Security and Privacy Challenges in Emerging Technologies
VerifiedAdded on 2021/04/17
|15
|4360
|41
AI Summary
This assignment delves into the security and privacy challenges associated with emerging technologies such as Artificial Intelligence (AI), Internet of Things (IoT), Blockchain, and others. It discusses various aspects including vulnerability analysis, side-channel attacks, and the impact of patches on high-performance computing applications. The assignment also touches upon issues related to data protection, cybersecurity, and the consequences of attacks like Meltdown and Spectre. A comprehensive review of relevant literature provides insights into the current state of security in emerging technologies, highlighting areas that require attention and possible solutions.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
SPECTRE AND MELTDOWN
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
INTRODUCTION
Computer security is a major concern for every organisation and most importantly to
safe guard the data stored on the system from any loss. It is important to secure the
information from data loss or inception of viruses or malware in the system. Security
completely deals with securing the data stored on the network from any unauthorized loss.
Every organisation is dependent on computer for performing certain tasks thus it is important
that updated technology is used (Kocher, et. al, 2018). Everyone relies on the data stored on
the computer thus it is important to keep the information secure and preventing data from any
loss. Keeping the information confidential, integrated and available is the vital part of an
organization. Computer security cannot be left unnoticed as there are various threats and
viruses appearing at every instant. It is essential to safeguard the information from hackers as
they are trying to steal the sensitive data packets stored on the network (Trippel, Lustig and
Martonosi, 2018). There are various ways in which person can steal the information or can
access the hard drive even if the computer is not open or plugged in. Then the information is
misused which leads to loss of confidentiality of the data packets. It may also damage the
components of computer, thus for providing complete protection to data it is necessary to
protect the computer hardware as well as various components. For protecting system various
strategies are available, disk lock is one of them. Disk locks are available in various sizes
which provide protection of CPU components. Network security is also important as the flow
of data occurs over the network (Watson, et. al, 2018). Network need to be secured as there
are various threats on the network that allow third party to read and modify the data silently.
Overall computer security deals with securing the system as well as network from all
malicious activities. Additionally hardware components, operating system and off shell
programs need to be protected. In this report we would be focusing on two major flaws that
affect every chip on the computer. Spectre and meltdown are vulnerabilities that contain
Computer security is a major concern for every organisation and most importantly to
safe guard the data stored on the system from any loss. It is important to secure the
information from data loss or inception of viruses or malware in the system. Security
completely deals with securing the data stored on the network from any unauthorized loss.
Every organisation is dependent on computer for performing certain tasks thus it is important
that updated technology is used (Kocher, et. al, 2018). Everyone relies on the data stored on
the computer thus it is important to keep the information secure and preventing data from any
loss. Keeping the information confidential, integrated and available is the vital part of an
organization. Computer security cannot be left unnoticed as there are various threats and
viruses appearing at every instant. It is essential to safeguard the information from hackers as
they are trying to steal the sensitive data packets stored on the network (Trippel, Lustig and
Martonosi, 2018). There are various ways in which person can steal the information or can
access the hard drive even if the computer is not open or plugged in. Then the information is
misused which leads to loss of confidentiality of the data packets. It may also damage the
components of computer, thus for providing complete protection to data it is necessary to
protect the computer hardware as well as various components. For protecting system various
strategies are available, disk lock is one of them. Disk locks are available in various sizes
which provide protection of CPU components. Network security is also important as the flow
of data occurs over the network (Watson, et. al, 2018). Network need to be secured as there
are various threats on the network that allow third party to read and modify the data silently.
Overall computer security deals with securing the system as well as network from all
malicious activities. Additionally hardware components, operating system and off shell
programs need to be protected. In this report we would be focusing on two major flaws that
affect every chip on the computer. Spectre and meltdown are vulnerabilities that contain
malicious programs and give access to unauthorized users to access the sensitive data. These
flaws lead to leakage of data packets and break all security boundaries that are enforced in the
systems hardware to get the access to steal the data (Thurnher, 2018).
SPECRTRE AND MELTDOWN
These security bugs are found on the CPU chip. Central processing unit is the brain of
the computer and all the functions on the computer are performed due to CPU. These two
flaws work on kernel to steal the data of the computer and are very dangerous to be handled.
