logo

Meltdown and Spectre Assignment PDF

   

Added on  2021-04-16

16 Pages4130 Words63 Views
Web Development
 | 
 | 
 | 
Running head: MELTDOWN AND SPECTREMELTDOWN AND SPECTREName of the UniversityName of the studentAuthor Note
Meltdown and Spectre Assignment PDF_1

1MELTDOWN AND SPECTRETable of ContentsIntroduction................................................................................................................................2Aim of the Report...................................................................................................................2Scope of the Report................................................................................................................3Discussion..................................................................................................................................3Brief on Spectre......................................................................................................................3Brief on Meltdown.................................................................................................................5The Countermeasures for Spectre and Meltdown..................................................................7The Future impacts of Spectre and Meltdown.....................................................................10Conclusion................................................................................................................................11References................................................................................................................................12
Meltdown and Spectre Assignment PDF_2

2MELTDOWN AND SPECTREIntroduction Two processor level flaws have been highlighted by cyber security researchers knownas Spectre and Meltdown. These vulnerabilities have affected almost all known operatingsystems such as MacOS, iOS, Linux, Android and Windows. According to the researchers, afeature known as Speculative Execution is one of the main reasons for the vulnerabilities thatare present in the almost all of the processors that are used today. Apple recently confirmedthat the malicious software need to be in the system which is affected to exploit its data.Project Zero which is run by Google confirmed through independent testing that the attackerhas to physically access the device to run the stated vulnerabilities. Most of the vendors havedenied any allegation that the vulnerabilities have been used to extract data from consumerdevices. Contrary to these clams, Google Zero has already devised a working form of thevulnerability which has the ability to bring down an entire server network. Apple has alreadyacknowledged that Meltdown has more potential to cause damage than Spectre (CNET,2018). Many devices are not eligible for getting updates from their respective vendors so thisputs many people at risk. Google recently stated that devices which are running the latestupdates of their operating systems are immune from these vulnerabilities. Speculativeexecution process is utilized by both Spectre as well as Meltdown but where Meltdown usesthe privilege escalation of Intel, Spectre uses two methods in combination to initiate theattack namely, Speculative execution and Branch Prediction.In the report, details about Spectre and Meltdown have been discussed and possiblemitigation strategies as well as their future impacts has been evaluated.Aim of the ReportThe aim of the report is to:-
Meltdown and Spectre Assignment PDF_3

3MELTDOWN AND SPECTREEvaluate the threats from Meltdown and SpectreUnderstand the security policies and security techniques that are used formitigating the vulnerabilitiesEvaluating their future impactsProper recommend counter measures for the vulnerabilitiesScope of the ReportThe scope of the report is to provide information to prospective researchers aboutSpectre and Meltdown and provide them with ample information so that they can devisemitigation strategies for the vulnerabilities.DiscussionBrief on SpectreThe vulnerability named Spectre gets its name from a hardware process namedSpeculatve Execution. Spectre tricks other programs by using random memory locations ofthe program. The attacker can collect sensitive information from the contents of the memorypace which has been accessed. It uses the speculative execution exploit and usually consistsof more than one vulnerability. Spectre uses branch prediction specifically which is a case ofspeculative execution. Unlike Meltdown, it does not rely on a single processor for memorymanagement (Hruska, 2018). Spectre uses branch prediction mechanism and starts its point ofattack from a side channel attack present in the processors. Even when Spectre is erased formthe device, loaded cache lines are left behind due to side effects from the speculativeexecution mechanism which also affects the nonfunctional elements present in the operatingsystems.
Meltdown and Spectre Assignment PDF_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Meltdown and Spectre - Assignment PDF
|17
|4531
|107

The Meltdown and Spectre Assignment
|17
|4180
|48

Spectre and Meltdown vulnerability
|16
|4298
|33

COIT 20246 Assignment Submission
|9
|3329
|56

Assignment on Computer security
|15
|3824
|29

Computer Security - Assignment Sample
|14
|3627
|29