Security Vulnerabilities and Threats Analysis
VerifiedAdded on 2021/04/21
|13
|3355
|62
AI Summary
This assignment delves into the world of cybersecurity, examining various types of security vulnerabilities, threats, and attacks. It covers speculative execution-based exploits like Meltdown and Spectre, cache attacks such as SGX Pectre, and in-process isolation methods like ERIM. The document also touches on the impact of these vulnerabilities on high-performance computing applications and investment banking systems. With a focus on academic and research papers, this assignment provides a detailed overview of the security implications of speculative execution in CPUs.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: COMPUTER SECURITY
CO4509 – Computer Security
(Spectre and Meltdown)
Name of the Student
Name of the University
Author Note
CO4509 – Computer Security
(Spectre and Meltdown)
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
COMPUTER SECURITY
Table of Contents
Introduction......................................................................................................................................2
Meltdown.........................................................................................................................................2
Spectre.............................................................................................................................................4
Meltdown Fix...................................................................................................................................5
Spectre Fix.......................................................................................................................................7
Predictions.......................................................................................................................................8
Conclusion.......................................................................................................................................9
References......................................................................................................................................11
COMPUTER SECURITY
Table of Contents
Introduction......................................................................................................................................2
Meltdown.........................................................................................................................................2
Spectre.............................................................................................................................................4
Meltdown Fix...................................................................................................................................5
Spectre Fix.......................................................................................................................................7
Predictions.......................................................................................................................................8
Conclusion.......................................................................................................................................9
References......................................................................................................................................11
2
COMPUTER SECURITY
Introduction
In the starting of 2018, it was found by the researchers that there are security
vulnerabilities namely meltdown and spectre those can be used in wrong manner for the
unauthorized access of the system by an intruder (Lipp et al. 2018). It was reported that the
research was in progress for more than six months however, the news became public after a
certain time span. It is being considered that until now none of the unauthorized user or any
intruder had executed the meltdown attack for accessing the data or information from an
unauthorized system. Another perspective for this type of threat is that flaws have been identified
in the hardware and thus, it can only be mitigated through programming and certain software.
For the execution of the spectre attack, high qualifications and knowledge is needed and even of
after certain expertise, the individual executed the attack he or she would not be able to drag any
information from the system. The patches being introduced to the users are similar to the
patching of holes through glue and it might be able to block the lick but the hole is always there.
The purpose of this report is to put emphasis on the newly identified flaws in the CPUs those can
be utilize by an intruder for accessing the data or information saved in the system of another
individual. This report also express about the various updates made available to the users by
various operating systems available in the market.
Meltdown
Meltdown can be described as a strong attack that allows the intruder to access the
physical memory through the application of unprivileged user program that is a building block as
expressed in the following diagram:
COMPUTER SECURITY
Introduction
In the starting of 2018, it was found by the researchers that there are security
vulnerabilities namely meltdown and spectre those can be used in wrong manner for the
unauthorized access of the system by an intruder (Lipp et al. 2018). It was reported that the
research was in progress for more than six months however, the news became public after a
certain time span. It is being considered that until now none of the unauthorized user or any
intruder had executed the meltdown attack for accessing the data or information from an
unauthorized system. Another perspective for this type of threat is that flaws have been identified
in the hardware and thus, it can only be mitigated through programming and certain software.
For the execution of the spectre attack, high qualifications and knowledge is needed and even of
after certain expertise, the individual executed the attack he or she would not be able to drag any
information from the system. The patches being introduced to the users are similar to the
patching of holes through glue and it might be able to block the lick but the hole is always there.
The purpose of this report is to put emphasis on the newly identified flaws in the CPUs those can
be utilize by an intruder for accessing the data or information saved in the system of another
individual. This report also express about the various updates made available to the users by
various operating systems available in the market.