They access any application running on the computer and steal the data from the application;
the data could be any sensitive information like credit card information or any confidential
information. Thus it is important to fix theses bugs. It is often a misconception that the
application running on the system is not linked to each other, user think that operating system
and software’s are isolated from each other. But the fact is not true, it was researched that the
software’s running on the system leave the footprints on the processor. Thus the modern
processors usually store all the recently accessed data (Boothby, 2015). Thus modern
processor leaks the information and gives the software access to an unauthorized user. It is
important to eliminate the granularity of access from the software by removing the footprints;
this will help in securing the system.
Spectre exploits speculative applications and branch predication that leads to loss of data
from cache lines of the processor. Spectre doesn’t read memory from kernel or any physical
memory but reads the memory from the current process running on the system. Modern
processor executes the instructions in a parallel manner but sometimes these instructions are
never executed (Etzler, 2014). Snapshots are taken by CPU of these instructions so that if
execution is not executed it could be rolled back. Morden processor makes use of branch
predication and speculation execution of instruction to improve the performance of the
flaws lead to leakage of data packets and break all security boundaries that are enforced in the
systems hardware to get the access to steal the data (Thurnher, 2018).
SPECRTRE AND MELTDOWN
These security bugs are found on the CPU chip. Central processing unit is the brain of
the computer and all the functions on the computer are performed due to CPU. These two
flaws work on kernel to steal the data of the computer and are very dangerous to be handled.
They access any application running on the computer and steal the data from the application;
the data could be any sensitive information like credit card information or any confidential
information. Thus it is important to fix theses bugs. It is often a misconception that the
application running on the system is not linked to each other, user think that operating system
and software’s are isolated from each other. But the fact is not true, it was researched that the
software’s running on the system leave the footprints on the processor. Thus the modern
processors usually store all the recently accessed data (Boothby, 2015). Thus modern
processor leaks the information and gives the software access to an unauthorized user. It is
important to eliminate the granularity of access from the software by removing the footprints;
this will help in securing the system.
Spectre exploits speculative applications and branch predication that leads to loss of data
from cache lines of the processor. Spectre doesn’t read memory from kernel or any physical
memory but reads the memory from the current process running on the system. Modern
processor executes the instructions in a parallel manner but sometimes these instructions are
never executed (Etzler, 2014). Snapshots are taken by CPU of these instructions so that if
execution is not executed it could be rolled back. Morden processor makes use of branch
predication and speculation execution of instruction to improve the performance of the
system. Spectre attack includes the victim of a process that will not occur during the
execution of correct code. Due to this reason leakage of data take place via side channels.
Side channel is the main reason due to which attackers are getting access to read the
information in an unauthorized manner by destroying the confidentiality of the system.
Increasing the speed of the system is achieved by executing the instruction in a speculative
manner by guessing the direction of control flow (Hill and Lynn, 2010). Spectre attack occurs
due to outbreak of JavaScript on the system or by attacking the native code.
Spectre vulnerability does not permit an unauthorized user to access the privileged memory
location. It allows the execution of the code in the victim procedure and allows reading of the
data that is not allowed. Spectre is based on branch predication algorithm and deals with
leaking the data packets out of the process without any acknowledgment. Spectre exploration
is useful in many ways like it helps the hackers by leaking the private data from the browser
and also by leaking the user space modules to promote remote execution of the code
(Subashini and Kavitha, 2011).
It open the gateway for any dangerous attacks like the JavaScript used for development of
website uses Spectre for revealing the sensitive information. Most of the attacks take place at
the hardware level which are difficult to be tracked. Patches used by Spectre alleviates the
flaws by changing or removing the software code. Caching is the other reason for speculative
execution as this process is an underlying feature of hardware which allows attacker to steal
the data packets. These feature were basically designed to safeguard the system from these
flaws but they make the system slow hence degrades the performance.
Meltdown is one of worst bug found in the CPU chip and is important to be resolved
immediately. It permits the attacker to read the kernel as well as physical memory from any
user process that is not unauthorized. It uses the concept of executing the instruction in an out
execution of correct code. Due to this reason leakage of data take place via side channels.
Side channel is the main reason due to which attackers are getting access to read the
information in an unauthorized manner by destroying the confidentiality of the system.
Increasing the speed of the system is achieved by executing the instruction in a speculative
manner by guessing the direction of control flow (Hill and Lynn, 2010). Spectre attack occurs
due to outbreak of JavaScript on the system or by attacking the native code.
Spectre vulnerability does not permit an unauthorized user to access the privileged memory
location. It allows the execution of the code in the victim procedure and allows reading of the
data that is not allowed. Spectre is based on branch predication algorithm and deals with
leaking the data packets out of the process without any acknowledgment. Spectre exploration
is useful in many ways like it helps the hackers by leaking the private data from the browser
and also by leaking the user space modules to promote remote execution of the code
(Subashini and Kavitha, 2011).
It open the gateway for any dangerous attacks like the JavaScript used for development of
website uses Spectre for revealing the sensitive information. Most of the attacks take place at
the hardware level which are difficult to be tracked. Patches used by Spectre alleviates the
flaws by changing or removing the software code. Caching is the other reason for speculative
execution as this process is an underlying feature of hardware which allows attacker to steal
the data packets. These feature were basically designed to safeguard the system from these
flaws but they make the system slow hence degrades the performance.
Meltdown is one of worst bug found in the CPU chip and is important to be resolved
immediately. It permits the attacker to read the kernel as well as physical memory from any
user process that is not unauthorized. It uses the concept of executing the instruction in an out
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
of order fashion so that data could be leaked (Mollah, Azad and Vasilakos, 2017). Cache
lines are also used for stealing the data. It takes the advantage of the fact that orders are not
executed in a particular manner so that information could be easily leaked from the network
channels. Meltdown is patched in Windows, Linux, Android and Mac. If the system is not
patched properly attacker could read kernel memory from Window. Every system uses paged
table for mapping the physical memory and the virtual memory. Modern processor maps
kernel address with the user address. This is linked with the micro architectural attack as it
focuses on destroying the order in which execution take place so that physical memory could
be targeted (Simakov, et. al, 2018). It deals with accessing the kernel memory and reading the
data from user space. The access to user space trap the system as the content is leaked
through the cache lines. It is basically implemented as the executions of instruction happen in
an out of order manner, which in turn increases the utilization factor of the processor. The
processor queues all the instructions that are completed in the buffer and retrieve the
instructions by reordering it whenever needed.
In a Meltdown process the attacker launch a process by creating a large array in the
user space. This array in the user space reads the byte from the CPU memory by clearing all
the collection in user space. The first step of Meltdown attack focuses on reading the kernel
memory byte wise, but it causes an exception by leaking the content from the side channel
before exception handler could do anything. The exception handler looks in the system for
the malicious activities because the execution of the instruction is out of order. Once the
attacker attacks the side channel it looks in the user space array to read the instructions before
anyone else could read it (Sclofsky and Funk, K., 2017)
. Central processing unit takes snapshot of these operations assuming if these instructions are
not executed, and then the snapshots could be used. In the next step, Meltdown accesses the
secret data by inhabiting the information in an array which is readable in user space memory.
lines are also used for stealing the data. It takes the advantage of the fact that orders are not
executed in a particular manner so that information could be easily leaked from the network
channels. Meltdown is patched in Windows, Linux, Android and Mac. If the system is not
patched properly attacker could read kernel memory from Window. Every system uses paged
table for mapping the physical memory and the virtual memory. Modern processor maps
kernel address with the user address. This is linked with the micro architectural attack as it
focuses on destroying the order in which execution take place so that physical memory could
be targeted (Simakov, et. al, 2018). It deals with accessing the kernel memory and reading the
data from user space. The access to user space trap the system as the content is leaked
through the cache lines. It is basically implemented as the executions of instruction happen in
an out of order manner, which in turn increases the utilization factor of the processor. The
processor queues all the instructions that are completed in the buffer and retrieve the
instructions by reordering it whenever needed.
In a Meltdown process the attacker launch a process by creating a large array in the
user space. This array in the user space reads the byte from the CPU memory by clearing all
the collection in user space. The first step of Meltdown attack focuses on reading the kernel
memory byte wise, but it causes an exception by leaking the content from the side channel
before exception handler could do anything. The exception handler looks in the system for
the malicious activities because the execution of the instruction is out of order. Once the
attacker attacks the side channel it looks in the user space array to read the instructions before
anyone else could read it (Sclofsky and Funk, K., 2017)
. Central processing unit takes snapshot of these operations assuming if these instructions are
not executed, and then the snapshots could be used. In the next step, Meltdown accesses the
secret data by inhabiting the information in an array which is readable in user space memory.
