Computer Security and Meltdown/Spectre Attacks
VerifiedAdded on 2021/04/19
|14
|3627
|29
AI Summary
This assignment delves into the topic of computer security, focusing on the Meltdown and Spectre attacks. It provides a detailed overview of these attacks, their impact on CPU architecture, and the measures taken to mitigate them. The analysis also discusses the importance of incorporating security into personal training for users, ensuring protection against future attacks.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: COMPUTER SECURITY
COMPUTER SECURITY
Name of the Student
Name of the University
Author Note
COMPUTER SECURITY
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
2COMPUTER SECURITY
Table of Contents
Introduction................................................................................................................................3
Explanation................................................................................................................................3
Spectre....................................................................................................................................3
Meltdown...............................................................................................................................4
Countermeasures........................................................................................................................5
Spectre....................................................................................................................................5
Meltdown...............................................................................................................................7
Future Impact.............................................................................................................................8
Protection against Meltdown and Spectre..............................................................................9
Conclusion................................................................................................................................10
References................................................................................................................................12
Table of Contents
Introduction................................................................................................................................3
Explanation................................................................................................................................3
Spectre....................................................................................................................................3
Meltdown...............................................................................................................................4
Countermeasures........................................................................................................................5
Spectre....................................................................................................................................5
Meltdown...............................................................................................................................7
Future Impact.............................................................................................................................8
Protection against Meltdown and Spectre..............................................................................9
Conclusion................................................................................................................................10
References................................................................................................................................12
3COMPUTER SECURITY
Introduction
The computer system should always kept secured in order to execute its proper
working. When an attack is generated in a computer system, it can lead to serious problem.
Spectre and meltdown exploit the vulnerability of modern processors. The focus of the
vulnerability relating to the hardware is to allow programs to steal data, which are stored in
the computer system. The program, which is involved into the concept, does not permit
reading of the data from another program, a malicious program directly can exploit the
specter and meltdown to get the information of the data, which is stored in the memory of
other programs that are running. The information can be a password, which is stored in the
browser or password manager, emails, personal photos and even critical business-related
documents (Trippel, Lustig and Martonosi 2018). The working of the Spectre and meltdown
can be done on personal computers, cloud concept as well as mobile devices. Cloud
provider’s infrastructure is a factor, which makes it possible to get the data from the
customers quite easily (Middleton 2017).
The main aim of the report is to focus on the concept of specter and meltdown. The
concerning factor is the working of the two aspects and bringing into account the
countermeasures relating to the aspect. The role, which the concept would be playing shortly,
is one of the biggest concern sectors in this aspect. The considerations that should be taken in
the future so that the users can prevent themselves from attack is a primary focus of the
report. The future prediction relating to the impact of the Meltdown and Spectre are also
taken into consideration.
Introduction
The computer system should always kept secured in order to execute its proper
working. When an attack is generated in a computer system, it can lead to serious problem.
Spectre and meltdown exploit the vulnerability of modern processors. The focus of the
vulnerability relating to the hardware is to allow programs to steal data, which are stored in
the computer system. The program, which is involved into the concept, does not permit
reading of the data from another program, a malicious program directly can exploit the
specter and meltdown to get the information of the data, which is stored in the memory of
other programs that are running. The information can be a password, which is stored in the
browser or password manager, emails, personal photos and even critical business-related
documents (Trippel, Lustig and Martonosi 2018). The working of the Spectre and meltdown
can be done on personal computers, cloud concept as well as mobile devices. Cloud
provider’s infrastructure is a factor, which makes it possible to get the data from the
customers quite easily (Middleton 2017).
The main aim of the report is to focus on the concept of specter and meltdown. The
concerning factor is the working of the two aspects and bringing into account the
countermeasures relating to the aspect. The role, which the concept would be playing shortly,
is one of the biggest concern sectors in this aspect. The considerations that should be taken in
the future so that the users can prevent themselves from attack is a primary focus of the
report. The future prediction relating to the impact of the Meltdown and Spectre are also
taken into consideration.
