Security Software

Glossary

abcdefghijklmnopqrstuvwxyz

a

App developer

Person who writes, debugs and executes the source code of a software application. Generally, developers are well versed in at least one programming language and proficient in the art of structuring and developing software code. Although the primary job role is writing code, a developer also may gather requirements for software, design or overall software architecture, software documentation and other related software development processes. Source

Application (app)

Software designed to perform a group of coordinated functions, tasks, or activities for the benefit of the user. Common examples include: word processor, spreadsheet, accounting program, web browser, a media player, game, and photo editor. The collective noun application software refers to all applications, which are distinguished from system software such as firmware and BIOS that are mainly involved with running the computer. Source

b

Bounds Check Bypass (Variant 1)

Side Channel Cache Method that takes advantage of speculative execution after conditional branch instructions. Using this method, an attacker discovers or creates ‘confused deputy’ code, which allows them to use speculative operations to infer information not normally accessible. It uses speculative operations occurring while the processor is checking whether an input is in bounds (for example, if the index of an array being read is within acceptable values) and takes advantage of memory accesses to out of bound memory performed speculatively before the bounds check resolves. These memory accesses can be used in certain circumstances to leak information to the attacker. If the attacker can identify and exploit an appropriate ‘confused deputy’ in a more privileged level, the attacker may deduce the contents of memory accessible to that deputy.

Bare Metal

Computer or system containing essential hardware components, (processors, motherboards, hard disks and network cards) but without a base operating system (OS) or installed applications. A computer's hardware assembly, structure and components installed with firmware or basic input/output system (BIOS) software utility or no software at all. Source

Bounds Check Bypass Store

Variant of the Bounds Check Bypass (variant 1) security issue that uses speculative stores to overwrite younger speculative loads in a way that creates a side channel controlled by a malicious actor.

Branch Target Injection (Variant 2)

Side Channel Cache Method that takes advantage of indirect branch predictors inside the processor that direct what operations are speculatively executed. By influencing how indirect branch predictors operate, an attacker can cause malicious code to be speculatively executed and then infer data values. For conditional direct branches, there are two options: the target of the branch or the fall-through path of instructions directly subsequent to the branch. Indirect branches, can cause speculative execution of code at a wider set of targets. This method works by causing an indirect branch to speculatively execute a ‘gadget’ which creates a side channel based on sensitive data available to the victim.

Browser

Software application with a graphical user interface for displaying HTML files, used to access information and navigate the World Wide Web.

c

Cloud Service Provider (CSP)

Third-party company that delivers cloud computing-based services and solutions to businesses and/or individuals. This company may offer rented and provider-managed virtual hardware, software, infrastructure, platform and storage as a service options. Source

Confused Deputy Code

Code which allows an attacker to use speculative operations to fool computer program into allowing access to information not normally accessible to the attacker.

Context

A structure, instance, or object in software programming that contains minimal set of attributes, properties, or states that allows the system to execute or manage a defined set of operations or tasks. A context model is the physical scope of a system, which could include the user as well as the environment and other actors; a system context diagram represents the context graphically. Source

Control flow Enforcement Technology (CET)

Future Intel security technology that will allow limiting near indirect jump and call instructions to only target ENDBRANCH instructions. This feature can reduce the speculation allowed to non-ENDBRANCH instructions.

d

Desktop

Primary user interface of a computer, displayed once the startup process is complete, typically including a background (or wallpaper) and icons of saved files and folders. Various operating systems include a task bar or menu bar with shortcuts to programs. Source

e

Execute Disable Bit

Hardware-based security feature that can help reduce system exposure to viruses and malicious code by allowing the processor to classify areas in memory where application code can or cannot execute, even speculatively.

i

Indirect Branch Predictor Barrier (IBPB)

Side channel mitigation technique that ensures that earlier code’s behavior does not control later indirect branch predictions.

Indirect Branch Restricted Speculation (IBRS)

Side channel mitigation technique that restricts speculation of indirect branches.

Intel® OS Guard

Also known as Supervisor-Mode Execution Prevention (SMEP), a security technology that restricts the operating system from directly executing application code, even speculatively, thereby making branch target injection attacks on the OS substantially more difficult.

l

Loads

Loads are operations that copy data from main memory into a register so the data is available to the CPUs execution engine.

m

Multi-tenant

Architecture in which a single instance of software runs on a server and is shared between customers or tenants, groups of users who share common access with specific privileges to the software instance. Source

o

Operating System (OS)

Software that supports a computing device’s basic functions, such as scheduling tasks, executing applications, and controlling peripherals. It allows applications/programs to take advantage of common libraries and not worry about specific hardware details by managing resources, including input, output, network and storage devices. Source

p

Private Cloud

Computing resources hosted on-premise, or in data centers owned by private hosting providers, on infrastructure dedicated to a single company/customer in a personal environment unique to that specific consumer. Source

Protected data

Protected data is data that is not readable by some piece of software in the system (for example, because the OS specifies an application should not be able to read it). 

Protection Keys

Future Intel security technology that can help limit the data accessible to a piece of software, including the memory addresses that could be revealed by a branch target injection or bound check bypass attack.