It is difficult to read the data in user space memory thus data is flushed back by resetting the
snapshots taken by CPU. In the third step exceptions are triggered by exception handler as the
instructions are not in a well-defined order (Anand, et.al, 2017). It is not possible to read the
secret data from user space array as it get rolled back. The final step involves the iteration of
unauthorized process of array elements. All the content of secret data is returned back to
cache line. This permits the attack to happen without handling the exception of software.
Meltdown is helpful in several ways like it provides privilege escalation and Para
virtualization of the data.
Privilege Escalation- Whenever attacker tries to execute a process on an unpatched system,
all the physical memory of the system is destroyed. As the physical memory is dumped
attacker uses this memory to identify all the sensitive data.
Para virtualization- Kernel address is targeted by the attacker which is shared between the
host and the container of kernel memory (Simonton, 2017). Attacker uses this address to read
the data from container which leads to hypervisor escape.
It is very difficult to detect these vulnerabilities because:
a. These bugs generally occur at hardware level which are difficult to be detected and
patched. Certain software’s are required to deal with the hardware issues. To resolve
the origin of these flaws the judgment of modern processor need to be updated.
b. These flaws are not visible and enter the system through the side channels. The
information is leaked by capturing the physical implementation of the computer.
c. It is expensive to remove these vulnerabilities by patches as it degrades the
performance of the system.
snapshots taken by CPU. In the third step exceptions are triggered by exception handler as the
instructions are not in a well-defined order (Anand, et.al, 2017). It is not possible to read the
secret data from user space array as it get rolled back. The final step involves the iteration of
unauthorized process of array elements. All the content of secret data is returned back to
cache line. This permits the attack to happen without handling the exception of software.
Meltdown is helpful in several ways like it provides privilege escalation and Para
virtualization of the data.
Privilege Escalation- Whenever attacker tries to execute a process on an unpatched system,
all the physical memory of the system is destroyed. As the physical memory is dumped
attacker uses this memory to identify all the sensitive data.
Para virtualization- Kernel address is targeted by the attacker which is shared between the
host and the container of kernel memory (Simonton, 2017). Attacker uses this address to read
the data from container which leads to hypervisor escape.
It is very difficult to detect these vulnerabilities because:
a. These bugs generally occur at hardware level which are difficult to be detected and
patched. Certain software’s are required to deal with the hardware issues. To resolve
the origin of these flaws the judgment of modern processor need to be updated.
b. These flaws are not visible and enter the system through the side channels. The
information is leaked by capturing the physical implementation of the computer.
c. It is expensive to remove these vulnerabilities by patches as it degrades the
performance of the system.
Fixing Spectre and Meltdown
Spectre and Meltdown have attacked every device like android, Mac or windows PCs
thus it is important to protect the devices from these bugs. It is easy to fix the bug in android
devices by simply updating the software (Rieck, 2017). These flaws attack windows PCs as
they read all the data and information of the running applications. It is very hard to fix these
bugs thus various measures taken are:
Installing Antivirus- There are various antiviruses that are not compatible for Spectre and
Meltdown. Thus it is important to install an antivirus that is compatible with Spectre and
Meltdown (Matsuda, Uemura and Canon 2017).
Mitigation- Hardware and software of the system need to be updated. As there are flaws
which are not present at software level but are present at the CPU chip which is very difficult
to be patched. Patching degrades the overall performance of the system thus the complete
solution is mitigating the flaws (Matsuda, Uemura and Canon 2017).
Firmware- It protects the system from spectre variants. Thus every system needs to have an
updated firmware.
Updating the system-It is important to keep the operating system updated and checking the
firmware updated so that PC is protected against these flaws. If the software is not updated
some steps need to be taken manually by clicking on the start option then setting tab then
update and security option and future clicking on windows update (Matsuda, Uemura and
Canon 2017).
Vendor Links- Patches are available on the vendor links, thus patches are downloaded from
these links to check the environmental conditions of the system and checking that each patch
has been implemented properly.
