Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Analysis of Meltdown and Spectre CPU Flaws

Verified

Added on 2021/04/16

AI Summary

The assignment requires students to analyze the Meltdown and Spectre CPU flaws, which are vulnerabilities in modern CPU architectures that can be exploited by attackers to access sensitive information. The students need to read and understand various research papers and articles on the topic, including the original papers by Kocher et al. (2018) and Lipp et al. (2018), as well as other sources such as TechRepublic, CNET, and Microsoft's support website. The assignment also asks students to generate a meta title and description for SEO purposes, indicating that the document is a [PDF] of solved assignments and past papers provided by Desklib.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: MELTDOWN AND SPECTRE
MELTDOWN AND SPECTRE
Name of the University
Name of the student
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
MELTDOWN AND SPECTRE
Table of Contents
Introduction................................................................................................................................2
Aim of the Report...................................................................................................................2
Scope of the Report................................................................................................................3
Discussion..................................................................................................................................3
Brief on Spectre......................................................................................................................3
Brief on Meltdown.................................................................................................................5
The Countermeasures for Spectre and Meltdown..................................................................7
The Future impacts of Spectre and Meltdown.....................................................................10
Conclusion................................................................................................................................11
References................................................................................................................................12

2
MELTDOWN AND SPECTRE
Introduction
Two processor level flaws have been highlighted by cyber security researchers known
as Spectre and Meltdown. These vulnerabilities have affected almost all known operating
systems such as MacOS, iOS, Linux, Android and Windows. According to the researchers, a
feature known as Speculative Execution is one of the main reasons for the vulnerabilities that
are present in the almost all of the processors that are used today. Apple recently confirmed
that the malicious software need to be in the system which is affected to exploit its data.
Project Zero which is run by Google confirmed through independent testing that the attacker
has to physically access the device to run the stated vulnerabilities. Most of the vendors have
denied any allegation that the vulnerabilities have been used to extract data from consumer
devices. Contrary to these clams, Google Zero has already devised a working form of the
vulnerability which has the ability to bring down an entire server network. Apple has already
acknowledged that Meltdown has more potential to cause damage than Spectre (CNET,
2018). Many devices are not eligible for getting updates from their respective vendors so this
puts many people at risk. Google recently stated that devices which are running the latest
updates of their operating systems are immune from these vulnerabilities. Speculative
execution process is utilized by both Spectre as well as Meltdown but where Meltdown uses
the privilege escalation of Intel, Spectre uses two methods in combination to initiate the
attack namely, Speculative execution and Branch Prediction.
In the report, details about Spectre and Meltdown have been discussed and possible
mitigation strategies as well as their future impacts has been evaluated.
Aim of the Report
The aim of the report is to:-

3
MELTDOWN AND SPECTRE
 Evaluate the threats from Meltdown and Spectre
 Understand the security policies and security techniques that are used for
mitigating the vulnerabilities
 Evaluating their future impacts
 Proper recommend counter measures for the vulnerabilities
Scope of the Report
The scope of the report is to provide information to prospective researchers about
Spectre and Meltdown and provide them with ample information so that they can devise
mitigation strategies for the vulnerabilities.
Discussion
Brief on Spectre
The vulnerability named Spectre gets its name from a hardware process named
Speculatve Execution. Spectre tricks other programs by using random memory locations of
the program. The attacker can collect sensitive information from the contents of the memory
pace which has been accessed. It uses the speculative execution exploit and usually consists
of more than one vulnerability. Spectre uses branch prediction specifically which is a case of
speculative execution. Unlike Meltdown, it does not rely on a single processor for memory
management (Hruska, 2018). Spectre uses branch prediction mechanism and starts its point of
attack from a side channel attack present in the processors. Even when Spectre is erased form
the device, loaded cache lines are left behind due to side effects from the speculative
execution mechanism which also affects the nonfunctional elements present in the operating
systems.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
MELTDOWN AND SPECTRE
The working mechanism of a processor needs to be understood to understand how
Spectre functions. Four basic things need to be performed to execute a program in the
processor. Suppose there is an addition program which has two variables x and y. At first, the
program has to shift the value of x to the processor (into a register called R1) form the main
memory. The same process is done with e the value is saved into R1 (Scientific-
computing.com, 2018). To complete the program, the computer has o tore the value of R1
back into the main memory. Some features have to be added by the processor designers to
hide the discrepancies caused by different speeds of main memory and the processor (the
processor is 100 times faster than the main memory).
These features are cache and speculation. Spectre uses both these technologies to
extract sensitive data from people. Caches are used to store values which are frequently used
and are much faster than the main memory. If the values of x and y are inserted in the cache,
then the need to write back the values in the slow main memory is diminished which results
in the program executing itself faster. This difference in accessing speed is used by Spectre to
exploit data. Variant 2 of Spectre use speculative execution which speculates what tasks
might lie ahead even before the CPU actually makes the request. It kind of serves like a scout
operating well in front of the CPU’s many other functions and capabilities. Its goal is to
speed things up for the entire system by exploring lots of potential CPU tasks in advance.
Back in the 1960s when speculative execution was invented computers were very self-
contained. Since it was not possible for anyone to check what the data was thrown away
nobody thought it can pose as a risk and it was never secured (Trippel, Lustig and Martonosi,
2018). Nowadays, mobile device and computers share system resources with many
applications and environments. Sharing is good but when data via speculative execution nds
up in shared memory, attackers use a side channel to sneak in and hijack the data.

