logo

CO4509 – Computer Security

   

Added on  2021-04-21

13 Pages3355 Words62 Views
 | 
 | 
 | 
Running head: COMPUTER SECURITYCO4509 – Computer Security (Spectre and Meltdown)Name of the StudentName of the UniversityAuthor Note
CO4509 – Computer Security_1

1COMPUTER SECURITY Table of ContentsIntroduction......................................................................................................................................2Meltdown.........................................................................................................................................2Spectre.............................................................................................................................................4Meltdown Fix...................................................................................................................................5Spectre Fix.......................................................................................................................................7Predictions.......................................................................................................................................8Conclusion.......................................................................................................................................9References......................................................................................................................................11
CO4509 – Computer Security_2

2COMPUTER SECURITY IntroductionIn the starting of 2018, it was found by the researchers that there are securityvulnerabilities namely meltdown and spectre those can be used in wrong manner for theunauthorized access of the system by an intruder (Lipp et al. 2018). It was reported that theresearch was in progress for more than six months however, the news became public after acertain time span. It is being considered that until now none of the unauthorized user or anyintruder had executed the meltdown attack for accessing the data or information from anunauthorized system. Another perspective for this type of threat is that flaws have been identifiedin the hardware and thus, it can only be mitigated through programming and certain software.For the execution of the spectre attack, high qualifications and knowledge is needed and even ofafter certain expertise, the individual executed the attack he or she would not be able to drag anyinformation from the system. The patches being introduced to the users are similar to thepatching of holes through glue and it might be able to block the lick but the hole is always there.The purpose of this report is to put emphasis on the newly identified flaws in the CPUs those canbe utilize by an intruder for accessing the data or information saved in the system of anotherindividual. This report also express about the various updates made available to the users byvarious operating systems available in the market. MeltdownMeltdown can be described as a strong attack that allows the intruder to access thephysical memory through the application of unprivileged user program that is a building block asexpressed in the following diagram:
CO4509 – Computer Security_3

3COMPUTER SECURITY Figure 1: Meltdown Building-blocks(Source: Lipp et al. 2018)Illustration of Attack Procedure: The two blocks explained above gets associated when themeltdown attack starts including the section 1 and 2 as expressed in the figure. The intrudermanipulates the CPU for executing a “transient instruction sequence” that is further used forstoring inaccessible secret value within the physical memory anywhere as explained in the abovefigure’s section 1 (Kocher et al. 2018). The transient instruction section installed within thephysical memory behaves as convert channel’s transmitter as expressed in the above figure’ssection 2. This attack is a sequence of steps that allows the intruder to dump kernel memory inmore than one locations. There are three steps involved in the process as firstly, the memorylocation chose by the intruder, content is driven into the same memory that is not accessible tothe intruder, and thus, it is loaded into the register. Second step is that the intruder execute thetransient instruction that allows the intruder to access a cache line that has been based on theregister’s secret content (Watson et al. 2018). Third step consist of the method of executingFlush + Reload in manner to identify and recognize the cache line and thus it could be utilized toaccess the exact memory location. These steps keep executing continuously and thus, allows theintruder to access the data or information saved in the physical memory.
CO4509 – Computer Security_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Assignment on Computer security
|15
|3824
|29

COIT 20246 Assignment Submission
|9
|3329
|56

Technical Details Assignment
|14
|3393
|68

Desklib SEO Suggestions
|9
|4156
|238

COIT 20246 : Information and Communication Technology
|9
|4199
|51

Working of Meltdown and Spectre Exploits
|9
|4028
|491