Spectre and Meltdown have attacked every device like android, Mac or windows PCs
thus it is important to protect the devices from these bugs. It is easy to fix the bug in android
devices by simply updating the software (Rieck, 2017). These flaws attack windows PCs as
they read all the data and information of the running applications. It is very hard to fix these
bugs thus various measures taken are:
Installing Antivirus- There are various antiviruses that are not compatible for Spectre and
Meltdown. Thus it is important to install an antivirus that is compatible with Spectre and
Meltdown (Matsuda, Uemura and Canon 2017).
Mitigation- Hardware and software of the system need to be updated. As there are flaws
which are not present at software level but are present at the CPU chip which is very difficult
to be patched. Patching degrades the overall performance of the system thus the complete
solution is mitigating the flaws (Matsuda, Uemura and Canon 2017).
Firmware- It protects the system from spectre variants. Thus every system needs to have an
updated firmware.
Updating the system-It is important to keep the operating system updated and checking the
firmware updated so that PC is protected against these flaws. If the software is not updated
some steps need to be taken manually by clicking on the start option then setting tab then
update and security option and future clicking on windows update (Matsuda, Uemura and
Canon 2017).
Vendor Links- Patches are available on the vendor links, thus patches are downloaded from
these links to check the environmental conditions of the system and checking that each patch
has been implemented properly.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
These bugs occur in all type of operating system, various actions need to be taken to protect
the operating system from Meltdown and Spectre:
Android- Some android devices are built in such a way that they fix the bugs by removing it.
They can be removed by using antivirus on the system that eliminates the bugs from the
system (Heires,2017). Bugs occur from any unknown sources but on Google phones the
system is automatically updated before the patch attack. For non- Google device it need to
wait till the patch occur.
Mac- This operating system is patched in such a way that it deals with spectre and meltdoen
attack. Latest updates are available on App store supposing that these updates removes the
flaws from the system It also make sure that performance of system are not affected by the
patches.
IOS- Spectre is most commonly found in iPhones or iPad’s, therefore JavaScript used by the
browser was patched and triggered to protect the system. Apart from that latest versions are
already protected and need not to be patched (Heires,2017).
Linux- It is difficult to protect the system which as Linux operating system as first it is
necessary to update the firmware. Apart from that motherboard of the system need to be
checked to make sure that there are no bugs (Heires,2017).
Impact on the business
Spectre and Meltdown are two bugs which impact the performance of the business.
The risk of cyber-attacks has increased due to these bugs as it lets the sensitive data to be
exploited by the side channels. It decreases the speed of the processor as the patches on the
system degrade the overall performance. Large organisations have a heavy load on the
network so poor performance cannot be accumulated. As performance of an organisation is
the operating system from Meltdown and Spectre:
Android- Some android devices are built in such a way that they fix the bugs by removing it.
They can be removed by using antivirus on the system that eliminates the bugs from the
system (Heires,2017). Bugs occur from any unknown sources but on Google phones the
system is automatically updated before the patch attack. For non- Google device it need to
wait till the patch occur.
Mac- This operating system is patched in such a way that it deals with spectre and meltdoen
attack. Latest updates are available on App store supposing that these updates removes the
flaws from the system It also make sure that performance of system are not affected by the
patches.
IOS- Spectre is most commonly found in iPhones or iPad’s, therefore JavaScript used by the
browser was patched and triggered to protect the system. Apart from that latest versions are
already protected and need not to be patched (Heires,2017).
Linux- It is difficult to protect the system which as Linux operating system as first it is
necessary to update the firmware. Apart from that motherboard of the system need to be
checked to make sure that there are no bugs (Heires,2017).
Impact on the business
Spectre and Meltdown are two bugs which impact the performance of the business.
The risk of cyber-attacks has increased due to these bugs as it lets the sensitive data to be
exploited by the side channels. It decreases the speed of the processor as the patches on the
system degrade the overall performance. Large organisations have a heavy load on the
network so poor performance cannot be accumulated. As performance of an organisation is
directly related to the operating system and hardware of the system (Peng, Y., Zhao, H., Sun,
X. and Sun, C., 2017). Thus to maintain the performance of the system and keep it safeguard
from Meltdown and Spectre, certain measures are:
Updating- Devices need to be updated and patches need to be installed to deal with all kind
of security bugs. Devices need to be updated on regular basics (Kim, et.al, 2015).