4COMPUTER SECURITY
Explanation
Spectre
Spectre can be considered as an attack, which involves the victim to perform
operations, which would not have taken place during the process of execution if it were a
correct program. This directly leaks the information of the user using side channel (Trippel,
Lustig and Martonosi 2018). Taking into consideration physical devices, the computations
majorly leave observable side effects. Spectre can be considered slightly different from the
concept of meltdown. It has the potentiality to allow hackers to trick otherwise free
application which is error-free into giving up information which is secret. It can be stated
here that the concept of the specter is very difficult to hack from the hackers but on the other
hand, it is more difficult to fix and it can be expected to be a problem, which would be
bigger. The spectre can be used directly to trick normal application in the framework of
providing data, which is sensitive. This potentially means anything, which is processed using
an application that can be stolen which may include data and password. The concept of
speculative execution can be considered as a technique which is used by high end processors
to increase the speed and the performance using predicting the paths of execution in future
and executing the instructions prematurely which are in it (Trippel, Lustig and Martonosi
2018).
Two persons Paul Kocher and horn who worked collectively with Daniel Genkin who
was from the University of Pennsylvania discovered the Spectre individually. Also, the
Maryland University.
Meltdown
Meltdown can be considered as a microarchitectural attack, which aims at exploiting
the out of order process of execution to leak the memory of the target user. Meltdown is
Explanation
Spectre
Spectre can be considered as an attack, which involves the victim to perform
operations, which would not have taken place during the process of execution if it were a
correct program. This directly leaks the information of the user using side channel (Trippel,
Lustig and Martonosi 2018). Taking into consideration physical devices, the computations
majorly leave observable side effects. Spectre can be considered slightly different from the
concept of meltdown. It has the potentiality to allow hackers to trick otherwise free
application which is error-free into giving up information which is secret. It can be stated
here that the concept of the specter is very difficult to hack from the hackers but on the other
hand, it is more difficult to fix and it can be expected to be a problem, which would be
bigger. The spectre can be used directly to trick normal application in the framework of
providing data, which is sensitive. This potentially means anything, which is processed using
an application that can be stolen which may include data and password. The concept of
speculative execution can be considered as a technique which is used by high end processors
to increase the speed and the performance using predicting the paths of execution in future
and executing the instructions prematurely which are in it (Trippel, Lustig and Martonosi
2018).
Two persons Paul Kocher and horn who worked collectively with Daniel Genkin who
was from the University of Pennsylvania discovered the Spectre individually. Also, the
Maryland University.
Meltdown
Meltdown can be considered as a microarchitectural attack, which aims at exploiting
the out of order process of execution to leak the memory of the target user. Meltdown is
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
5COMPUTER SECURITY
differ from spectre in mainly two ways. First, unlike the concept of spectre, the meltdown
does not incorporate the concept, which is applied to the branch prediction for the aspect of
achieving a speculative aspect of execution. Instead of this concept, the concept which is used
by the meltdown is that it relies on the concept of observation that when a trap is created by
the instruction. Secondly, meltdown exploits the escalation of the privileged escalation,
which is specific to processors of Intel. The concept mainly helps in bypassing the data
through the memory protection. One of the most important security features relating to the
Operating system is the concept of the isolation of the memory. The operating system ensures
that the application of the user cannot be accessed by other memory locations and prevent the
concept of writing or reading the kernel memory (Watson et al. 2018). The concept of the
isolation can be a cornerstone of the environment of computing, which facilitates the running
of multiple application on personal devices or processing of execution of multiple users in a
single machine of the user. In this concept, the Meltdown comes into play. Meltdown can be
considered as an attack, which can be termed a novel, which allows the concept of
overcoming the isolation of the memory. This mainly provides a way by which any user can
entirely read the memory of the kernel it is executing upon including the physical memory,
which is mapped into the region of the kernel. The meltdown cannot exploit the software
vulnerability, i.e.,famous operating system can work on it. Apart from this concept, the
meltdown directly exploits the information in the side channel on popular processors, for
example, Intel microarchitecture. Meltdown accesses the kernel memory from the base of the
use. This access can create a trap; the code that follows the access leaks the basic content of
the memory, which is accessed through the channel of the cache (Middleton 2017).
differ from spectre in mainly two ways. First, unlike the concept of spectre, the meltdown
does not incorporate the concept, which is applied to the branch prediction for the aspect of
achieving a speculative aspect of execution. Instead of this concept, the concept which is used
by the meltdown is that it relies on the concept of observation that when a trap is created by
the instruction. Secondly, meltdown exploits the escalation of the privileged escalation,
which is specific to processors of Intel. The concept mainly helps in bypassing the data
through the memory protection. One of the most important security features relating to the
Operating system is the concept of the isolation of the memory. The operating system ensures
that the application of the user cannot be accessed by other memory locations and prevent the
concept of writing or reading the kernel memory (Watson et al. 2018). The concept of the
isolation can be a cornerstone of the environment of computing, which facilitates the running
of multiple application on personal devices or processing of execution of multiple users in a
single machine of the user. In this concept, the Meltdown comes into play. Meltdown can be
considered as an attack, which can be termed a novel, which allows the concept of
overcoming the isolation of the memory. This mainly provides a way by which any user can
entirely read the memory of the kernel it is executing upon including the physical memory,
which is mapped into the region of the kernel. The meltdown cannot exploit the software
vulnerability, i.e.,famous operating system can work on it. Apart from this concept, the
meltdown directly exploits the information in the side channel on popular processors, for
example, Intel microarchitecture. Meltdown accesses the kernel memory from the base of the
use. This access can create a trap; the code that follows the access leaks the basic content of
the memory, which is accessed through the channel of the cache (Middleton 2017).
6COMPUTER SECURITY
Countermeasures
Spectre
The sector relating to the technology is working its way out to prevent the flaws
relating to network security, which is known as Spectre (Otte 2015). The hardware bugs,
which are related to the concept, can directly expose the information, which is stored or
processed in the computer's memory. It can be stated here that there is no known malware,
exploits and schemes relating to phishing specific to the concept of Spectre (Simakov et al.
2018). While the industry related to the security aspect are pushing the aspect of the
vulnerability, the following considerations can be implemented to protect the system from
Spectre.
Keep the operating system updated: This mainly includes the installation of the
security updates in the operating system of the user. Taking into consideration major
companies such as Google, Apple and Microsoft have released few patches to encounter
the problem. This can be done manually using automated updates or by subscribing to a
service to keep track of the current network. One of the advantages of keeping an updated
browser is that the data of the website would be kept secured and it would prevent
attackers to indulge themselves into unethical activities.
Updating should be done on a mobile device: The spectre vulnerability can remind the
user of the importance of keeping the tablet computers, smartphones and other mobile
devices updated with the version of the latest operating system. The user should also take
into consideration to always download softwares from sources, which are trusted. The
aspect of review acceptance should be done by the employers which result in ensuring
that the software is up to date and that the employee complies with the mobile device of
acceptable use.
Countermeasures
Spectre
The sector relating to the technology is working its way out to prevent the flaws
relating to network security, which is known as Spectre (Otte 2015). The hardware bugs,
which are related to the concept, can directly expose the information, which is stored or
processed in the computer's memory. It can be stated here that there is no known malware,
exploits and schemes relating to phishing specific to the concept of Spectre (Simakov et al.
2018). While the industry related to the security aspect are pushing the aspect of the
vulnerability, the following considerations can be implemented to protect the system from
Spectre.
Keep the operating system updated: This mainly includes the installation of the
security updates in the operating system of the user. Taking into consideration major
companies such as Google, Apple and Microsoft have released few patches to encounter
the problem. This can be done manually using automated updates or by subscribing to a
service to keep track of the current network. One of the advantages of keeping an updated
browser is that the data of the website would be kept secured and it would prevent
attackers to indulge themselves into unethical activities.
Updating should be done on a mobile device: The spectre vulnerability can remind the
user of the importance of keeping the tablet computers, smartphones and other mobile
devices updated with the version of the latest operating system. The user should also take
into consideration to always download softwares from sources, which are trusted. The
aspect of review acceptance should be done by the employers which result in ensuring
that the software is up to date and that the employee complies with the mobile device of
acceptable use.
7COMPUTER SECURITY
Training of the employee relating to the importance of network security: The
employee in any organization can be considered the line of defense about the network
security. Through the concept of training and education the employee, it can result in the
implementation of string passwords and the urge of changing them regularly. The
employee should be trained well enough so that they can identify any attack so that
precautionary measures can be implemented so that the degree of impact of the
vulnerability is less. The network can be considered one of the backbones of technology
infrastructure. Safeguarding the network is very much crucial for the technology strategy
of any organization (Watson et al. 2018).
