Many companies have developed patches to mitigate Meltdown- and Spectre-like speculative memory attacks. However, they can come with compromises: they can leave major gaps and still slow down your system. MIT researchers may have a better way. They've developed a new method, Dynamically Allocated Way Guard (yes, DAWG is on purpose), that promises tight security without dragging performance through the dirt.

It boils down to isolating memory caches on processors in a way that prevents them from seeing anything they don't need to know. MIT likens it to putting walls in a kitchen that prevent chefs from seeing each other's ingredients and tools. There are multiple separate cache ways with their own domain identities, each of which is validated. New policies, meanwhile, deal with cache "misses" that could signal an attack.
The result is an approach that protects against much more than Intel's pre-Spectre Cache Allocation Technology (CAT), but offers "comparable" performance. While it won't work against every possible speculative attack, it's still better -- and it protects against non-speculative attacks that CAT could never address. There's work underway to help DAWG tackle more speculative attacks, too, and it would require "very minimal" changes to operating systems.

More at: