On 8/14/2018, Intel revealed another security flaw has been exposed called “Foreshadow”, whereby a botnet could bypass the safeguards and create a “shadow copy” at an unprotected location of the computer’s CPU rendering Intel’s security measures inert.
Currently this vulnerability is only for Intel’s SGX-based CPUs: Skylake and Kaby Lake used in many Xeon Server deployments.
In January, Intel revealed two separate flaws, named Spectre and Meltdown, that also exploit the same performance-boosting method called speculative execution (pre-loading computing instructions anticipated), which can be exploited to steal data from supposedly protected processes.
What is concerning with newer 5G nano-data centers being planned by Communications Service Providers, CSPs, is these vulnerabilities could be leveraged to attack data centers by breaking the security boundaries between one client’s application or virtual machine and another. For instance, a hacker could use a variant of Foreshadow to log into a cloud service and potentially read memory from another user or application hosted on the same server.
NFV (network function virtualization) is a key enabler of the new 5G architectures leveraging nano-datacenters at the edge of the network helping to virtualize all the various appliances in the network. In particular, new functions called “network slicing” enable multiple virtual applications to be created atop a shared physical infrastructure.
While inter-application firewalls may mitigate this new security threat, ideally complete separation of user applications from network applications on distributed physical infrastructure may be the preferred approach in the interim until Intel develops a complete solution solving the Foreshadow and other processor-level vulnerabilities.
Implications for Business Leaders
Today’s CSPs embarking on the 5G journey will need to address the vulnerabilities that have been uncovered in their nano-datacenter deployments leveraging NFV. Operators will need to maintain complete security across their networks while enabling greater flexibility in the network infrastructure in delivering new, virtualized 5G applications and functions while stabilizing management complexity.
Operators also need to clearly recognize the new category of security threat that is represented by Meltdown, Spectre and now Foreshadow. CISOs, CTOs and CIOs need to think of security holistically and consider new approaches to de-risk these processor-level threats. The C-Suite and the board need to understand the significant risks that processor-level vulnerabilities such as Foreshadow will have on their business and on their digital strategy.