logo

Meltdown and Spectre - Assignment PDF

   

Added on  2021-04-21

17 Pages4531 Words107 Views
Web Development
 | 
 | 
 | 
Running head: MELTDOWN AND SPECTREMELTDOWN AND SPECTREName of the UniversityName of the StudentAuthor Note
Meltdown and Spectre - Assignment PDF_1

MELTDOWN AND SPECTRE1Table of ContentsIntroduction................................................................................................................................2Aim of the report....................................................................................................................2Scope of the report.................................................................................................................3Discussion..................................................................................................................................3About Spectre.........................................................................................................................3About Meltdown....................................................................................................................5Counter measures to Spectre and Meltdown..........................................................................7Future Impacts of Spectre and Meltdown..............................................................................9Conclusions..............................................................................................................................11References................................................................................................................................13
Meltdown and Spectre - Assignment PDF_2

MELTDOWN AND SPECTRE2IntroductionCyber security researcher have highlighted two processor level flaws named asSpectre and Meltdown. Almost all operating systems such as Windows, Linux, Android,MacOS and iOS are affected by these vulnerabilities. The researchers have proposed thatthese vulnerabilities are occurring due to a feature named as Speculative execution which ispresent in most of the processors used nowadays. According to Apple, the vulnerabilities cannot exploit data if a malicious software isnot present in the affected system. According to Project Zero run by Google, the attackersneeds to have physical access to the device before running the vulnerabilities. Till now, mostof the companies have denied any allegation that these vulnerabilities have been used toextrapolate sensitive information from consumer devices but Project Zero had already showna working example of the attack which was used to cripple an entire server network. Applehas accepted that out of the two attacks meltdown has more potential to cause damage. Asmany devices do not support updates any more, this puts a lot of people at risk immediately.According to a security blog by Google, the devices with latest security updates are safe fromthis vulnerability (Gruss et al. 2016). Both of the vulnerabilities use speculative execution butthe main difference between the two is that where Meltdown exploits Intel privilegeescalation, Spectre exploits two processes in combination namely Branch Prediction andSpeculative Execution.In the following report, the details about Spectre and Meltdown has been discussed indetails and possible mitigation techniques have been proposed.Aim of the reportThe aim of the report is written as follows:-
Meltdown and Spectre - Assignment PDF_3

MELTDOWN AND SPECTRE3Analyse the threats from Spectre and MeltdownEvaluate the security techniques and policies that are implemented for combating thevulnerabilitiesPredicting the future impact of the vulnerabilitiesRecommend counter measures to Meltdown and SpectreScope of the reportThe scope of the report is to provide a detailed analysis to researchers forunderstanding the threats and create proper preventive measures to combat these issues.DiscussionAbout SpectreThe vulnerability named Spectre utilizes random locations in the memory space of theprogram to trick other programs. The contents of the accessed memory space can be lookedup by the potential attacker to gather sensitive data. The spectre is a list of vulnerabilitiesinstead of a single vulnerability and are related to the speculative execution exploit. To beprecise, Spectre runs on a special case of speculative execution known as branch prediction(Hruska 2018). It does not rely on the memory management of a single processor whichmakes it different form the other vulnerability called Meltdown. The initiation point of theattack is triggered by a side channel timing attack in the modern microprocessors and utilizesits branch prediction machinery. Even after the vulnerability is mitigated, the side effects ofthe speculative execution can leave side effects such as loaded cache lines. The non-functional elements of the computing environment can be affected due to this.
Meltdown and Spectre - Assignment PDF_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Meltdown and Spectre Assignment PDF
|16
|4130
|63

The Meltdown and Spectre Assignment
|17
|4180
|48

Computer Security - Assignment Sample
|14
|3627
|29

COIT 20246 Assignment Submission
|9
|3329
|56

cyber Attack presentation 2022
|11
|796
|49

(PDF) Spectre and Meltdown Attacks Detection using Machine
|9
|2407
|118