AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Meltdown and spectre1/23/2024 Spectre affects a fundamental part of most modern CPUs. Meltdown affects every Intel CPU created in the last twenty years. These vulnerabilities exist in the physical circuitry of the CPU, so they are difficult to fix. The vulnerability is called "Spectre" in reference to speculative processing, and because this problem will "haunt" the computer world for many years to come. They are also more difficult to prevent, because they affect all superscalar processors, including those created by Intel, AMD, and ARM (Advanced RISC Machine). Spectre attacks are difficult to implement, because they must specifically target the victim's software. This general type of attack is called branch target injection. Spectre then uses this information to manipulate what code the CPU executes next, including the private instructions of another running program. The attacker issues instructions crafted to cause incorrect guesses by the CPU, which permits side-channel analysis. Spectre takes advantage of superscalar processors by manipulating their speculative branch predictions (guesses). Most modern CPUs are superscalar, such as the ones in modern desktops, laptops, and mobile devices. CPUs with this design are called superscalar processors. If the guess is correct, a major speedup is achieved. The paradigm, out-of-order execution, uses speculative execution to "guess" what operation should happen next, and do some of that work ahead of time. Spectre is similar to Meltdown, but instead of attacking proprietary behavior of a chip, it targets previously-unknown weakness of a fundamental CPU design paradigm. The video below, created by researchers who discovered it, shows a proof-of-concept Meltdown attack in action. It's called "Meltdown" because the informational barrier that protects privileged data is effectively dissolved by the attack. You cannot see the thing, but if you can see its shape and movement in the curtain, you can make an educated guess about what it is. The effect is similar to seeing someone moving something behind a curtain. This information improves the chance, or in some cases guarantees, that subsequent attacks will succeed. An attacker can monitor the processor's performance in a side-channel and discern important details about the data. Although privileged data is not delivered to the unprivileged user, the CPU operates differently based upon the specific data that was fetched. When Intel CPUs are asked to prefetch data, they read the data before checking the privileges of the user. Meltdown is a vulnerability specific to Intel CPUs.
0 Comments
Read More
Leave a Reply. |