Meltdown
Meltdown can be described as a strong attack that allows the intruder to access the
physical memory through the application of unprivileged user program that is a building block as
expressed in the following diagram:
3
COMPUTER SECURITY
Figure 1: Meltdown Building-blocks
(Source: Lipp et al. 2018)
Illustration of Attack Procedure: The two blocks explained above gets associated when the
meltdown attack starts including the section 1 and 2 as expressed in the figure. The intruder
manipulates the CPU for executing a “transient instruction sequence” that is further used for
storing inaccessible secret value within the physical memory anywhere as explained in the above
figure’s section 1 (Kocher et al. 2018). The transient instruction section installed within the
physical memory behaves as convert channel’s transmitter as expressed in the above figure’s
section 2. This attack is a sequence of steps that allows the intruder to dump kernel memory in
more than one locations. There are three steps involved in the process as firstly, the memory
location chose by the intruder, content is driven into the same memory that is not accessible to
the intruder, and thus, it is loaded into the register. Second step is that the intruder execute the
transient instruction that allows the intruder to access a cache line that has been based on the
register’s secret content (Watson et al. 2018). Third step consist of the method of executing
Flush + Reload in manner to identify and recognize the cache line and thus it could be utilized to
access the exact memory location. These steps keep executing continuously and thus, allows the
intruder to access the data or information saved in the physical memory.
COMPUTER SECURITY
Figure 1: Meltdown Building-blocks
(Source: Lipp et al. 2018)
Illustration of Attack Procedure: The two blocks explained above gets associated when the
meltdown attack starts including the section 1 and 2 as expressed in the figure. The intruder
manipulates the CPU for executing a “transient instruction sequence” that is further used for
storing inaccessible secret value within the physical memory anywhere as explained in the above
figure’s section 1 (Kocher et al. 2018). The transient instruction section installed within the
physical memory behaves as convert channel’s transmitter as expressed in the above figure’s
section 2. This attack is a sequence of steps that allows the intruder to dump kernel memory in
more than one locations. There are three steps involved in the process as firstly, the memory
location chose by the intruder, content is driven into the same memory that is not accessible to
the intruder, and thus, it is loaded into the register. Second step is that the intruder execute the
transient instruction that allows the intruder to access a cache line that has been based on the
register’s secret content (Watson et al. 2018). Third step consist of the method of executing
Flush + Reload in manner to identify and recognize the cache line and thus it could be utilized to
access the exact memory location. These steps keep executing continuously and thus, allows the
intruder to access the data or information saved in the physical memory.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
COMPUTER SECURITY
Through the continuous repetition of the steps in the meltdown attack as mentioned
above, an intruder can easily dump the whole memory through iterating the entire different
address. Since, the program terminates due to the exception raised by the kernel address the
method expressed in the section 1 can be utilized in manner to suppress or handle the exception
(Simakov et al. 2018). Comparing with other major operating systems, meltdown can be stated
as an exception as most of the operating systems typically map the entire physical memory.
Whereas, meltdown has an advanced capability of reading the completely physical memory of
the system being targeted.
Spectre
A victim is induced in the spectre attack in manner to speculatively execute the activities
those would not be occurring at the programming phase and thus the user will be losing highly
confidential information through the application of an adversary’s side channel. Most of the
instances at the spectre attack; the attack is carried out through setup phase that is a phase that
helps the intruder to induce the speculative execution (Perin 2018). For example, the attack
execution on the targeted memory will be reading that will result the processor in manner to be
evicting from the cache value, which is required for the determination of the address of the
branching instruction. This phase can be easily carried out for the extraction of the information
from the system through creating a side channel that will allow the access to the memory. This
can be executed through performing the evict or flush portion of a evict + reload and flush +
reload attack.
Thereafter, next phase is executed that consist of instructions of the processor
speculatively execution that can be utilized for the transmission of the personal and sensitive
COMPUTER SECURITY
Through the continuous repetition of the steps in the meltdown attack as mentioned
above, an intruder can easily dump the whole memory through iterating the entire different
address. Since, the program terminates due to the exception raised by the kernel address the
method expressed in the section 1 can be utilized in manner to suppress or handle the exception
(Simakov et al. 2018). Comparing with other major operating systems, meltdown can be stated
as an exception as most of the operating systems typically map the entire physical memory.
Whereas, meltdown has an advanced capability of reading the completely physical memory of
the system being targeted.
Spectre
A victim is induced in the spectre attack in manner to speculatively execute the activities
those would not be occurring at the programming phase and thus the user will be losing highly
confidential information through the application of an adversary’s side channel. Most of the
instances at the spectre attack; the attack is carried out through setup phase that is a phase that
helps the intruder to induce the speculative execution (Perin 2018). For example, the attack
execution on the targeted memory will be reading that will result the processor in manner to be
evicting from the cache value, which is required for the determination of the address of the
branching instruction. This phase can be easily carried out for the extraction of the information
from the system through creating a side channel that will allow the access to the memory. This
can be executed through performing the evict or flush portion of a evict + reload and flush +
reload attack.
