Vulnerability Analysis and Impact of Spectre and Meltdown
VerifiedAdded on 2021/04/16
|16
|3997
|46
AI Summary
The provided document is a comprehensive analysis of the Spectre and Meltdown vulnerabilities. The Spectre attack exploits speculative execution, while Meltdown uses a similar technique to access sensitive data. This assignment delves into the effects of these vulnerabilities on processor designs, security, and performance. It also references related research papers and articles, including 'Spectre Attacks: Exploiting Speculative Execution' and 'Meltdown.' The document further discusses the implications of these vulnerabilities on cloud computing, high-performance computing applications, and their potential to impact future processor designs.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
1 | P a g e
Computer
Security
Computer
Security
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2 | P a g e
Table of Contents
Introduction................................................................................................................................2
Spectre and Meltdown................................................................................................................3
Measures to fix spectre and meltdown...................................................................................7
Impact on the business............................................................................................................8
Protecting system from Spectre and Meltdown......................................................................9
Future impact of Spectre and Meltdown...............................................................................10
Conclusion................................................................................................................................11
References................................................................................................................................12
Table of Contents
Introduction................................................................................................................................2
Spectre and Meltdown................................................................................................................3
Measures to fix spectre and meltdown...................................................................................7
Impact on the business............................................................................................................8
Protecting system from Spectre and Meltdown......................................................................9
Future impact of Spectre and Meltdown...............................................................................10
Conclusion................................................................................................................................11
References................................................................................................................................12
3 | P a g e
Introduction
Computer security is one of the major issue that an organisation need to take care to
avoid any chances of data loss. Thus it is important to secure the data from loss and
interception FROM malwares. Computer security deals with the security of data on a
network. Every organisation is dependent on computer, the technology for computer security
need to be developed. It is true that security of information is very vital part for keeping the
information safe in an organization as everyone relies on the data preserved online
(Rittinghouse and Ransome, 2016). Thus, it is important to protect the data assets of an
organization by keeping the information confidential, available and integrated. Computer
security cannot be overlooked as malicious threats appear every instant. Safeguarding the
network from hackers who are trying to steal the trustworthy information and sensitive data
packets is essential.
Even if the computer is not open or plugged up a person can open and get access to its
hard drive and steals the data and misuse it. It also damage the components of the computer
all together, it is important to note that protection of computer hardware and components is
essential for complete protection of the data (Conklin et.al, 2015). Disk locks are available in
numerous sizes which control the removal of CPU cover protecting components. Apart from
that network security is important as it facilities the free drift of data and services to an
official user. However such networks also cause some security threats, thus making network
security an important part (Stallings et. al, 2012). Computer security deals with securing the
system from all malicious activities and makes it harmless. Securing the hardware
components of the system along with that all the off shell programs and operating system
need to be secured.
Spectre and Meltdown are the vulnerabilities that affect every chip on the computer.
These variants contain malicious programs that give access to the data to the unauthorized
Introduction
Computer security is one of the major issue that an organisation need to take care to
avoid any chances of data loss. Thus it is important to secure the data from loss and
interception FROM malwares. Computer security deals with the security of data on a
network. Every organisation is dependent on computer, the technology for computer security
need to be developed. It is true that security of information is very vital part for keeping the
information safe in an organization as everyone relies on the data preserved online
(Rittinghouse and Ransome, 2016). Thus, it is important to protect the data assets of an
organization by keeping the information confidential, available and integrated. Computer
security cannot be overlooked as malicious threats appear every instant. Safeguarding the
network from hackers who are trying to steal the trustworthy information and sensitive data
packets is essential.
Even if the computer is not open or plugged up a person can open and get access to its
hard drive and steals the data and misuse it. It also damage the components of the computer
all together, it is important to note that protection of computer hardware and components is
essential for complete protection of the data (Conklin et.al, 2015). Disk locks are available in
numerous sizes which control the removal of CPU cover protecting components. Apart from
that network security is important as it facilities the free drift of data and services to an
official user. However such networks also cause some security threats, thus making network
security an important part (Stallings et. al, 2012). Computer security deals with securing the
system from all malicious activities and makes it harmless. Securing the hardware
components of the system along with that all the off shell programs and operating system
need to be secured.
Spectre and Meltdown are the vulnerabilities that affect every chip on the computer.
These variants contain malicious programs that give access to the data to the unauthorized
4 | P a g e
user. Meltdown melts all the security boundaries that are enforced in the hardware and
provides access to the attacker to see the data (Chapman, Burket and Brumley, 2014).