5
MELTDOWN AND SPECTRE
Spectre can be accessed remotely. As soon as the user visits the infected website with
the Spectre code, the information starts leaking through cookies and passwords. As the
vulnerability is hardware based and not software based, no software workarounds can be
installed to mitigate its effects. Responding to Spectre, Intel has released micro codes which
does not entirely destroy the vulnerability but reduces its impacts (Theregister.co.uk 2018).
Spectre cannot be totally eliminated without totally erasing caching and speculative execution
which are vital operations that are required for processing.
Brief on Meltdown
The vulnerability named Meltdown got its name from the fact that it basically
melts the security boundaries of the hardware. The attacker can access any data from around
the computer which he or she is not authorized to see with the help of this vulnerability,
including administrative data. The vulnerability only works with certain kinds of chips
(Simakov et al., 2018).
The x86 processors of Intel, Microprocessors of ARM and IBM are specifically
attacked by Meltdown. Meltdown actually gives permission to a malicious process to read
user data without their permission and is a hardware based vulnerability. The processors
which are made by AMD are not affected by the virus (Griffin, 2018). This vulnerability can
affect processors which were made in the last 10 years. The race condition of the CPU
(between instruction execution and privilege checking) is exploited by this vulnerability. The
unauthorized data is read normally before the privilege check can happen.

6
MELTDOWN AND SPECTRE
Figure 1: Working of Meltdown
(Source: Created by the author)
The processor is convinced to load the secret data with the help of Meltdown.
This access will be eventually blocked by the processor and it will not allow the process to
check the memory or register that is controlled by the attacker. But in step 2, the processor is
convinced by the attacker to index the array that is under control of the attacker using the step
1 data. The timing difference between the array accesses is observed by the attacker to collect
the secret data even though the processor did not load it clearly. Step 2 and Step 3 are
collectively called as side channel attack. Flush reload side channel attack is specifically used
by Meltdown (Kocher et al., 2018). Through the flush operation, the processor cache is
cleared by the vulnerability. The next process is to use the element of the infected array to
trick the processor in using secret data. This allows the processor to load the infected element
of the array into the cache. The amount of time to access each element of the array is
observed by the attacker effortlessly. The most important step within the 3 steps of Meltdown

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
MELTDOWN AND SPECTRE
mechanism is the first step as it gives the attacker access to the kernel (Fruhlinger, 2018). The
kernel controls the hardware and authenticates which memory is accessed by whom.
The kernel address is computed by Meltdown and it forces the processor to load the
data into a register through speculative execution. When the data is being loaded from the
main memory to the register, it is temporarily saved in the processor’s cache memory. This
data is exploited by the attacker to get access time without proper privileges (O'Donnell et al.,
2018). Sensitive information such as cookies and passwords can be present in the stolen
kernel data. A virtual environment is created by the attacker inside the physical memory
where he or she can move data whenever he or she wants. Hence, the data can be saved in the
cache just like an Oracle Database and used to bypass the standard controls of the operating
systems.
The Countermeasures for Spectre and Meltdown
A complete patch to disable both the vulnerabilities is not possible as they are present
at a hardware level. In spite of this, major vendors such as Google, Apple and Microsoft has
released several patches to address these issues. The KAISER patch which was released for
Linux operating system in 2017 automatically prevented Meltdown but didn’t do much for
mitigating Spectre. Cloud servers are patched first as they are more vulnerable to the attacks
than physical networks. Rendition Infosec has released an organizational strategy which can
protect organizational systems from damage and contains basic guidelines. A good
countermeasure is to keep the browsers updated as Spectre uses JavaScript and browser
plugins to initiate the attack (Information Management, 2018). The operating systems which
will never be patched and will remain vulnerable to the attacks are Windows XP and budget
phones running the older versions of Android. Several patches have been released by
Microsoft for Windows 7 and above. The Edge browsers along with Explorer browsers have