Thereafter, next phase is executed that consist of instructions of the processor
speculatively execution that can be utilized for the transmission of the personal and sensitive
5
COMPUTER SECURITY
information from the victim to the microarchitectural side channel and thus, the intruder can
have the access to the data and information saved in the users system (Chen et al. 2018). This
phase can also be executed through requesting the victim by the attacker in manner to perform
the action for example (via socket, skycall, file and many more).
The final phase includes the recovery of the sensitive data and information saved in the
storage of the user. Kocher et al. (2018, p.5) states that “for Spectre attacks using flush + reload
or evict + reload, the recovery process consists of timing how long reads take from memory
addresses in the cache lines being monitored. It is assumed in the spectre attack that the user or
victim can execute the speculatively executed instructions from the storage that is being used and
thus, it could be accessed normally without letting the trigger of exception or page fault (Genkin
et al. 2018). An example can be stated as if the prevents in the processor instruction’s speculative
execution within the user processes that is being accessed through kernel memory, even then the
attack will not stop.
Meltdown Fix
Since the issue has been rooted with the hardware of the system as stated in the first step
that virtual address is used by the intruder for referencing the main memory and thus, loading the
data or information into the register from the main memory. Lip et al (2018) states “In parallel to
translating a virtual address into a physical address, the CPU also checks the permission bits of
the virtual address, i.e., whether this virtual address is user accessible or only accessible by the
kernel.” The hardware vendors recommend the hardware based isolation as this isolation can be
helpful in securing the memory as it accesses and evaluated the per mission bit of the program.
Therefore, for every user process, entire kernel is mapped by the modern operating systems.
COMPUTER SECURITY
information from the victim to the microarchitectural side channel and thus, the intruder can
have the access to the data and information saved in the users system (Chen et al. 2018). This
phase can also be executed through requesting the victim by the attacker in manner to perform
the action for example (via socket, skycall, file and many more).
The final phase includes the recovery of the sensitive data and information saved in the
storage of the user. Kocher et al. (2018, p.5) states that “for Spectre attacks using flush + reload
or evict + reload, the recovery process consists of timing how long reads take from memory
addresses in the cache lines being monitored. It is assumed in the spectre attack that the user or
victim can execute the speculatively executed instructions from the storage that is being used and
thus, it could be accessed normally without letting the trigger of exception or page fault (Genkin
et al. 2018). An example can be stated as if the prevents in the processor instruction’s speculative
execution within the user processes that is being accessed through kernel memory, even then the
attack will not stop.
Meltdown Fix
Since the issue has been rooted with the hardware of the system as stated in the first step
that virtual address is used by the intruder for referencing the main memory and thus, loading the
data or information into the register from the main memory. Lip et al (2018) states “In parallel to
translating a virtual address into a physical address, the CPU also checks the permission bits of
the virtual address, i.e., whether this virtual address is user accessible or only accessible by the
kernel.” The hardware vendors recommend the hardware based isolation as this isolation can be
helpful in securing the memory as it accesses and evaluated the per mission bit of the program.
Therefore, for every user process, entire kernel is mapped by the modern operating systems.
6
COMPUTER SECURITY
KAISER is another option for the successful delivery of a system that can be utilized as a
countermeasure for mitigating the side-channel attacks that will be helpful in protecting from
Meltdown attacks (Reiser et al. 2018). Lipp et al (2018) recommended hardware and Kaiser
Patch can be helpful in enhancing the security of the systems and their memory from meltdown
attacks.
Hardware: It is important to consider that the software patch will always leave some
room for the intruder to enter the system through meltdown attack and thus, access the entire
physical memory. Thus, installing software patch only will not be a permanent solution for this
attack and some IT researcher including US-CERT recommend to replace the entire chips is the
only solution for the prevention of this attack, which is not possible in the real world (Pupillo
2018). Tech manufacturers however have introduced certain patches as described in the
following table.