Keeping the information up-to-date- Spectre is dangerous bug as it cannot be resolved
using patches whereas meltdown can be resolved by patches. Security team need to take care
of new updates to secure the system (Page, Kaur and Waters, 2017).
Analysing- Security of a system is not only the key concern Securing the cloud of a business
is also important as most the data is stored on the cloud. Attacker steals the data from any
security chain thus analysing the security flaws and fixing it is essential.
Evaluation- The data packets are segregated according to its sensitivity. So that the sensitive
data can be stored on the cloud as it reduces the chances of leakage of data.
Protection of System from flaws
Keeping the system safe from Meltdown and spectre attack could be done by patching
the system. Other than that using the updated windows resolve the issue of patching the
system. Patches need to be downloaded from third party users to keep the system secure and
updated. Apart from just downloading the patches it is important to keep the backup of the
data, if in case data is loss or system crashes data can be restored rom the backup (Dionne
and Hassani, 2015).
In case of Spectre where patches don’t work it is important to keep the backup of data
by installing the software updates automatically. The only solution for Spectre bug is keeping
X. and Sun, C., 2017). Thus to maintain the performance of the system and keep it safeguard
from Meltdown and Spectre, certain measures are:
Updating- Devices need to be updated and patches need to be installed to deal with all kind
of security bugs. Devices need to be updated on regular basics (Kim, et.al, 2015).
Keeping the information up-to-date- Spectre is dangerous bug as it cannot be resolved
using patches whereas meltdown can be resolved by patches. Security team need to take care
of new updates to secure the system (Page, Kaur and Waters, 2017).
Analysing- Security of a system is not only the key concern Securing the cloud of a business
is also important as most the data is stored on the cloud. Attacker steals the data from any
security chain thus analysing the security flaws and fixing it is essential.
Evaluation- The data packets are segregated according to its sensitivity. So that the sensitive
data can be stored on the cloud as it reduces the chances of leakage of data.
Protection of System from flaws
Keeping the system safe from Meltdown and spectre attack could be done by patching
the system. Other than that using the updated windows resolve the issue of patching the
system. Patches need to be downloaded from third party users to keep the system secure and
updated. Apart from just downloading the patches it is important to keep the backup of the
data, if in case data is loss or system crashes data can be restored rom the backup (Dionne
and Hassani, 2015).
In case of Spectre where patches don’t work it is important to keep the backup of data
by installing the software updates automatically. The only solution for Spectre bug is keeping
it updated. Other than that various browsers like Mozilla have provided with the solution for
protecting the system from theses bugs. It is recommended that user uses anti malware
software by keeping this software updated (Dionne and Hassani, 2015). Spectre uses
JavaScript to inject the code on the website to perform malicious activities; the anti-malware
installed in the system block the malicious code to attack the system. Various traditional
approaches are used to protect the system from unauthorized access. These methods wrap the
system by a protective layer that does not allow any know of flaw to penetrate in the system.
Operator of the system assures that all the sensitive data is handled properly and no
unauthorized users access the data packets (Ma, Wang and Zhao, 2014).
Influence of Spectre and Meltdown
These are security bug that permits untrusted users to access the data without any
permission. These flaws degrade the performance of an organisation as all the sensitive data
like banking details or passwords are leaked. These affect the modern processors, computers,
smartphones or tablets. As in today’s era everyone believes that there data is secured on the
network and the confidentiality is maintained. But Spectre and Meltdown destroys the
confidentiality of the network by allowing them to steal the information from the network by
side channels or breaking the security barriers (Jolfaei, Wu, and Muthukkumarasamy, 2014).
The flaws will increase in future thus it is important to improve the methods to in which
operating system handles the flaws. These vulnerabilities have attacked the cloud system
also.
Seeing from the core perceptive of security, these flaws affect the principal of
isolation between the applications layer and operating system. By exploiting their isolation it
allow the attacker to access the data stored on the system secretly. All the data stored on the
cloud can be stolen due to these bugs. It affects the ubiquities of the processor and even the
protecting the system from theses bugs. It is recommended that user uses anti malware
software by keeping this software updated (Dionne and Hassani, 2015). Spectre uses
JavaScript to inject the code on the website to perform malicious activities; the anti-malware
installed in the system block the malicious code to attack the system. Various traditional
approaches are used to protect the system from unauthorized access. These methods wrap the
system by a protective layer that does not allow any know of flaw to penetrate in the system.
