Snowflake’s Remediation Plans for the Meltdown and Spectre Vulnerabilities

Meltdown

Meltdown is a hardware vulnerability that primarily affects Intel x86 processors. An attacker must have local access on the target system and must be able to run their rogue code to successfully exploit the Meltdown vulnerability. Moreover, security researchers have  determined that Meltdown poses a clear risk to a virtualized environment.

In lieu of that, we commend the major cloud IaaS providers such as AWS for recognizing the threat, rolling-up their sleeves and quickly deploying a remediation security update. All indications from AWS suggest they have successfully remediated this vulnerability. Since Snowflake security tightly controls the code that can be run on our production servers, the main threat for data exposure is cross-VM attacks which AWS has remediated with its hypervisor patch.

There has also been a lot of concern about performance degradation after AWS deployed the security update. Our current internal performance results fall well within the noise range. In other words, we have not detected any significant impact to performance.

In addition, AWS has published an AWS kernel update so customers can deploy it to their respective VMs. However, Snowflake’s defense-in-depth approach adequately addresses the impact of Meltdown in the Snowflake service because we have a tight control of who can access our production environment. We limit this access to only those who need to perform administrative and security support. We also enforce several forms of multi-factor authentications before anyone can access the production VPC,  and we monitor all system changes on our servers and ensure those changes are authorized and secure. Although our security architecture does not require the AWS kernel patch for security reasons, we are evaluating the performance impact of this patch and will install it in all situations that do not materially impact the experience of our customers. Moreover, we have updated all of our Snowflake endpoints such as our company laptops.  

Spectre

Snowflake currently considers the Spectre Variant 1 vulnerability (CVE-2017-5753) as the most risky of the three new classes of speculative attacks (e.g., Spectre Variant 1, Spectre Variant 2, and Meltdown) because it has the ability to exploit browsers via JavaScript. Therefore, we have deployed all available browser Spectre patches to all of our Snowflake endpoints and we will continue to quickly deploy new browser Spectre patches when they become publicly available.

Outside of the browser attack surface, we will continue to remediate this vulnerability across our environment as vendors take proactive measures by releasing security updates. For example, we have deployed a vendor’s Spectre security update in our test environment and we are currently running regression and performance tests. We expect to deploy such a patch to the production environment shortly.

In the interim, we are monitoring our environment and continue to research for potential exploits by leveraging our security partners.

Customers

It is also critical that our customers update their systems, especially if they may execute untrusted code, which could be vulnerable to Meltdown or Spectre. This includes updating user web browsers with vendor-provided updates as soon as possible. We also recommend that customers leverage two-factor authentication whenever possible. As such, Snowflake generally recommends that customers use our MFA services and our IP whitelist features for interactive logins to their Snowflake account for defense-in-depth.

Conclusion

We will continue to send customer updates as we reach patch deployment milestones or if we detect significant system performance issues with the mitigations associated with these vulnerabilities.

Try Snowflake for free. Sign up and receive $400 US dollars worth of free usage. You can create a sandbox or launch a production implementation from the same Snowflake environment.