On Jan 3, 2018, Google’s Project Zero team along with several other university researchers identified several security issues with speculative execution, an optimization technique used in microprocessors to improve performance.

Couchbase is aware of the recently disclosed class of processor/OS vulnerabilities (Meltdown and Spectre) affecting modern processors and operating systems including Intel, AMD, and ARM. This article explains how these kinds of vulnerabilities can affect any user-space application such as Couchbase.

Vulnerability Assessment

Two variants of vulnerabilities associated with speculative execution have been disclosed. The vulnerabilities allow attackers to exfiltrate confidential information from the kernel or from other processes via a side-channel.

Meltdown exploits side-effects of out-of-order execution to break the isolation between user applications and the operating system, allowing an application to access memory of another application, as well as system memory.

Spectre exploits vulnerabilities in speculative execution to break the isolation between applications, allowing one application to access memory associated with another, which can then be leaked through a side channel.

For these attacks to be feasible, attackers must be able to run malicious processes on the same host and processor as the victim processes. As such, where applicable, policing access to machines and physical machine security can be an effective temporary mitigation against these attacks.

In order to fully mitigate these vulnerabilities, it is necessary to patch the operating system to include recent fixes to the kernel. It also may be necessary to enable these patches (though it appears many vendors will do this by default) and to update the processor firmware. Couchbase strongly recommends that customers consult with their hardware and OS vendors for the specific steps needed to ensure they are protected.

Securing the Stack

As with other applications running in user-space, Couchbase and other database technologies may get affected by these vulnerabilities.  

The following table outlines what customers should do, depending on the environment in which Couchbase is running. Couchbase recommends customers deploy fixes using normal procedures to validate new binaries before deploying to production environments.

Scenario Description Couchbase Recommendation(s)
Couchbase is run on bare metal (no virtual machines) AND no other untrusted application logic (application tier) is run on the same machine
  1. Apply Linux/Windows OS patches
  2. Consult with your Linux/Windows OS vendor about whether and how to enable the firmware changes.

(see below for references)

Couchbase is run in a virtual machine in a public hosting environment On each of the supported cloud providers (AWS, Azure & GCP) we are in the process of updating pre-configured images to include latest OS patched version.

Customers not using those pre-configured images should refer to cloud providers for guidance on applying OS patches.

Couchbase is run in a virtual machine in a private hosting environment
  1. Apply Linux/Windows OS patches
  2. Consult with your Linux/Windows OS vendor about whether and how to enable the firmware changes.

Additionally, we recommend isolating Couchbase Server on dedicated physical hardware.

(see below for references)

Couchbase is run in a physical or virtual machine and is not isolated from other application logic running on the same machine
  1. Apply Linux/Windows OS patches
  2. Consult with your Linux/Windows OS vendor about whether and how to enable the firmware changes.

We recommend restricting use of or blocking untrusted code from executing on the machine.

(see below for references)

Performance Advisory

Couchbase continues to do performance evaluation on the patched binaries. While the Meltdown OS kernel patch prevents the chip’s kernel from leaking memory, it may bring some changes to the way the OS interacts with the processor, resulting in some performance degradation.

The degradation is highly workload-dependent (consistent with the early reports from Intel), and Couchbase recommends testing in your environment before production deployment. This may also involve moving to a more powerful CPU machine to take the extra load if needed.

References

Contact us

If you need to talk to us about this issue, contact us at support@couchbase.com.

Posted by Anil Kumar, Director Product Management, Couchbase Server

As a Director of Product Management at Couchbase, Anil Kumar is responsible for Couchbase Server product development, roadmaps, positioning, messaging, and collateral. Prior to joining Couchbase, Anil spent several years working at Microsoft in the Entertainment division and most recently in the Windows and Windows Live division. Anil holds a master's degree in computer science and a bachelor's in information technology.

Leave a reply