Microsoft Edge and Windows OS
(7 / 8 /10)
KB4056892 has been introduced as the patch for such
attacks in windows 10 update
iOS, Apple macOS, Safari
Browser, and tvOS,
Apple launched macOS 10.13.2, iOS 11.2, and tvOS
11.2 as a patch for protecting the system form meltdown
attack
Android OS Android January security patch was made available by
the Android that was ensured by Google itself that it is
protected from meltdown attacks (Trippel, lustig and
Martonosi 2018).
Firefox Web Browser The patch made available by Firefox “Firefox version
57.0.4” was a certified measure for preventing such
COMPUTER SECURITY
KAISER is another option for the successful delivery of a system that can be utilized as a
countermeasure for mitigating the side-channel attacks that will be helpful in protecting from
Meltdown attacks (Reiser et al. 2018). Lipp et al (2018) recommended hardware and Kaiser
Patch can be helpful in enhancing the security of the systems and their memory from meltdown
attacks.
Hardware: It is important to consider that the software patch will always leave some
room for the intruder to enter the system through meltdown attack and thus, access the entire
physical memory. Thus, installing software patch only will not be a permanent solution for this
attack and some IT researcher including US-CERT recommend to replace the entire chips is the
only solution for the prevention of this attack, which is not possible in the real world (Pupillo
2018). Tech manufacturers however have introduced certain patches as described in the
following table.
Microsoft Edge and Windows OS
(7 / 8 /10)
KB4056892 has been introduced as the patch for such
attacks in windows 10 update
iOS, Apple macOS, Safari
Browser, and tvOS,
Apple launched macOS 10.13.2, iOS 11.2, and tvOS
11.2 as a patch for protecting the system form meltdown
attack
Android OS Android January security patch was made available by
the Android that was ensured by Google itself that it is
protected from meltdown attacks (Trippel, lustig and
Martonosi 2018).
Firefox Web Browser The patch made available by Firefox “Firefox version
57.0.4” was a certified measure for preventing such
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7
COMPUTER SECURITY
attacks and unauthorized access of the physical memory
in the hand of an unauthorized user.
Google Chrome Web Browser “chrome://flags/#enable-site-per-process” was the patch
made available by the chrome
Linux Distributions 4.9.74, 4.14.11, 4.4.109, 3.18.91, 3.2.97, and 3.16.52
were the patches provided by the official website of
kernel.
Citrix and VMware Both introduced patches for its Workstation, ESXi, and
Fusion products to protect them against the meltdown
attacks.
Most realistic solution for these attacks would be to introducing a hard split of kernel
space and user space (Vahldiek-Oberwagner et al. 2018). This patch or precaution can be
activated optionally through new hard split bit by the modern kernels in the register of the CPU
(CR4).
Spectre Fix
Most of the web browsers are continuously availing the patches with the update that can
be helpful in protecting the systems from being breached by any intruder or unauthorized user.
These patches will be blocking the program execution by the spectre attack by turning off the
existing features who could have easily provided the access for the spectre attack (Fenton and
Freedman 2018). Such as, Google Chrome asks their users to keep the option ‘site location’ as
this will be limiting the rogue JavaScript program’s ability in manner to stop the access of the
sensitive and personal information to an unauthorized user (Cap 2017). Microsoft informed the
users that it has been already issued (MSFT, +0.25%) security patch for the edge browser and
COMPUTER SECURITY
attacks and unauthorized access of the physical memory
in the hand of an unauthorized user.
Google Chrome Web Browser “chrome://flags/#enable-site-per-process” was the patch
made available by the chrome
Linux Distributions 4.9.74, 4.14.11, 4.4.109, 3.18.91, 3.2.97, and 3.16.52
were the patches provided by the official website of
kernel.
Citrix and VMware Both introduced patches for its Workstation, ESXi, and
Fusion products to protect them against the meltdown
attacks.
Most realistic solution for these attacks would be to introducing a hard split of kernel
space and user space (Vahldiek-Oberwagner et al. 2018). This patch or precaution can be
activated optionally through new hard split bit by the modern kernels in the register of the CPU
(CR4).
Spectre Fix
Most of the web browsers are continuously availing the patches with the update that can
be helpful in protecting the systems from being breached by any intruder or unauthorized user.