Meltdown
In this section, the main discussion would be on the countermeasures against the
attack relating to Meltdown. The first consideration, which is taken into consideration, is the
issue, which is rooted directly in the hardware. The concept of hardware and the software are
the only two sectors, which should be a focus point in the aspect of the attack. Consideration
should be made in such a way to safeguard the data of the user from the point of view of the
hackers. The main discussion about the countermeasures would be on the microcode updates
and the changes in the design of the hardware (Trippel, Lustig and Martonosi 2018).
Hardware
The concept of meltdown directly bypasses the security domains of the hardware
isolation, which is enforced. The vulnerability, which is relating to the software, does not
exist in the concept of Meltdown. In this context, it can be stated that any software patch will
be directly leaving some memory exposed (Middleton 2017). There is no type of
documentation stating how the problem can be solved using either using completely new
hardware or using some microcode Update. Meltdown can be considered as a race condition
Training of the employee relating to the importance of network security: The
employee in any organization can be considered the line of defense about the network
security. Through the concept of training and education the employee, it can result in the
implementation of string passwords and the urge of changing them regularly. The
employee should be trained well enough so that they can identify any attack so that
precautionary measures can be implemented so that the degree of impact of the
vulnerability is less. The network can be considered one of the backbones of technology
infrastructure. Safeguarding the network is very much crucial for the technology strategy
of any organization (Watson et al. 2018).
Meltdown
In this section, the main discussion would be on the countermeasures against the
attack relating to Meltdown. The first consideration, which is taken into consideration, is the
issue, which is rooted directly in the hardware. The concept of hardware and the software are
the only two sectors, which should be a focus point in the aspect of the attack. Consideration
should be made in such a way to safeguard the data of the user from the point of view of the
hackers. The main discussion about the countermeasures would be on the microcode updates
and the changes in the design of the hardware (Trippel, Lustig and Martonosi 2018).
Hardware
The concept of meltdown directly bypasses the security domains of the hardware
isolation, which is enforced. The vulnerability, which is relating to the software, does not
exist in the concept of Meltdown. In this context, it can be stated that any software patch will
be directly leaving some memory exposed (Middleton 2017). There is no type of
documentation stating how the problem can be solved using either using completely new
hardware or using some microcode Update. Meltdown can be considered as a race condition
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8COMPUTER SECURITY
relating to corresponding performance check and memory address. If the permission check is
serialized, it could prevent the Meltdown due to the factor that addresses the memory can
never be fetched if the check related to permission fails (Otte 2015). In this context, it can be
stated that the concept can involve overhead corresponding to every memory fetch; this is due
to the factor that every memory fetch has to stall until the process, which is related to the
permission check, is completed. The realistic approach would be to the introduction of a new
split of the kernel space and user space. When a hard split is generated, the memory fetch can
identify whether the type of fetch would be violating the concept of the security boundary, as
the level of privilege can be derived directly from a virtual machine without any lookups in
the further. The performance impact of such a solution taking into consideration the system
should always be minimum. On the other hand, the concept ensures backward compatibility
is taken into consideration since the concept of the hard split bit is not initiated by default and
the kernel only sets if it directly supports the features of hard split (Watson et al. 2018).
Kaiser
As the concept of patching of the hardware is not so easy the need of software
workarounds until a new type of software is directly deployed would exist. The main aspect,
which is relating to the concept of the Kaiser, is not to have the mapping of the kernel in the
space of the user. The main aim of the modification was to prevent the side channel attack
breaking the concept of the Kaiser. However, in this context, it can be stated that it also
prevented the meltdown attack. This is due to the factor that it ensures no valid mapping to
the kernel, or physical memory is available in the space of the user (Simakov et al. 2018).
The Kaiser would be available in the next update of the Linux kernel under the name of
kernel page table isolation (KPTI). The patch can also be back ported to the older Linux
kernel version. A similar type of patch was introduced in the Windows ten build 17035 and
relating to corresponding performance check and memory address. If the permission check is
serialized, it could prevent the Meltdown due to the factor that addresses the memory can
never be fetched if the check related to permission fails (Otte 2015). In this context, it can be
stated that the concept can involve overhead corresponding to every memory fetch; this is due
to the factor that every memory fetch has to stall until the process, which is related to the
permission check, is completed. The realistic approach would be to the introduction of a new
split of the kernel space and user space. When a hard split is generated, the memory fetch can
identify whether the type of fetch would be violating the concept of the security boundary, as
the level of privilege can be derived directly from a virtual machine without any lookups in
the further. The performance impact of such a solution taking into consideration the system
should always be minimum. On the other hand, the concept ensures backward compatibility
is taken into consideration since the concept of the hard split bit is not initiated by default and
the kernel only sets if it directly supports the features of hard split (Watson et al. 2018).