Public Cloud

Computing resources hosted by a provider on infrastructure shared among multiple customers that offer servers, databases, and additional resources needed to run applications and websites in the “cloud.” Source

r

Retpoline

Side channel mitigation technique, developed by Google, which introduces a “return trampoline” also known as a retpoline. In this mitigation, software essentially replaces indirect near jump and call instructions with a code sequence that includes pushing the target of the branch in question onto the stack and then executing a Return (RET) instruction to jump to that location, as Return instructions can generally be protected using this method.

Rogue Data Cache Load (Variant 3)

Side Channel Cache Method that involves an application (user) attacker directly probing kernel (supervisor) memory. Such an operation typically results in an error (page fault due to page table permissions), but it can be speculatively executed under certain conditions for certain implementations. This method only applies to regions of memory designated supervisor-only by the page tables; not memory designated as not present.

Rogue System Register Read (Variant 3a)

Side Channel Cache Method that uses speculative execution of instructions that read system register state while the processor is operating at a mode/privilege level that does not architecturally allow the reading of that state. The set of system registers that can have their value inferred by this method is implementation-specific. Although these operations will architecturally fault or VM exit, in certain cases, they may return data accessible to subsequent instructions in the speculative execution path. These subsequent instructions can then create a side channel to infer the system register state.

Runtime

Specific version of an application distributed for limited use. These software releases may be called runtime programs because they offer a runtime environment without other features that allow for more permanent use. Source

s

Sandbox

Security mechanism that uses isolation to create a separate, restricted environment in which certain functions are prohibited and the execution, operation and processes of isolated software/code is not affected by other programs. The goal is to give enough access/ functionality while not exposing critical systems to potential risks. Source

Side Channel Cache Methods

Class of methods, such as those identified by Google Project Zero, through which the content of caches can be affected by speculative execution and potentially used to leak secret information. A cache timing side channel involves an agent detecting whether a piece of data is present in a specific level of the processor’s caches, where its presence may be used to infer some other piece of information.

Single Thread Indirect Branch Predictors (STIBP)

Side channel mitigation technique that prevents indirect branch predictions from being controlled by the sibling Hyperthread.

Single-Tenant

An architecture in which a single instance of a software application and supporting infrastructure (server) is dedicated to a single customer rather than shared among customers. Typically it’s hosted on a distinct physical (not virtualized) piece of hardware. Source

Speculative execution

Technique used by modern high performance processors to improve performance by executing instructions before knowing they are required. The most common form involves the control flow of a program. Instead of waiting for all branch instructions to resolve to determine which operations to execute, the processor predicts the control flow using highly sophisticated mechanisms. Usually the predictions are correct, which allows higher performance by hiding the latency of operations that determine the control flow and increasing the parallelism the processor can extract by having a larger pool of instructions to analyze. If a prediction is wrong, the work executed speculatively is discarded and the processor is redirected to execute the correct instruction path.

Speculative Store Bypass (Variant 4)

Side Channel Cache Method that takes advantage of a performance feature present in many high-performance processors that allows loads to speculatively execute even if the address of a preceding, potentially overlapping store, is unknown. In such a case, this may allow a load to speculatively read a stale data value. The processor will eventually correct such cases, but an attacker may discover ‘confused deputy’ code, which might allow them to use speculative execution to reveal the value of memory that is not normally accessible to them.

Speculative Store Bypass Disable (SSBD)

Mitigation technique for Speculative Store Bypass (Variant 4), which prevents a load from executing speculatively until the addresses of all older stores are known. This ensures that a load does not speculatively consume stale data values due to bypassing an older store on the same logical processor.

Supervisor-Mode Access Prevention (SMAP)

Intel security technology that can limit which memory addresses can be used for a cache based side channel, forcing an application attacking the kernel to use kernel memory space for the side channel. This makes it more difficult for an application to perform an attack on the kernel.

u

Untrusted data

Data that is controlled by the user and can be manipulated before it gets to the server. Source

v

Virtual Machine

Software that exhibits behavior and performs tasks of a separate computing device or system, implemented through software emulation or hardware virtualization techniques. The virtual instance, known as a guest, is created within a host computing environment. Multiple VMs can exist within a single host at one time. Virtual machines are often created to perform tasks that are different than tasks performed in a host environment. Source

Virtual Machine Monitor

Primary software behind virtualized environments and implementations. This software creates and manages virtual machines (VM) and manages operation of virtualized environments on physical hosts. When installed over a host machine, it facilitates creation of VMs, each with separate operating systems (OS) and applications. VMM manages backend operation by allocating needed resources. They also provide a centralized interface for managing the entire operation, status and availability of VMs installed over a single host or spread across different and interconnected hosts.

Related terms: virtual machine manager, hypervisor

w

Web developer

Programmer specializing or specifically engaged in development of World Wide Web applications or applications that are run over HTTP from a web server to a web browser.


Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software, or service activation. Performance varies depending on system configuration. Check with your system manufacturer or retailer or learn more at www.intel.com.

All information provided here is subject to change without notice. Contact your Intel representative to obtain the latest Intel product specifications and roadmaps.

The products and services described may contain defects or errors known as errata which may cause deviations from published specifications. Current characterized errata are available on request.

Intel provides these materials as-is, with no express or implied warranties.

No product can be absolutely secure.

Intel, the Intel logo, Intel Core, Intel Atom, Intel Xeon, Intel Xeon Phi, Intel® C Compiler, Intel Software Guard Extensions, and Intel® Trusted Execution Engine are trademarks of Intel Corporation in the U.S. and/or other countries.

*Other names and brands may be claimed as the property of others.