These patches will be blocking the program execution by the spectre attack by turning off the
existing features who could have easily provided the access for the spectre attack (Fenton and
Freedman 2018). Such as, Google Chrome asks their users to keep the option ‘site location’ as
this will be limiting the rogue JavaScript program’s ability in manner to stop the access of the
sensitive and personal information to an unauthorized user (Cap 2017). Microsoft informed the
users that it has been already issued (MSFT, +0.25%) security patch for the edge browser and
8
COMPUTER SECURITY
Internet explorer apps dubbed “KB4056890” in manner to protect the system form the spectre
attacks. Similarly, Mozilla had released the update with patches on January 4 in its newest
version 57.0.4 that will be blocking all the windows for the intruder to access the private files
and information. The patches introduced to the world as stated in the above report had embedded
protection coding from both the spectre and meltdown (Maisuradze and Rossow 2018). Those
patches are successful I blocking the attackers executing spectre for the collection of personal
and sensitive data or information from an unauthorized system. It has the same condition as that
of the meltdown prevention section as the hardware fix cannot protect the system completely
from these attacks and thus, the systems can be protected from such intrusion by an unwanted or
unauthorized individual.
Predictions
For the future CPUs, it can be predicted that there will be changes in the design
emphasizing on the modification of the instruction sets and physical CPU. Considering the
constant development in the technology, it can be predicted that CPU flaws such as Spectre and
Meltdown or flaws that are far more advanced could be found (rose 2017). Future approach can
be recommended as the availability of single ensure that can protect the system from both
hardware and software flaws and thus, closing all the windows for the intruder to access the
memory of the system. Many IT companies are contributing in the development of a program
that can be embedded within the CPUs in manner to eliminate the flaws and ensure the security
of the data or information stored in the system (Stowell, Meageher and Frazzano 2017). These
future predictions are considering the elimination of these flaws as predicted by the Intel, future
CPUs will be advanced and more secure than current CPUs through eliminating all the flaws and
blocking the entire bypass for the intruder to enter the system. Patches are not a permanent
COMPUTER SECURITY
Internet explorer apps dubbed “KB4056890” in manner to protect the system form the spectre
attacks. Similarly, Mozilla had released the update with patches on January 4 in its newest
version 57.0.4 that will be blocking all the windows for the intruder to access the private files
and information. The patches introduced to the world as stated in the above report had embedded
protection coding from both the spectre and meltdown (Maisuradze and Rossow 2018). Those
patches are successful I blocking the attackers executing spectre for the collection of personal
and sensitive data or information from an unauthorized system. It has the same condition as that
of the meltdown prevention section as the hardware fix cannot protect the system completely
from these attacks and thus, the systems can be protected from such intrusion by an unwanted or
unauthorized individual.
Predictions
For the future CPUs, it can be predicted that there will be changes in the design
emphasizing on the modification of the instruction sets and physical CPU. Considering the
constant development in the technology, it can be predicted that CPU flaws such as Spectre and
Meltdown or flaws that are far more advanced could be found (rose 2017). Future approach can
be recommended as the availability of single ensure that can protect the system from both
hardware and software flaws and thus, closing all the windows for the intruder to access the
memory of the system. Many IT companies are contributing in the development of a program
that can be embedded within the CPUs in manner to eliminate the flaws and ensure the security
of the data or information stored in the system (Stowell, Meageher and Frazzano 2017). These
future predictions are considering the elimination of these flaws as predicted by the Intel, future
CPUs will be advanced and more secure than current CPUs through eliminating all the flaws and
blocking the entire bypass for the intruder to enter the system. Patches are not a permanent
9
COMPUTER SECURITY
solution for such flaws, as, with the passage of time, new flaws would be introduced to the world
those are far much advanced and worse and who can easily access the memory of the different
systems without having any authority.
The future designing of the CPU can be done considering the safest programs to protect it
against the spectre attack through ensuring that the implemented program is capable of stopping
the breach. The CPU in the future will be needing alternative implementations of the security
front - of – mind and it can be powered up through computational performance (Graeger and
Lindgern 2017). Cepulis has confirmed that processor cores, future Arm architectures and design
will be developed concerning these security flaws and will be helpful in addressing all these
security flaws. Intel, AMD, and Arm has been already working together in manner to exploit
these security flaws and mitigate them to the extent through the implementation of much
advanced and secured hardware and software. Currently, the investments are being made on the
services and technology and very less attention is being provided to the security however, in
future, it is being predicted that the investment on the security will be enhanced with very high
proportion (Harris, Hill and Swift 2018). A researcher should always program or develop the
technology considering the future flaws and issues that might be raised through the application of
the technology. Lastly, it can be stated that with the advancement in technology, security issues
will also become more advanced and so, the precautions will be taken for the elimination of
these threats.
