It boils down to isolating memory caches on processors in a way that prevents them from seeing anything they don’t need to know. MIT likens it to putting walls in a kitchen that prevent chefs from seeing each other’s ingredients and tools. There are multiple separate cache ways with their own domain identities, each of which is validated. New policies, meanwhile, deal with cache “misses” that could signal an attack. You can’t try cache hits across those domains in a bid to
The result is an approach that protects against much more than Intel’s pre-Spectre Cache Allocation Technology (CAT), but offers “comparable” performance. While it won’t work against every possible speculative attack, it’s still better — and it protects against non-speculative attacks that CAT could never address. There’s work underway to help DAWG tackle more speculative attacks, too, and it would require “very minimal” changes to operating systems.
The challenge is getting companies to use the feature. MIT’s team is hopeful that companies like Intel will pick up on the idea, but that’s not guaranteed. As it is, the typical development times for processors could mean a long wait even if the industry adopted the concept right away. Still, this raises hope that there’s a true solution to Meltdown and Spectre that doesn’t involve a significant speed hit.