Spectre and Meltdown
These are two security flaws discovered on CPU. CPU is the brain of the computer
and all the operation on the system is due to the central processing unit. The two flaws
discovered are very dangerous and they work with kernel to steal data of the computer. They
can steal data from any application on the system; the data could be any credit card
information or any sensitive data. Thus it is very important to protect these flaws. These
flaws are generally overlooked as users think that all the applications running on the system
are not linked or the software’s operating on the system are isolated from each other. But
from the last research it was concluded that these software leave the footprints on the modern
processor (Simakov et. al, 2018). Modern processor stores the data recently accessed.
Information leakage can be possible as the modern processor give access to software’s.
Removing the granularity of access to the footprints of the services helps in securing the
system.
Spectre exploits branch predication and speculative application that lead to data loss from
processor channel that is cache lines. Spectre read memory only from the present process and
not from the kernel or any other physical memory. As modern processor nowadays perform
speculative execution by executing the instructions in a parallel manner. It is possible that
these instructions will never be executed, thus a snapshot is taken by CPU so that execution
could be rolled back whenever needed. Modern processor mostly uses branch prediction and
speculative execution to take full advantage of the performance of the system. Spectre attacks
include inducing a victim to processes that will not occur during the execution of right
user. Meltdown melts all the security boundaries that are enforced in the hardware and
provides access to the attacker to see the data (Chapman, Burket and Brumley, 2014).
Spectre and Meltdown
These are two security flaws discovered on CPU. CPU is the brain of the computer
and all the operation on the system is due to the central processing unit. The two flaws
discovered are very dangerous and they work with kernel to steal data of the computer. They
can steal data from any application on the system; the data could be any credit card
information or any sensitive data. Thus it is very important to protect these flaws. These
flaws are generally overlooked as users think that all the applications running on the system
are not linked or the software’s operating on the system are isolated from each other. But
from the last research it was concluded that these software leave the footprints on the modern
processor (Simakov et. al, 2018). Modern processor stores the data recently accessed.
Information leakage can be possible as the modern processor give access to software’s.
Removing the granularity of access to the footprints of the services helps in securing the
system.
Spectre exploits branch predication and speculative application that lead to data loss from
processor channel that is cache lines. Spectre read memory only from the present process and
not from the kernel or any other physical memory. As modern processor nowadays perform
speculative execution by executing the instructions in a parallel manner. It is possible that
these instructions will never be executed, thus a snapshot is taken by CPU so that execution
could be rolled back whenever needed. Modern processor mostly uses branch prediction and
speculative execution to take full advantage of the performance of the system. Spectre attacks
include inducing a victim to processes that will not occur during the execution of right
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
5 | P a g e
program. This leads to leakage of information via side channel (Lipp et.al, 2018). Side
channels are the main reason for attacks and reading the unauthorized information by
disturbing the confidentiality of the system. To improve the processor speed speculative
execution is used to enhance the performance by guessing the direction of control flow.
Spectre attack happens by attacking the native code or by attacking the JavaScript (Kocher
et.al , 2018).
The spectre vulnerability does not allow an unprivileged user to read the privileged
memory. It only allows the code to be executed in the victim procedure and access the data it
is not allowed to. Spectre is more useful in leaking the data out of the process and is based on
branch predication and speculative execution algorithm. Two uses of Spectre exploration is:
leaking of secret data from browser memory and leaking addresses of user spaces modules to
facilitate remote program execution.
It opens up doors for dangerous attacks like the JavaScript code on the website uses
Spectre for revealing all the sensitive information. Most of the vulnerability happens at
hardware level which cannot be tracked. These patches generally alleviate the vulnerabilities
by changing or disabling the software code that make use of the speculative execution.
Caching which is an underlying feature of the hardware also give chanced to attacker for
speculative execution (Watson et. al, 2018). These features were basically designed to
progress the performance of the system but this make the system slow.
program. This leads to leakage of information via side channel (Lipp et.al, 2018). Side
channels are the main reason for attacks and reading the unauthorized information by
disturbing the confidentiality of the system. To improve the processor speed speculative
execution is used to enhance the performance by guessing the direction of control flow.
Spectre attack happens by attacking the native code or by attacking the JavaScript (Kocher
et.al , 2018).
The spectre vulnerability does not allow an unprivileged user to read the privileged
memory. It only allows the code to be executed in the victim procedure and access the data it
is not allowed to. Spectre is more useful in leaking the data out of the process and is based on
branch predication and speculative execution algorithm. Two uses of Spectre exploration is:
leaking of secret data from browser memory and leaking addresses of user spaces modules to
facilitate remote program execution.
It opens up doors for dangerous attacks like the JavaScript code on the website uses
Spectre for revealing all the sensitive information. Most of the vulnerability happens at
hardware level which cannot be tracked. These patches generally alleviate the vulnerabilities
by changing or disabling the software code that make use of the speculative execution.
Caching which is an underlying feature of the hardware also give chanced to attacker for
speculative execution (Watson et. al, 2018). These features were basically designed to
progress the performance of the system but this make the system slow.
6 | P a g e
Meltdown is one of the worst bugs found and is the one that need to be resolved instantly.
These need to be fixed immediately. It allows attacker to read the physical memory as well as
the kernel memory from an unauthorized user process. It uses out of order execution of
instruction to leak the data from cache lines. Meltdown takes the advantage of the fact that
instructions are often executed out of order so that they can leak the data from the channel.
Meltdown is patched in Windows, Linux, Mac and Android. On an unpatched system all the
kernel memory can be read from the windows. Paged table is used by the system as it
provides mapping between physical and virtual memory (Cahill, 2017). Modern operating
system maps kernel addresses to user space processes.
It is related to micro architectural attack; it focuses on exploiting the out of order execution so
that physical memory can be targeted. It relies on accessing the kernel memory by using user
space. This access cause’s trap in the system as it leaks the contents through a cache channel.
It is generally implemented due execution of instructions without the desired order, which in
turn increases the utilization of the processor. The processor queues all the instructions that
are completed in the re-order buffer and are retrieved whenever needed (Fischer, Neaman and
Sharma, 2011).
Meltdown is one of the worst bugs found and is the one that need to be resolved instantly.
These need to be fixed immediately. It allows attacker to read the physical memory as well as
the kernel memory from an unauthorized user process. It uses out of order execution of
instruction to leak the data from cache lines. Meltdown takes the advantage of the fact that
instructions are often executed out of order so that they can leak the data from the channel.
Meltdown is patched in Windows, Linux, Mac and Android. On an unpatched system all the
kernel memory can be read from the windows. Paged table is used by the system as it
provides mapping between physical and virtual memory (Cahill, 2017). Modern operating
system maps kernel addresses to user space processes.
It is related to micro architectural attack; it focuses on exploiting the out of order execution so
that physical memory can be targeted. It relies on accessing the kernel memory by using user
space. This access cause’s trap in the system as it leaks the contents through a cache channel.
It is generally implemented due execution of instructions without the desired order, which in
turn increases the utilization of the processor. The processor queues all the instructions that
are completed in the re-order buffer and are retrieved whenever needed (Fischer, Neaman and
Sharma, 2011).
7 | P a g e
In a Meltdown process the attacker launch a process, and inside that process the
attacker creates a larger user space array. And this user process basically reads the byte from
the CPU cache by clearing the fundamentals of user space collection from the cache memory.
Thus in the first step user process reads kernel memory byte wise which causes an exception
by leaking the data in a side channel before invocation of exception handler. The exception
handler is invoked in the system due to out of order execution of instructions. Once the
attacker gets the side channel it uses user space array to flush the instruction before it can be
read by anyone (Nolan, 2011). The CPU effectively snapshots these operations because due
to some reasons the instructions might not execute. In step two, the assessment of secret data
is used to inhabit the information in an array that is readable in user space memory. Secret
data can never be accessed in user space memory thus it gets flushed back by resetting the
snapshots taken by the CPU. In step three exceptions is triggered due to the order of
instructions. The secret data is not accessible here in the user space array thus it gets rolled
back. The last step basically involves the iteration of unprivileged process via array elements.
Thus cached element is returned faster by revealing the contents of the secret byte. This
allows the Meltdown attack to be performed without handling the software exceptions.
Two uses of Meltdown is privilege Escalation and Para virtualization.
Privilege Escalation- If an attacker executes a process on any unpatched system, all the
physical memory is dumped. Using that physical memory attacker identifies password hashes
or private keys.
Para virtualization- Meltdown targets kernel address that is shared between container and
host kernel so that attacker may outflow the data from a container leading to hypervisor
escape.
These vulnerabilities are hard to detect as:
In a Meltdown process the attacker launch a process, and inside that process the
attacker creates a larger user space array. And this user process basically reads the byte from
the CPU cache by clearing the fundamentals of user space collection from the cache memory.
Thus in the first step user process reads kernel memory byte wise which causes an exception
by leaking the data in a side channel before invocation of exception handler. The exception
handler is invoked in the system due to out of order execution of instructions. Once the
attacker gets the side channel it uses user space array to flush the instruction before it can be
read by anyone (Nolan, 2011). The CPU effectively snapshots these operations because due
to some reasons the instructions might not execute. In step two, the assessment of secret data
is used to inhabit the information in an array that is readable in user space memory. Secret
data can never be accessed in user space memory thus it gets flushed back by resetting the
snapshots taken by the CPU. In step three exceptions is triggered due to the order of
instructions. The secret data is not accessible here in the user space array thus it gets rolled
back. The last step basically involves the iteration of unprivileged process via array elements.
Thus cached element is returned faster by revealing the contents of the secret byte. This
allows the Meltdown attack to be performed without handling the software exceptions.
Two uses of Meltdown is privilege Escalation and Para virtualization.
Privilege Escalation- If an attacker executes a process on any unpatched system, all the
physical memory is dumped. Using that physical memory attacker identifies password hashes
or private keys.
Para virtualization- Meltdown targets kernel address that is shared between container and
host kernel so that attacker may outflow the data from a container leading to hypervisor
escape.
These vulnerabilities are hard to detect as:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8 | P a g e
These flaws occur at the hardware which cannot be patched easily. Thus certain
software is built to deal with the hardware issue. To solve the origin cause of these
bugs, the logic of modern processor need to modified (Willmott, 2011).
These vulnerabilities are invisible and occur in the system through the side channel
and basically use the information from the physical implementation of the system.
Mitigating these vulnerabilities by software patches are expensive in terms of
performance criteria.
Measures to fix spectre and meltdown
Meltdown and Spectre need to be protected from every device from android phone,
Mac or windows PCs. It could be fixed easily in android phone by updating the software.
Meltdown and Spectre hit the windows mostly as they read and steal all the data of the
applications running on the system and s very hard to fix (Science Computing, 2018). Thus
various measures taken to fix these bugs are:
Mitigation – Hardware or software should be updated to latest information. As in case of
spectre the flaw exists in CPU and not in the software and is very difficult to be patched.
Thus patching also decreases the performance of the system. Performance can be improved
but mitigates the flaws.
Antiviruses- There are various antiviruses that are not compatible with Spectre and
Meltdown vulnerability. Thus only those antiviruses are installed in the system that is
compatible with Meltdown and Spectre (Science Computing, 2018).
Vendor Links- Patches are downloaded from vendor links to test the environment of the
system and verifying that each patch is being implemented properly.
Updating the system- Keeping the operating system updated and checking the firmware
updated helps in protecting the PC against these flaws (Science Computing, 2018). If the
These flaws occur at the hardware which cannot be patched easily. Thus certain
software is built to deal with the hardware issue. To solve the origin cause of these
bugs, the logic of modern processor need to modified (Willmott, 2011).
These vulnerabilities are invisible and occur in the system through the side channel
and basically use the information from the physical implementation of the system.
Mitigating these vulnerabilities by software patches are expensive in terms of
performance criteria.
Measures to fix spectre and meltdown
Meltdown and Spectre need to be protected from every device from android phone,
Mac or windows PCs. It could be fixed easily in android phone by updating the software.
Meltdown and Spectre hit the windows mostly as they read and steal all the data of the
applications running on the system and s very hard to fix (Science Computing, 2018). Thus
various measures taken to fix these bugs are:
Mitigation – Hardware or software should be updated to latest information. As in case of
spectre the flaw exists in CPU and not in the software and is very difficult to be patched.
Thus patching also decreases the performance of the system. Performance can be improved
but mitigates the flaws.
Antiviruses- There are various antiviruses that are not compatible with Spectre and
Meltdown vulnerability. Thus only those antiviruses are installed in the system that is
compatible with Meltdown and Spectre (Science Computing, 2018).
Vendor Links- Patches are downloaded from vendor links to test the environment of the
system and verifying that each patch is being implemented properly.
Updating the system- Keeping the operating system updated and checking the firmware
updated helps in protecting the PC against these flaws (Science Computing, 2018). If the
9 | P a g e
system is not updated, the steps need to be taken manually like heading to start option then
setting then update and security tab future clicking on windows updates.
Firmware- Firmware is needed to protect the system from Spectre variants. Thus every
system need to have an updated firmware.
These flaws can occur in all kind of operating system, thus steps taken to protect the attack or
Meltdown and Spectre is:
Android- Various Android devices are launched which fixes the affected devices and removes
the flaw .Also by running some android antiviruses app on the system remove the occurrence
of patches from unknown sources (Science Computing, 2018). Especially n Google phones it
automatically updates the device before the patch occurs but in non-Google devices it need to
wait until patch occurs.
Mac- Mac operating system is also been patched to deal with Meltdown and Spectre attack.
This updates are available on the App store thus assuring that it would be free from both the
flaws. It also assures that these patches won’t affect the performance of the system (Schneier,
2017).
IOS- As Spectre attack was most commonly seen in iPhones and iPads and triggered
JavaScript on the browser was updated and patched on January 8 (Schneier, 2017). The latest
versions are already protected from these vulnerabilities.
Linux- Linux PCs are difficult to be protected. It need to first update the firmware of the
system as well as need to check the motherboard of the computer (Schneier, 2017).
Impact on the business
There are two main methods in which Meltdown and Spectre could impact the
business. It has increased the risk of cyber-attacks by exploiting the sensitive data and
system is not updated, the steps need to be taken manually like heading to start option then
setting then update and security tab future clicking on windows updates.
Firmware- Firmware is needed to protect the system from Spectre variants. Thus every
system need to have an updated firmware.
These flaws can occur in all kind of operating system, thus steps taken to protect the attack or
Meltdown and Spectre is:
Android- Various Android devices are launched which fixes the affected devices and removes
the flaw .Also by running some android antiviruses app on the system remove the occurrence
of patches from unknown sources (Science Computing, 2018). Especially n Google phones it
automatically updates the device before the patch occurs but in non-Google devices it need to
wait until patch occurs.
Mac- Mac operating system is also been patched to deal with Meltdown and Spectre attack.
This updates are available on the App store thus assuring that it would be free from both the
flaws. It also assures that these patches won’t affect the performance of the system (Schneier,
2017).
IOS- As Spectre attack was most commonly seen in iPhones and iPads and triggered
JavaScript on the browser was updated and patched on January 8 (Schneier, 2017). The latest
versions are already protected from these vulnerabilities.
Linux- Linux PCs are difficult to be protected. It need to first update the firmware of the
system as well as need to check the motherboard of the computer (Schneier, 2017).
Impact on the business
There are two main methods in which Meltdown and Spectre could impact the
business. It has increased the risk of cyber-attacks by exploiting the sensitive data and
10 | P a g e
decreasing the speed of the processor. Patches are produced to diminish the effects of these
bugs, but the impact of these patches on the performance is dangerous for security. The
performance of the business is directly dependent on the hardware and operating system
(Meza‐Lopez and Siemann, 2015). And the businesses running on the large-scale have heavy
workloads on the servers would be impacted by the slowdown of speed.
To safeguard the business from Meltdown and Spectre, various ways are:
Updating- Every device need to be updated with all the necessary patches required to deal
with the security flaw. These devices need to be updated on regular basics.
Stay up-to-date of new information- Meltdown can be resolved by the patches available but
Spectre cannot be resolved so the security team need to stay updated regarding nay new
security update (Meza‐Lopez and Siemann, 2015).
Analysing- Security of business may be affected by the cloud, network servers or data stored.
Thus it is important to check that business is protected from all these security chains.
Evaluating the data- It is not necessary to store all the data on the computer as there are
various cloud providers available (Meza‐Lopez and Siemann, 2015). Thus it is important to
store all the sensitive data on the cloud.
Protecting system from Spectre and Meltdown
Patching the system against these attacks is important and can be done by updating
the system to Windows 10. As patches cannot be downloaded if any third party anti-virus is
used. Thus patches are downloaded from any other updates, as the only motive is to make
sure that the system gets updated (Heinemann et. al, 2014). Apart from that it is
recommended that users keep the backup of the data packets and not relying completely on
decreasing the speed of the processor. Patches are produced to diminish the effects of these
bugs, but the impact of these patches on the performance is dangerous for security. The
performance of the business is directly dependent on the hardware and operating system
(Meza‐Lopez and Siemann, 2015). And the businesses running on the large-scale have heavy
workloads on the servers would be impacted by the slowdown of speed.
To safeguard the business from Meltdown and Spectre, various ways are:
Updating- Every device need to be updated with all the necessary patches required to deal
with the security flaw. These devices need to be updated on regular basics.
Stay up-to-date of new information- Meltdown can be resolved by the patches available but
Spectre cannot be resolved so the security team need to stay updated regarding nay new
security update (Meza‐Lopez and Siemann, 2015).
Analysing- Security of business may be affected by the cloud, network servers or data stored.
Thus it is important to check that business is protected from all these security chains.
Evaluating the data- It is not necessary to store all the data on the computer as there are
various cloud providers available (Meza‐Lopez and Siemann, 2015). Thus it is important to
store all the sensitive data on the cloud.
Protecting system from Spectre and Meltdown
Patching the system against these attacks is important and can be done by updating
the system to Windows 10. As patches cannot be downloaded if any third party anti-virus is
used. Thus patches are downloaded from any other updates, as the only motive is to make
sure that the system gets updated (Heinemann et. al, 2014). Apart from that it is
recommended that users keep the backup of the data packets and not relying completely on
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
11 | P a g e
the patches. It is possible that system crashes even after patches are made that is why it is
advised to make backups in case of any crash. Especially in case of Spectre user should
install software updates as soon as they are available. As there is no patch available for
Spectre, keeping updated is the only solution. Many browsers such as Mozilla have provided
the workaround solution, Google is also launching it update soon (Heinemann et. al, 2014).
For protecting the system from Meltdown and Spectre user should use anti malware software
and the software should be kept up to date. Since spectre uses JavaScript that injects
malicious code on the website, thus keeping the anti-malware updated allows software to
block the malicious code causing any damage to the system. Some traditional protection
methods could be used to prevent the access of unauthorized user by building a defence layer
to protect the system from these flaws (ZDNet, 2018). System operators should make sure to
protect systems that handle sensitive data from executing unauthorised software and from
accessing untrusted websites.
Future impact of Spectre and Meltdown
Spectre and Meltdown are the major security flaws that focus on stealing the sensitive
data like important banking information or passwords. These flaws have affected every
modern computers, tablets, smartphones and PCs running on any type of operating system. In
modern world, everyone relies on the data stored on the computer and believes that the
confidentiality is maintained. But these flaws allow attackers to steal the data by bypassing
the hardware barrier. In future the flaws will be increasing and the impact would be more
serious, thus it is important to change the way in which operating system handle the memory.
These vulnerabilities have also attacked the cloud system, as every business data is stored on
cloud it is important to protect cloud system from theses bugs (Trippel, Lustig and Martonosi,
2018).
the patches. It is possible that system crashes even after patches are made that is why it is
advised to make backups in case of any crash. Especially in case of Spectre user should
install software updates as soon as they are available. As there is no patch available for
Spectre, keeping updated is the only solution. Many browsers such as Mozilla have provided
the workaround solution, Google is also launching it update soon (Heinemann et. al, 2014).
For protecting the system from Meltdown and Spectre user should use anti malware software
and the software should be kept up to date. Since spectre uses JavaScript that injects
malicious code on the website, thus keeping the anti-malware updated allows software to
block the malicious code causing any damage to the system. Some traditional protection
methods could be used to prevent the access of unauthorized user by building a defence layer
to protect the system from these flaws (ZDNet, 2018). System operators should make sure to
protect systems that handle sensitive data from executing unauthorised software and from
accessing untrusted websites.
Future impact of Spectre and Meltdown
Spectre and Meltdown are the major security flaws that focus on stealing the sensitive
data like important banking information or passwords. These flaws have affected every
modern computers, tablets, smartphones and PCs running on any type of operating system. In
modern world, everyone relies on the data stored on the computer and believes that the
confidentiality is maintained. But these flaws allow attackers to steal the data by bypassing
the hardware barrier. In future the flaws will be increasing and the impact would be more
serious, thus it is important to change the way in which operating system handle the memory.
These vulnerabilities have also attacked the cloud system, as every business data is stored on
cloud it is important to protect cloud system from theses bugs (Trippel, Lustig and Martonosi,
2018).
12 | P a g e
Seeing from a high-level perspective, these vulnerabilities have affected the
fundamental principle of isolation between application and the operating system or between
two different applications. Thus exploiting they allow the attacker to gain aces to all the
secret data on the system. All the secret keys and the credentials stored on the system or
cloud of the company is leaked due to these bugs. It also affects the processors ubiquities and
has reached till the cloud environment, stealing the data from cloud. To control these bugs so
that it don’t have severe problem in the future it need to be corrected from hardware level.
Computers need to be designed in a way that measures hardware updates automatically so
that it doesn’t affect the software solutions of the system. To fix these bugs permanently in
futures, hardware’s are deployed in such a way that it deals with these flaws by not allowing
them to penetrate in the system (ZDNet, 2018). Until the new hardware is deployed,
temporary software based solutions are used for providing patches.
Conclusion
Meltdown breaks the most important isolation among user application and the
operating system. It permits a code to access the memory and all the secret data of other
programs. Thus it can be concluded that a computer has a susceptible computer and runs on
an unpatched operating system it is not considered harmless to work. Whereas, Spectre
breaks the isolation between different applications but allow an attacker to trick error free
programs. Spectre is tougher to exploit than Meltdown but they are harder to mitigate.
Solution for this problem is reliable and can be solved by method of Desktop channel. With
the help of Desktop central one can protect the network against Meltdown and Spectre and
defend the system from existing and future vulnerabilities. It patches Windows, Linux or
Mac. system automatically for no future damage. Thus it is important to fix these bugs to
maintain confidentiality of the data stored on the system.
Seeing from a high-level perspective, these vulnerabilities have affected the
fundamental principle of isolation between application and the operating system or between
two different applications. Thus exploiting they allow the attacker to gain aces to all the
secret data on the system. All the secret keys and the credentials stored on the system or
cloud of the company is leaked due to these bugs. It also affects the processors ubiquities and
has reached till the cloud environment, stealing the data from cloud. To control these bugs so
that it don’t have severe problem in the future it need to be corrected from hardware level.
Computers need to be designed in a way that measures hardware updates automatically so
that it doesn’t affect the software solutions of the system. To fix these bugs permanently in
futures, hardware’s are deployed in such a way that it deals with these flaws by not allowing
them to penetrate in the system (ZDNet, 2018). Until the new hardware is deployed,
temporary software based solutions are used for providing patches.
Conclusion
Meltdown breaks the most important isolation among user application and the
operating system. It permits a code to access the memory and all the secret data of other
programs. Thus it can be concluded that a computer has a susceptible computer and runs on
an unpatched operating system it is not considered harmless to work. Whereas, Spectre
breaks the isolation between different applications but allow an attacker to trick error free
programs. Spectre is tougher to exploit than Meltdown but they are harder to mitigate.
Solution for this problem is reliable and can be solved by method of Desktop channel. With
the help of Desktop central one can protect the network against Meltdown and Spectre and
defend the system from existing and future vulnerabilities. It patches Windows, Linux or
Mac. system automatically for no future damage. Thus it is important to fix these bugs to
maintain confidentiality of the data stored on the system.
13 | P a g e
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
14 | P a g e
References
Cahill, D., 2017. The Spectre of Collectivism: Neoliberalism, the Wars, and Historical
Revisionism. In 100 years of European Philosophy Since the Great War (pp. 183-197).
Springer, Cham.
Chapman, P., Burket, J. and Brumley, D., 2014, August. PicoCTF: A Game-Based Computer
Security Competition for High School Students. In 3GSE.
Conklin, W.A., White, G., Cothren, C., Davis, R. and Williams, D., 2015. Principles of
computer security. McGraw-Hill Education Group.
Fischer, H., Neaman, E. and Sharma, S.D., 2011. Why the Greek Meltdown Became a Euro-
Zone Crisis. Whitehead J. Dipl. & Int'l Rel., 12, p.43.
Heinemann, M., Timmermann, A., Elison Timm, O., Saito, F. and Abe-Ouchi, A., 2014.
Deglacial ice sheet meltdown: Orbital pacemaking and CO 2 effects. Climate of the
Past, 10(4), pp.1567-1579.
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher,
T., Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative
Execution. arXiv preprint arXiv:1801.01203.
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin,
D., Yarom, Y. and Hamburg, M., 2018. Meltdown. arXiv preprint arXiv:1801.01207.
Meza‐Lopez, M.M. and Siemann, E., 2015. Experimental test of the Invasional Meltdown
Hypothesis: an exotic herbivore facilitates an exotic plant, but the plant does not reciprocally
facilitate the herbivore. Freshwater biology, 60(7), pp.1475-1482.
Nolan, P., 2011. Money, markets, meltdown: the 21st‐century crisis of labour. Industrial
Relations Journal, 42(1), pp.2-17.
References
Cahill, D., 2017. The Spectre of Collectivism: Neoliberalism, the Wars, and Historical
Revisionism. In 100 years of European Philosophy Since the Great War (pp. 183-197).
Springer, Cham.
Chapman, P., Burket, J. and Brumley, D., 2014, August. PicoCTF: A Game-Based Computer
Security Competition for High School Students. In 3GSE.