Conclusion
Based on the literature presented in the above report it can be concluded that both the
identified flaws can be far more than dangerous as these flaws can allow an authorized user to
COMPUTER SECURITY
solution for such flaws, as, with the passage of time, new flaws would be introduced to the world
those are far much advanced and worse and who can easily access the memory of the different
systems without having any authority.
The future designing of the CPU can be done considering the safest programs to protect it
against the spectre attack through ensuring that the implemented program is capable of stopping
the breach. The CPU in the future will be needing alternative implementations of the security
front - of – mind and it can be powered up through computational performance (Graeger and
Lindgern 2017). Cepulis has confirmed that processor cores, future Arm architectures and design
will be developed concerning these security flaws and will be helpful in addressing all these
security flaws. Intel, AMD, and Arm has been already working together in manner to exploit
these security flaws and mitigate them to the extent through the implementation of much
advanced and secured hardware and software. Currently, the investments are being made on the
services and technology and very less attention is being provided to the security however, in
future, it is being predicted that the investment on the security will be enhanced with very high
proportion (Harris, Hill and Swift 2018). A researcher should always program or develop the
technology considering the future flaws and issues that might be raised through the application of
the technology. Lastly, it can be stated that with the advancement in technology, security issues
will also become more advanced and so, the precautions will be taken for the elimination of
these threats.
Conclusion
Based on the literature presented in the above report it can be concluded that both the
identified flaws can be far more than dangerous as these flaws can allow an authorized user to
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
COMPUTER SECURITY
access the entire data and information saved in the system. The various countermeasures of these
flaws have also been presented in this report those could be applied to the systems in manner to
restrict the unauthorized access to the systems. The future predictions related to these flaws and
their measures have been stated in this report. The preventive measures expressed in this report
can be helpful in restricting and drawing back the access from being hacked or breached by
certain individual. The patches have been made available by every operating system assuming
that software patches can eliminate the hardware flaws. However, it can be made clear that
installing software patches can only restrict the unauthorized access but it cannot be a permanent
solution for this identified flaw. A non-realistic approach has been presented as the debate in this
report that states that replacing the chips can be a solution however, in the real life; it seems to be
very inappropriate or not possible to replace the entire chips from each system. This report
presents a thorough research on the aspects related to the meltdown and spectre. A future
prediction states about the point of view and points of consideration for these flaws in future
society and technological advancement.
COMPUTER SECURITY
access the entire data and information saved in the system. The various countermeasures of these
flaws have also been presented in this report those could be applied to the systems in manner to
restrict the unauthorized access to the systems. The future predictions related to these flaws and
their measures have been stated in this report. The preventive measures expressed in this report
can be helpful in restricting and drawing back the access from being hacked or breached by
certain individual. The patches have been made available by every operating system assuming
that software patches can eliminate the hardware flaws. However, it can be made clear that
installing software patches can only restrict the unauthorized access but it cannot be a permanent
solution for this identified flaw. A non-realistic approach has been presented as the debate in this
report that states that replacing the chips can be a solution however, in the real life; it seems to be
very inappropriate or not possible to replace the entire chips from each system. This report
presents a thorough research on the aspects related to the meltdown and spectre. A future
prediction states about the point of view and points of consideration for these flaws in future
society and technological advancement.
11
COMPUTER SECURITY
References
Cap, P., 2017. Technological discourse: Threats in the cyberspace. In The Language of Fear (pp.
53-66). Palgrave Macmillan, London.
Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z. and Lai, T.H., 2018. SgxPectre Attacks: Leaking
Enclave Secrets via Speculative Execution. arXiv preprint arXiv:1802.09085.
Fenton, N. and Freedman, D.D., 2017, October. Fake Democracy, Bad News. Merlin.
Genkin, D., Pachmanov, L., Tromer, E. and Yarom, Y., 2018. Drive-by Key-Extraction Cache
Attacks from Portable Code.
Græger, N. and Lindgren, W.Y., 2017. The Duty of Care for Citizens Abroad: Security and
Responsibility in the In Amenas and Fukushima Crises.