Kaiser
As the concept of patching of the hardware is not so easy the need of software
workarounds until a new type of software is directly deployed would exist. The main aspect,
which is relating to the concept of the Kaiser, is not to have the mapping of the kernel in the
space of the user. The main aim of the modification was to prevent the side channel attack
breaking the concept of the Kaiser. However, in this context, it can be stated that it also
prevented the meltdown attack. This is due to the factor that it ensures no valid mapping to
the kernel, or physical memory is available in the space of the user (Simakov et al. 2018).
The Kaiser would be available in the next update of the Linux kernel under the name of
kernel page table isolation (KPTI). The patch can also be back ported to the older Linux
kernel version. A similar type of patch was introduced in the Windows ten build 17035 and
9COMPUTER SECURITY
Mac OS X and iOS. It can be stated here that the concept of Kaiser may have a different type
of limitations attached to it.
Future Impact
The future of any type of attack play a vital role in order to safe guard a system and its
overall working. Patches have been released, and they are operating before the actual
discloser of the spectre and meltdown. A great deal of work definitely lies in these concepts.
The concept of software security depends fundamentally on having a common and clear
understanding between the concept of software and the hardware. Shortly, it is estimated that
most of the attacks in the system cannot be identified (Middleton 2017). This is due to the
factor that the process, which is related to the attack, is changing in every means. Because of
which long-term solutions would be required, this can be achieved using the architecture of
the system being updated, which may include clear guidance about the properties of the
security.
Moreover, in this context, it can be stated that there are basic tradeoffs between the
performance and the security. The vulnerability in this aspect arises from a longstanding
focus in the industry of the technology on maximizing the performance. The result of this
issues of this concept compiler, processors, device drivers, operating system and numerous
other components which can be termed as critical have evolved layers of complex
optimization that directly introduce security risks. In the future, the impact of the technology
would be widespread which may include more people to indulge in this type of activity over
the concept of the internet. It should be taken into consideration to keep every system in an
updated form so that any attack relating to it can be avoided (Simakov et al. 2018). The main
consideration should be to be take the security measures relating to both the computer devices
Mac OS X and iOS. It can be stated here that the concept of Kaiser may have a different type
of limitations attached to it.
Future Impact
The future of any type of attack play a vital role in order to safe guard a system and its
overall working. Patches have been released, and they are operating before the actual
discloser of the spectre and meltdown. A great deal of work definitely lies in these concepts.
The concept of software security depends fundamentally on having a common and clear
understanding between the concept of software and the hardware. Shortly, it is estimated that
most of the attacks in the system cannot be identified (Middleton 2017). This is due to the
factor that the process, which is related to the attack, is changing in every means. Because of
which long-term solutions would be required, this can be achieved using the architecture of
the system being updated, which may include clear guidance about the properties of the
security.
Moreover, in this context, it can be stated that there are basic tradeoffs between the
performance and the security. The vulnerability in this aspect arises from a longstanding
focus in the industry of the technology on maximizing the performance. The result of this
issues of this concept compiler, processors, device drivers, operating system and numerous
other components which can be termed as critical have evolved layers of complex
optimization that directly introduce security risks. In the future, the impact of the technology
would be widespread which may include more people to indulge in this type of activity over
the concept of the internet. It should be taken into consideration to keep every system in an
updated form so that any attack relating to it can be avoided (Simakov et al. 2018). The main
consideration should be to be take the security measures relating to both the computer devices
10COMPUTER SECURITY
as well as the computer devices. Security play a vital role in every such of device so that it
does not fall into the trap of the attack.
Protection against Meltdown and Spectre
The United States Computer Emergency Readiness Team (US-CERT) have suggested
in this context that the only patch which can be used in this issue is that the chip can be
replaced. In this context, it can be stated that the solution can be considered very much
impractical for most of the users and most of the companies. Vendors, to roll out the issue,
had made significant progress in providing fixes and updates of the firmware. The Meltdown
attack has already been ruled out by most of the companies, for example, Apple, Google, and
Microsoft. The available patches, which are available for technical manufacturers, are stated
below:
Windows OS (7/8/10) and Microsoft Edge/IE: Microsoft in this context has already
released an update which is out of the band for windows ten basically to address the issue of
the Meltdown and will be releasing the same for Windows 7 and Windows 8. In this context
the user should also be very much careful in the working so that they do not fall into the
aspect if the attack.
