense Against Spectre Attacks

By Pedro Fortuna | 3 min read

jscrambler-blog-memory-protection-an-extra-line-of-defense-against-spectre-attacks

Even three years after the Spectre vulnerability was discovered, it continues to pose a concern, as it can still be exploited by attackers. Google recently published a proof-of-concept exploit written in JavaScript on their Security blog that still works against multiple browsers, operating systems, and processors.

In this article, we will explore why development teams need to deploy application-level mitigation measures and how memory protection can work as an extra line of defense against Spectre attacks.

What are Spectre attacks?

Spectre attacks essentially break the isolation between different applications and allow an attacker to trick error-free programs into leaking their secrets. By taking advantage of flaws in the optimization features of CPUs – speculative execution – Spectre attacks force programs to access arbitrary portions of their memory, which are then read by a side channel.

Due to its nature, the Spectre vulnerability allows for attacks against different types of applications, including web apps. Attackers can potentially exploit them to extract sensitive information across different websites in a browser by exploiting how they interact with processors and on-chip memory. In applications that handle critically sensitive data, such as government, healthcare, and financial apps, such an attack can have devastating results.

Attackers' motivations to exploit the app's memory may vary but typically they intend to:

  • reverse-engineer the code and understand its mechanics;
  • modify the app's behavior and, for example, access new features;
  • access and retrieve sensitive data.

However, the bottom line when it comes to Spectre attacks is that there is still no ultimate solution to mitigate them, despite browser vendors’ efforts (such as Site Isolation, out-of-process iframes, and Cross-Origin Read Blocking, and others). In order to fully mitigate these attacks, the changes required are at the processor architecture level (hardware), which can take years.

Because application owners may not afford to wait so long for a definite fix, they must take action now, protecting sensitive data and preventing it from being present in parts of the memory that can be read by attackers. In their proof of concept exploit, Google also recommends that web developers consider isolating their sites more robustly by using new security mechanisms that actively deny access to cross-origin resources. In order to facilitate their process, they have published Post-Spectre Web Development and Mitigating Side-Channel Attacks with concrete advice for developers.

Memory protection as an extra line of defense

Since the potential outcome of a successful Spectre attack on web apps may mean the leakage of millions of sensitive data records, application owners must look for additional lines of defense. Seeing how Spectre attacks can retrieve sensitive data from the app’s memory, one such line of defense is memory protection.

In the context of web apps, Memory Protection refers to a defensive technique developed by Jscrambler that encrypts sensitive data in memory and only decrypts it when the application needs to access it. Thanks to this JIT (just-in-time) memory access, the attack window becomes significantly narrower. As a result, there’s a high likelihood that, if the attacker retrieves some data, it will be encrypted and therefore useless.

This defensive technique uses state-of-the-art cryptographic algorithms and can be applied to strings and numbers that are present in complex structures like objects and arrays.

In order to avoid big impacts on performance, it is important not to apply memory protection to data structures that are accessed on a constant basis, but rather the ones that are not accessed as often. These can include keys, authorization tokens, and others. It is important to note that this by itself does not stop attackers from scraping sensitive data from the memory; however, when used alongside browser defenses and other application-level mitigation measures, it significantly reduces the potential impact of a successful attack.

Conclusion

While Spectre attacks require hardware changes for complete mitigation, the risk that they pose for web apps is far too great for application owners to wait for a definite fix.

A combination of recent browser defenses and in-app protection such as Jscrambler’s Memory Protection feature will greatly contribute to reducing the effects of these attacks. It brings a much-needed line of defense, especially when used on top of all other recommended defensive strategies. You can get started with Jscrambler for free now!

Author
Pedro FortunaCTO and Co-Founder of Jscrambler. Experienced in academia and as a security researcher, Pedro has co-authored several application security patents and is an active member of the AppSec community.
View All Posts

Subscribe to our weekly newsletter

Learn more about new security threats and technologies.

I agree to receive these emails and accept the Privacy Policy.