8
MELTDOWN AND SPECTRE
been updated as well. Major manufacturers such as AMD has dispatched firmware updates on
January 11th although some of them have been temporarily removed as they were not working
properly (Meltdownattack.com, 2018). Apple has similarly released patches for its operating
systems such as MacOS, tvOS and iOS as well as for it browsers on 3rd January. Google has
released patches for its chrome books too although vulnerability was not assessed for
ChromeOS. On 23rd January, Firefox has also released a patch for its browsers and a beta
version is already available (Support.microsoft.com, 2018).
Management of memory between the application software and the OS needs to be
changed fundamentally to eradicate vulnerabilities from Meltdown completely. A technology
called Kernel Page table isolation (KPTI) is used to prevent loading of data in the caches of a
microchip when a user data is present or running. When an application software asks the
operating system to do something on its behalf, the KPTI immediately gets into action to
prevent such activities. For iOS 10 and above, Apple has issues several patches. Microsoft
has released several patches which use unsupported kernel cells and do not work with third
party programmes. A little amount of memory will be left exposed as the vulnerability is not
software based. Serializing the permission check and the register fetch can prevent the
vulnerability (Lipp et al., 2018). But this will significantly affect the performance of the
systems as it will implement lot of memory overhead to the memory addresses which will
slow down the fetching process.
Creating a hard split between the user space and the kernel space is a proper
countermeasure. With the help of modern kernels, a new kernel bit can be introduced in the
CPU control register. When the hard split bit is introduced, the kernel will be forced to stay in
the upper part of the address which will allow the system to identify an unprivileged memory
fetch. Minimal performance impact is expected (The Verge, 2018). Introducing KAISER is
another counter measure that can be considered. It is a kernel that has been modified to stay

9
MELTDOWN AND SPECTRE
outside the user space and prevents Meltdown by not giving any valid mapping to the kernel
space (physical). Other operating systems have adopted similar approaches. Although the
counter measures are not permanent, it can at least prevent the attack by not allowing kernel
pointers to operate in the user space.
Spectre has two types of variants, namely Variant 1 and 2. Load fences are put around
the kernel to mitigate Variant 1 of Spectre. When a first load is already applied, the
speculation programme is prevented from applying a secondary load to it (HPE, 2018).
Putting minimum and small changes in the kernel source is part of the mitigation technique.
For removing the vulnerabilities associated with Variant 2, the hardware related to branch
predicting is deactivated by the operating system when it checks malicious activities coming
from a software (Leonhard, 2018). The technique is very effective but it decreases the
performance of the system. To counter this issue, the system administrator should be present
who can turn the patches on and off if the system performance suffers. Intel has created a new
set of hardware features that work with the operating system to create virtual fences
protecting the system and the data it contains from speculative execution attack. This
prevents the attackers by keeping them away from any decision making processes entirely so
they cannot influence the task that the application takes. This helps retain the many
advantages of Speculative execution while preventing the vulnerabilities caused by Variant 2
of Spectre.
On January (2018), Intel announced that as a countermeasure they will start shipping
new processors by the end of the year which are not vulnerable to Meltdown as well as
Spectre (Watson et al., 2018). With software changes, the variant 1 of Spectre can be
mitigated and with hardware changes, the variant 2 of Spectre can be mitigated. As part of the
mitigation technique, Intel announced that they have redesigned some portions of the
processor to introduce proper security checks for both the vulnerabilities. Intel also said that

