Google recently detailed its response to the Spectre and Meltdown security flaws. The company has been rolling out solutions to the flaws since September. And thanks to the efforts of hundreds of engineers, no one has apparently noticed because the fixes haven’t slowed down or degraded popular services like Google search, Google Drive, and Gmail.
While the security engineers at Google were able to address Meltdown and the first variant of Spectre with relative ease, the second variant proved to be more troubling. Not only does the flaw cause significant performance degradation and jump between different instances on the same CPU, fixing Variant 2 required changes to multiple layers of the software stack and significant industry-wide collaboration.
Given the difficulty of solving it, Google’s Project Zero security team made a rare exception to its 90-day disclosure policy, which gives vendors and companies 90 days to solve the problem before it releases details of a vulnerability to the public.
The first approach Google’s engineers took was to switch off CPU features that rendered chips vulnerable to intrusion. The downside was that it noticeably slowed down performance.
“Not only did we see considerable slowdowns for many applications, we also noticed inconsistent performance, since the speed of one application could be impacted by the behavior of other applications running on the same core. Rolling out these mitigations would have negatively impacted many customers,” Ben Traynor Sloss, vice president of Google, wrote.
Eventually, Google took a “moonshot” approach to solving the problem and turned up with Retpoline, a solution that “modifies programs to ensure that execution cannot be influenced by an attacker.” The technique has a “negligible impact on performance”, according to Google, and allows the company to defend against Variant 2 of Spectre without switching off CPU components or modifying many layers of software.
Google rolled out fixes for all three flaws by the end of December and has not received complaints since. Google says Spectre and Meltdown “represent a new class of attack” and that “they’re just a few among the many different types of threats our infrastructure is designed to defend against every day.”
Fortunately, Google has decided to share the details of Retpoline with the rest of the industry.
“We believe that Retpoline-based protection is the best-performing solution for Variant 2 on current hardware. Retpoline fully protects against Variant 2 without impacting customer performance on all our platforms. In sharing our research publicly, we hope that this can be universally deployed to improve the cloud experience industry-wide,” Sloss says.