Conklin, W.A., White, G., Cothren, C., Davis, R. and Williams, D., 2015. Principles of
computer security. McGraw-Hill Education Group.
Fischer, H., Neaman, E. and Sharma, S.D., 2011. Why the Greek Meltdown Became a Euro-
Zone Crisis. Whitehead J. Dipl. & Int'l Rel., 12, p.43.
Heinemann, M., Timmermann, A., Elison Timm, O., Saito, F. and Abe-Ouchi, A., 2014.
Deglacial ice sheet meltdown: Orbital pacemaking and CO 2 effects. Climate of the
Past, 10(4), pp.1567-1579.
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher,
T., Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative
Execution. arXiv preprint arXiv:1801.01203.
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin,
D., Yarom, Y. and Hamburg, M., 2018. Meltdown. arXiv preprint arXiv:1801.01207.
Meza‐Lopez, M.M. and Siemann, E., 2015. Experimental test of the Invasional Meltdown
Hypothesis: an exotic herbivore facilitates an exotic plant, but the plant does not reciprocally
facilitate the herbivore. Freshwater biology, 60(7), pp.1475-1482.
Nolan, P., 2011. Money, markets, meltdown: the 21st‐century crisis of labour. Industrial
Relations Journal, 42(1), pp.2-17.
15 | P a g e
Rittinghouse, J.W. and Ransome, J.F., 2016. Cloud computing: implementation,
management, and security. CRC press.
Schneier, 2017, The Effects of the Spectre and Meltdown Vulnerabilities [Online]. Available
at: . Accessed on 13 March.
Science Computing, 2018, How Meltdown and Spectre will impact future processor designs
[Online]. Available at: https://www.scientific-computing.com/news/analysis-opinion/how-
meltdown-and-spectre-will-impact-future-processor-designs.Accessed on 13 March.
Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and
Furlani, T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329.
Stallings, W., Brown, L., Bauer, M.D. and Bhattacharjee, A.K., 2012. Computer security:
principles and practice (pp. 978-0). Pearson Education.
Trippel, C., Lustig, D. and Martonosi, M., 2018. MeltdownPrime and SpectrePrime:
Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence
Protocols. arXiv preprint arXiv:1802.03802.
Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
Willmott, H., 2011. Book Review: Making sense of the financial meltdown-an extended
review of The Spectre at the Feast: Capitalist Crisis and the Politics of Recession: The
Spectre at the Feast: Capitalist Crisis and the Politics of Recession, A. Gamble. London:
Palgrave Macmillan, 2009. 208 pp.£ 15.99. ISBN 9780230230750. Organization, 18(2),
pp.239-260.
Rittinghouse, J.W. and Ransome, J.F., 2016. Cloud computing: implementation,
management, and security. CRC press.
Schneier, 2017, The Effects of the Spectre and Meltdown Vulnerabilities [Online]. Available
at: . Accessed on 13 March.
Science Computing, 2018, How Meltdown and Spectre will impact future processor designs
[Online]. Available at: https://www.scientific-computing.com/news/analysis-opinion/how-
meltdown-and-spectre-will-impact-future-processor-designs.Accessed on 13 March.
Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and
Furlani, T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329.
Stallings, W., Brown, L., Bauer, M.D. and Bhattacharjee, A.K., 2012. Computer security:
principles and practice (pp. 978-0). Pearson Education.
Trippel, C., Lustig, D. and Martonosi, M., 2018. MeltdownPrime and SpectrePrime:
Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence
Protocols. arXiv preprint arXiv:1802.03802.
Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
Willmott, H., 2011. Book Review: Making sense of the financial meltdown-an extended
review of The Spectre at the Feast: Capitalist Crisis and the Politics of Recession: The
Spectre at the Feast: Capitalist Crisis and the Politics of Recession, A. Gamble. London:
Palgrave Macmillan, 2009. 208 pp.£ 15.99. ISBN 9780230230750. Organization, 18(2),
pp.239-260.
16 | P a g e
ZDNet, 2018, Meltdown and Spectre: The looming death of security (and what to do about it)
[Online]. Available at: http://www.zdnet.com/article/meltdown-and-spectre-the-looming-
death-of-security-and-what-to-do-about-it/ Accessed on 11 March.
ZDNet, 2018, Meltdown and Spectre: The looming death of security (and what to do about it)
[Online]. Available at: http://www.zdnet.com/article/meltdown-and-spectre-the-looming-
death-of-security-and-what-to-do-about-it/ Accessed on 11 March.
1 out of 16
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.