Haria, S., Hill, M.D. and Swift, M.M., 2018. Devirtualizing Memory in Heterogeneous Systems.
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T.,
Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative Execution. arXiv
preprint arXiv:1801.01203.
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin, D.,
Yarom, Y. and Hamburg, M., 2018. Meltdown. arXiv preprint arXiv:1801.01207.
Maisuradze, G. and Rossow, C., 2018. Speculose: Analyzing the Security Implications of
Speculative Execution in CPUs. arXiv preprint arXiv:1801.04084.
Perrin, B., 2018. We need more phishing sites on HTTPS!. Signal.
COMPUTER SECURITY
References
Cap, P., 2017. Technological discourse: Threats in the cyberspace. In The Language of Fear (pp.
53-66). Palgrave Macmillan, London.
Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z. and Lai, T.H., 2018. SgxPectre Attacks: Leaking
Enclave Secrets via Speculative Execution. arXiv preprint arXiv:1802.09085.
Fenton, N. and Freedman, D.D., 2017, October. Fake Democracy, Bad News. Merlin.
Genkin, D., Pachmanov, L., Tromer, E. and Yarom, Y., 2018. Drive-by Key-Extraction Cache
Attacks from Portable Code.
Græger, N. and Lindgren, W.Y., 2017. The Duty of Care for Citizens Abroad: Security and
Responsibility in the In Amenas and Fukushima Crises.
Haria, S., Hill, M.D. and Swift, M.M., 2018. Devirtualizing Memory in Heterogeneous Systems.
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T.,
Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative Execution. arXiv
preprint arXiv:1801.01203.
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin, D.,
Yarom, Y. and Hamburg, M., 2018. Meltdown. arXiv preprint arXiv:1801.01207.
Maisuradze, G. and Rossow, C., 2018. Speculose: Analyzing the Security Implications of
Speculative Execution in CPUs. arXiv preprint arXiv:1801.04084.
Perrin, B., 2018. We need more phishing sites on HTTPS!. Signal.
12
COMPUTER SECURITY
Pupillo, L., 2018. EU Cybersecurity and the Paradox of Progress. CEPS Policy Insights No
2018/06, February 2018.
Reiser, H.P., Taubmann, B., Köstler, J., Rakotondravony, N. and Sentanoe, S., 2018. Cloud
computing.
Rose, A., 2017. Economic Resilience in Regional Science: Research Needs and Future
Applications. In Regional Research Frontiers-Vol. 1 (pp. 245-264). Springer, Cham.
Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and Furlani,
T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329.
Stowell, D.P., Meagher, E. and Frazzano, R., 2017. Investment Banking in 2008 (B): A Brave
New World. Kellogg School of Management Cases, pp.1-17.
Trippel, C., Lustig, D. and Martonosi, M., 2018. MeltdownPrime and SpectrePrime:
Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols. arXiv
preprint arXiv:1802.03802.
Vahldiek-Oberwagner, A., Elnikety, E., Garg, D. and Druschel, P., 2018. ERIM: Secure and
Efficient In-process Isolation with Memory Protection Keys. arXiv preprint arXiv:1801.06822.
Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
COMPUTER SECURITY
Pupillo, L., 2018. EU Cybersecurity and the Paradox of Progress. CEPS Policy Insights No
2018/06, February 2018.
Reiser, H.P., Taubmann, B., Köstler, J., Rakotondravony, N. and Sentanoe, S., 2018. Cloud
computing.
Rose, A., 2017. Economic Resilience in Regional Science: Research Needs and Future
Applications. In Regional Research Frontiers-Vol. 1 (pp. 245-264). Springer, Cham.
Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and Furlani,
T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329.
Stowell, D.P., Meagher, E. and Frazzano, R., 2017. Investment Banking in 2008 (B): A Brave
New World. Kellogg School of Management Cases, pp.1-17.
Trippel, C., Lustig, D. and Martonosi, M., 2018. MeltdownPrime and SpectrePrime:
Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols. arXiv
preprint arXiv:1802.03802.
Vahldiek-Oberwagner, A., Elnikety, E., Garg, D. and Druschel, P., 2018. ERIM: Secure and
Efficient In-process Isolation with Memory Protection Keys. arXiv preprint arXiv:1801.06822.
Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
1 out of 13
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.