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
MELTDOWN AND SPECTRE
micro codes have been enacted in all the products of Intel that have been released in the past
five years (Gibbs, 2018). A permanent counter measure for Spectre is still unavailable.
The Future impacts of Spectre and Meltdown
In the future, cloud providers will be severely affected from Spectre than Meltdown
because Spectre sends data by using a hypervisor to a rogue guest system whereas Meltdown
only obtains personal data from physical memory spaces of the cloud (Engadget, 2018).
In the coming years, the threat from more hardware attacks will increase rather than
attacks which are software based. Intel’s management system recently discovered a new
vulnerability that was similar like Spectre and Meltdown (Knowledge@Wharton, 2018).
These vulnerabilities are unexplored and rather new, hence researchers and intelligence
agencies will try their best to research this new area and possibly find more exploits.
The second impact will arise from requiring a coordinated effort from all the major
manufacturers for designing a patch that works for all microprocessors. Although Intel and
AMD has released their respective patches, it will still take some time for the computer
manufacturers and application vendors to customize the patch so that the user can use them
effectively. This is difficult as keeping the vulnerabilities a secret is a difficult task before the
required patches are released (Design News, 2018). Due to the early announcement of
Spectre and Meltdown, attackers get enough time to devise an attack before the patches are
rolled out safely.
The other future impacts of these vulnerabilities will be that the global infrastructure
consisting of the IoT devices, cars, appliances and smart watches will be affected as well
beside the computers. The cloud providers can be hacked anytime to release personal data
compromising the security system of the infrastructure (dzone.com, 2018). The future design

11
MELTDOWN AND SPECTRE
of microprocessors will be affected as well. As the total cost of the implementation of new
devices will be significantly large, small scale businesses which handle sensitive data will
suffer (TechRepublic, 2018). In the future, more side channel attacks will follow and an
appreciation for designing a secure system (by the researchers) to erase speculative execution
will improve significantly.
Conclusion
To conclude the report, it can be stated that with the discovery of side channel attacks
to extract sensitive data, hardware and software design systems will evolve in the coming
years. For the individuals using personal computers the implication of the vulnerabilities will
be significant. Depending on the specification of the workload and the hardware, the
performance impact on the machines will be significant as well. The desktop users will be
severely affected as Spectre normally uses browser plugins to access the user data with
JavaScript. In the future, researchers may be able to unravel new exploits that are not covered
under the mitigation strategies. The vulnerabilities need to be confirmed independently by the
researchers who can assign the same project to different teams and analyse the final results.
Moreover, the vulnerabilities may not get patched completely as they are hardware specific.
Researchers are still trying their best to change the operating system totally so that the user
code will be unable to access the kernel memory. To reduce the exposure risk, some
manufacturers are even considering implementing a BIOS modification to their devices. The
short term mitigation strategies which will be effective for now are to patch the firmware of
the devices as well as their respective operating systems. Amazon AWS and Microsoft Azure
(two renowned cloud providers) are the most vulnerable to these attacks as the attacks can be
remotely executed from one user to the next. The users need to be careful as well as the
malicious code needs to be executed in the user’s machine so the attacker has to be physically

12
MELTDOWN AND SPECTRE
present around the system. To understand the vectors and extent of the vulnerabilities, more
research needs to be considered in this specific field.
References
6 steps firms can take to mitigate Spectre and Meltdown risks. (2018). Information
Management. Retrieved 17 March 2018, from https://www.information-
management.com/slideshow/6-steps-firms-can-take-to-defend-against-spectre-and-
meltdown?slide=3
Chipmakers Discuss a Future After Meltdown and Spectre. (2018). Design News. Retrieved
17 March 2018, from https://www.designnews.com/content/chipmakers-discuss-
future-after-meltdown-and-spectre/42684598058203
Coping with Spectre and Meltdown: What sysadmins are doing. (2018). HPE. Retrieved 17
March 2018, from https://www.hpe.com/us/en/insights/articles/coping-with-spectre-
and-meltdown-what-sysadmins-are-doing-1802.html
Fruhlinger, J. (2018). Spectre and Meltdown explained: What they are, how they work,
what's at risk. CSO Online. Retrieved 17 March 2018, from
https://www.csoonline.com/article/3247868/vulnerabilities/spectre-and-meltdown-
explained-what-they-are-how-they-work-whats-at-risk.html
Gibbs, S. (2018). Spectre and Meltdown processor security flaws – explained. the Guardian.
Retrieved 17 March 2018, from
https://www.theguardian.com/technology/2018/jan/04/meltdown-spectre-computer-
processor-intel-security-flaws-explainer
Griffin, C. (2018). The Latest: Spectre And Meltdown | CRN. CRN. Retrieved 17 March
2018, from https://www.crn.com/spectre-meltdown