Apple macOS, iOS, tvOS and safari browser: Apple has already stated that all the
Mac system and the devices relating to iOS are already affected by the attack, but there are no
exploits, which have affected the customer taking into consideration the present situation. To
defend and create more protection shortly for the user Apple has already released iOS 11.2,
Mac OS 10.13.2 and tvOS 11.2 and the company is planning to release patches shortly to
mitigate the safari and defend against the spectre attack.
` Android OS: The user of the android who is using the latest operating system is
proven to safe from the attack due to a patch which is released on January 5. In the recent
as well as the computer devices. Security play a vital role in every such of device so that it
does not fall into the trap of the attack.
Protection against Meltdown and Spectre
The United States Computer Emergency Readiness Team (US-CERT) have suggested
in this context that the only patch which can be used in this issue is that the chip can be
replaced. In this context, it can be stated that the solution can be considered very much
impractical for most of the users and most of the companies. Vendors, to roll out the issue,
had made significant progress in providing fixes and updates of the firmware. The Meltdown
attack has already been ruled out by most of the companies, for example, Apple, Google, and
Microsoft. The available patches, which are available for technical manufacturers, are stated
below:
Windows OS (7/8/10) and Microsoft Edge/IE: Microsoft in this context has already
released an update which is out of the band for windows ten basically to address the issue of
the Meltdown and will be releasing the same for Windows 7 and Windows 8. In this context
the user should also be very much careful in the working so that they do not fall into the
aspect if the attack.
Apple macOS, iOS, tvOS and safari browser: Apple has already stated that all the
Mac system and the devices relating to iOS are already affected by the attack, but there are no
exploits, which have affected the customer taking into consideration the present situation. To
defend and create more protection shortly for the user Apple has already released iOS 11.2,
Mac OS 10.13.2 and tvOS 11.2 and the company is planning to release patches shortly to
mitigate the safari and defend against the spectre attack.
` Android OS: The user of the android who is using the latest operating system is
proven to safe from the attack due to a patch which is released on January 5. In the recent
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
11COMPUTER SECURITY
patch, the user of the operating system would automatically get the update to the system
which would prevent the user from the attack which is related to spectre and meltdown
(Simakov et al. 2018).
Conclusion
The topic of the report can be concluded on a note that the attack, which is related to
the spectre and the meltdown, are two different types, which follows different types of
activity. The main aspect which can be stated here is that the fundamentals of the
assumptions of the security which underpins the working of the CPU should have a faithful
process of execution of the software which should incorporate safety checks. The feasibility
aspect of the exploitation depends upon some factors including the aspect of the victims
CPU, the software and the ability of the advisory to interact with the system of the victim. In
most of the cases, the exploitations are very much straightforward while other attacks may
directly depend upon minutiae such as complier choice of the victim in the concept of
allocating the memory and the register. The concept of Fuzzing tools can be used in this
concept by the adversaries, which can detect the vulnerability in current software’s. In the
future, it can be stated that most of the attacks of the system are generated by means of any
flaw from the end of the user. The user should be well versed with the concept of the
computer security and how they should work into the system so that no attack is generated by
any human error. Safety should be incorporated with personal training of the user so that the
protection can be well versed in the present time and in the future.
patch, the user of the operating system would automatically get the update to the system
which would prevent the user from the attack which is related to spectre and meltdown
(Simakov et al. 2018).
Conclusion
The topic of the report can be concluded on a note that the attack, which is related to
the spectre and the meltdown, are two different types, which follows different types of
activity. The main aspect which can be stated here is that the fundamentals of the
assumptions of the security which underpins the working of the CPU should have a faithful
process of execution of the software which should incorporate safety checks. The feasibility
aspect of the exploitation depends upon some factors including the aspect of the victims
CPU, the software and the ability of the advisory to interact with the system of the victim. In
most of the cases, the exploitations are very much straightforward while other attacks may
directly depend upon minutiae such as complier choice of the victim in the concept of
allocating the memory and the register. The concept of Fuzzing tools can be used in this
concept by the adversaries, which can detect the vulnerability in current software’s. In the
future, it can be stated that most of the attacks of the system are generated by means of any
flaw from the end of the user. The user should be well versed with the concept of the
computer security and how they should work into the system so that no attack is generated by
any human error. Safety should be incorporated with personal training of the user so that the
protection can be well versed in the present time and in the future.