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

13
MELTDOWN AND SPECTRE
How Meltdown and Spectre will impact future processor designs | Scientific Computing
World. (2018). Scientific-computing.com. Retrieved 17 March 2018, from
https://www.scientific-computing.com/news/analysis-opinion/how-meltdown-and-
spectre-will-impact-future-processor-designs
How Spectre and Meltdown Will Impact Companies and Consumers - Knowledge@Wharton.
(2018). Knowledge@Wharton. Retrieved 17 March 2018, from
http://knowledge.wharton.upenn.edu/article/spectre-and-meltdown/
Hruska, J. (2018). Intel Didn't Disclose Spectre, Meltdown to US Government Until News
Went Public - ExtremeTech. ExtremeTech. Retrieved 17 March 2018, from
https://www.extremetech.com/computing/264490-intel-didnt-disclose-spectre-
meltdown-us-government-news-went-public
Intel currently facing 32 class-action lawsuits for Spectre and Meltdown. (2018). Engadget.
Retrieved 17 March 2018, from https://www.engadget.com/2018/02/16/intel-face-32-
lawsuits-spectre-meltdown/
Intel didn’t warn US government about CPU security flaws until they were public.
(2018). The Verge. Retrieved 17 March 2018, from
https://www.theverge.com/2018/2/23/17043768/intel-meltdown-spectre-no-us-
goverment-warning
Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix it.
(2018). Theregister.co.uk. Retrieved 17 March 2018, from
https://www.theregister.co.uk/2018/02/23/meltdown_spectre_letters_to_congress/
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., ... & Yarom, Y. (2018).
Spectre Attacks: Exploiting Speculative Execution. arXiv preprint arXiv:1801.01203.

14
MELTDOWN AND SPECTRE
Leonhard, W. (2018). Intel releases more Meltdown/Spectre fixes, Microsoft feints SP3
patch. Computerworld. Retrieved 17 March 2018, from
https://www.computerworld.com/article/3257225/microsoft-windows/intel-releases-
more-meltdownspectre-firmware-fixes-microsoft-feints-an-sp3-patch.html
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., ... & Hamburg, M.
(2018). Meltdown. arXiv preprint arXiv:1801.01207.
Meltdown and Spectre. (2018). Meltdownattack.com. Retrieved 17 March 2018, from
https://meltdownattack.com/
O'Donnell, L., O'Donnell, L., Spring, T., & O'Donnell, L. (2018). Intel Details CPU 'Virtual
Fences' Fix As Safeguard Against Spectre, Meltdown Flaws. Threatpost | The first
stop for security news. Retrieved 17 March 2018, from https://threatpost.com/intel-
details-cpu-virtual-fences-fix-as-safeguard-against-spectre-meltdown-flaws/130501/
Simakov, N. A., Innus, M. D., Jones, M. D., White, J. P., Gallo, S. M., DeLeon, R. L., &
Furlani, T. R. (2018). Effect of Meltdown and Spectre Patches on the Performance of
HPC Applications. arXiv preprint arXiv:1801.04329.
Spectre and Meltdown: Cheat sheet. (2018). TechRepublic. Retrieved 17 March 2018, from
https://www.techrepublic.com/article/spectre-and-meltdown-cheat-sheet/
Spectre and Meltdown: Details you need on those big chip flaws. (2018). CNET. Retrieved
17 March 2018, from https://www.cnet.com/news/spectre-meltdown-intel-arm-amd-
processor-cpu-chip-flaw-vulnerability-faq/
Support.microsoft.com. (2018). Retrieved 17 March 2018, from
https://support.microsoft.com/en-in/help/4073757/protect-your-windows-devices-
against-spectre-meltdown

15
MELTDOWN AND SPECTRE
Trippel, C., Lustig, D., & Martonosi, M. (2018). MeltdownPrime and SpectrePrime:
Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence
Protocols. arXiv preprint arXiv:1802.03802.
Watson, R. N., Woodruff, J., Roe, M., Moore, S. W., & Neumann, P. G. (2018). Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
What Are the Implications of Meltdown and Spectre for IoT? - DZone Security.
(2018). dzone.com. Retrieved 17 March 2018, from https://dzone.com/articles/what-
are-the-implications-of-meltdown-and-spectre

1 out of 16

+13062052269

info@desklib.com

Analysis of Meltdown and Spectre CPU Flaws

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Spectre Attacks and Meltdown Vulnerabilities

Analyzing Global Security and Politics

Analyzing Security Threats and Solutions

COIT 20246 Assignment Submission

cyber Attack presentation 2022

Cybersecurity and Countermeasures