12COMPUTER SECURITY
References
Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z. and Lai, T.H., 2018. SgxPectre Attacks:
Leaking Enclave Secrets via Speculative Execution. arXiv preprint arXiv:1802.09085.
Jongman, B., 2018. Recent Online Resources for the Analysis of Terrorism and Related
Subjects. Perspectives on Terrorism, 12(1).
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher,
T., Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative Execution.
arXiv preprint arXiv:1801.01203.
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin,
D., Yarom, Y. and Hamburg, M., 2018. Meltdown. arXiv preprint arXiv:1801.01207.
Maisuradze, G. and Rossow, C., 2018. Speculose: Analyzing the Security Implications of
Speculative Execution in CPUs. arXiv preprint arXiv:1801.04084.
Middleton, J., 2017. The State of Digital Transformation in Telecommunications.
Miller, J. and Wang, X., 2018. When There Are No Therapists: A Psychoeducational Group
for People Who Have Experienced Social Disasters. Smith College Studies in Social Work,
88(1), pp.39-58.
More, A.C.Y., 2018. Security Alert!.
Otte, T.G., 2015. Roberts, R.(2014). Saving the City: The Great Financial Crisis of 1914:
Oxford: Oxford University Press, xiv+ 301 pp., $31,£ 20.
Reiser, H.P., Taubmann, B., Köstler, J., Rakotondravony, N. and Sentanoe, S., 2018. Cloud
computing.
References
Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z. and Lai, T.H., 2018. SgxPectre Attacks:
Leaking Enclave Secrets via Speculative Execution. arXiv preprint arXiv:1802.09085.
Jongman, B., 2018. Recent Online Resources for the Analysis of Terrorism and Related
Subjects. Perspectives on Terrorism, 12(1).
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher,
T., Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative Execution.
arXiv preprint arXiv:1801.01203.
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin,
D., Yarom, Y. and Hamburg, M., 2018. Meltdown. arXiv preprint arXiv:1801.01207.
Maisuradze, G. and Rossow, C., 2018. Speculose: Analyzing the Security Implications of
Speculative Execution in CPUs. arXiv preprint arXiv:1801.04084.
Middleton, J., 2017. The State of Digital Transformation in Telecommunications.
Miller, J. and Wang, X., 2018. When There Are No Therapists: A Psychoeducational Group
for People Who Have Experienced Social Disasters. Smith College Studies in Social Work,
88(1), pp.39-58.
More, A.C.Y., 2018. Security Alert!.
Otte, T.G., 2015. Roberts, R.(2014). Saving the City: The Great Financial Crisis of 1914:
Oxford: Oxford University Press, xiv+ 301 pp., $31,£ 20.
Reiser, H.P., Taubmann, B., Köstler, J., Rakotondravony, N. and Sentanoe, S., 2018. Cloud
computing.
13COMPUTER SECURITY
Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and
Furlani, T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329.
Smith, M.D., 2016. The Specter of Cholera in Nineteenth-Century Cincinnati. Ohio Valley
History, 16(2), pp.21-40.
Tarazona Vento, A., 2017. Mega-project meltdown: Post-politics, neoliberal urban
regeneration and Valencia’s fiscal crisis. Urban Studies, 54(1), pp.68-84.
Trippel, C., Lustig, D. and Martonosi, M., 2018. MeltdownPrime and SpectrePrime:
Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols.
arXiv preprint arXiv:1802.03802.
Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and
Furlani, T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329.
Smith, M.D., 2016. The Specter of Cholera in Nineteenth-Century Cincinnati. Ohio Valley
History, 16(2), pp.21-40.
Tarazona Vento, A., 2017. Mega-project meltdown: Post-politics, neoliberal urban
regeneration and Valencia’s fiscal crisis. Urban Studies, 54(1), pp.68-84.
Trippel, C., Lustig, D. and Martonosi, M., 2018. MeltdownPrime and SpectrePrime:
Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols.
arXiv preprint arXiv:1802.03802.
Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
14COMPUTER SECURITY
1 out of 14
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.