Operator of the system assures that all the sensitive data is handled properly and no
unauthorized users access the data packets (Ma, Wang and Zhao, 2014).
Influence of Spectre and Meltdown
These are security bug that permits untrusted users to access the data without any
permission. These flaws degrade the performance of an organisation as all the sensitive data
like banking details or passwords are leaked. These affect the modern processors, computers,
smartphones or tablets. As in today’s era everyone believes that there data is secured on the
network and the confidentiality is maintained. But Spectre and Meltdown destroys the
confidentiality of the network by allowing them to steal the information from the network by
side channels or breaking the security barriers (Jolfaei, Wu, and Muthukkumarasamy, 2014).
The flaws will increase in future thus it is important to improve the methods to in which
operating system handles the flaws. These vulnerabilities have attacked the cloud system
also.
Seeing from the core perceptive of security, these flaws affect the principal of
isolation between the applications layer and operating system. By exploiting their isolation it
allow the attacker to access the data stored on the system secretly. All the data stored on the
cloud can be stolen due to these bugs. It affects the ubiquities of the processor and even the
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
cloud environment. To control these flaws several problems are resolved especially at the
hardware level. Computers need to be designed in a way that measures hardware updates
automatically so that it doesn’t affect the software solutions of the system (Jolfaei, Wu, and
Muthukkumarasamy, 2014). To fix these bugs permanently in futures, hardware’s are
deployed in such a way that it deals with these flaws by not allowing them to penetrate in the
system. Until the new hardware is deployed, temporary software based solutions are used for
providing patches.
Conclusion
Meltdown breaks the most important isolation among user application and the
operating system. It permits a code to access the memory and all the secret data of other
programs. Thus it can be concluded that a computer has a susceptible computer and runs on
an unpatched operating system it is not considered harmless to work. Whereas, Spectre
breaks the isolation between different applications but allow an attacker to trick error free
programs. Spectre is tougher to exploit than Meltdown but they are harder to mitigate.
Solution for this problem is reliable and can be solved by method of Desktop channel. With
the help of Desktop central one can protect the network against Meltdown and Spectre and
defend the system from existing and future vulnerabilities. It patches Windows, Linux or
Mac. system automatically for no future damage. Thus it is important to fix these bugs to
maintain confidentiality of the data stored on the system.
hardware level. Computers need to be designed in a way that measures hardware updates
automatically so that it doesn’t affect the software solutions of the system (Jolfaei, Wu, and
Muthukkumarasamy, 2014). To fix these bugs permanently in futures, hardware’s are
deployed in such a way that it deals with these flaws by not allowing them to penetrate in the
system. Until the new hardware is deployed, temporary software based solutions are used for
providing patches.
Conclusion
Meltdown breaks the most important isolation among user application and the
operating system. It permits a code to access the memory and all the secret data of other
programs. Thus it can be concluded that a computer has a susceptible computer and runs on
an unpatched operating system it is not considered harmless to work. Whereas, Spectre
breaks the isolation between different applications but allow an attacker to trick error free
programs. Spectre is tougher to exploit than Meltdown but they are harder to mitigate.
Solution for this problem is reliable and can be solved by method of Desktop channel. With
the help of Desktop central one can protect the network against Meltdown and Spectre and
defend the system from existing and future vulnerabilities. It patches Windows, Linux or
Mac. system automatically for no future damage. Thus it is important to fix these bugs to
maintain confidentiality of the data stored on the system.
References
Anand, K., Crampon, M., Meester, R., Rozner, J. and Chase, J., PREVOTY Inc,
2017. Systems and methods for sql type evaluation to detect evaluation flaws. U.S. Patent
Application 15/268,503.
Boothby, B., 2015. Autonomous Attack—Opportunity or Spectre?. In Yearbook of
International Humanitarian Law 2013(pp. 71-88). TMC Asser Press, The Hague.
Dionne, G. and Hassani, S.S., 2015. Endogenous hidden markov regimes in operational loss
data: Application to the recent financial crisis. Cahier de recherche/Working Paper, 15, p.16.
Etzler, M., 2014. Ghostbuster: Cotton Mather’s Invocation of the History of the Specter in the
Justification of the Salem Witch Trials. Preface: Mission of the JGMF About the Authors
Ross Enochs. The Fetter, the Ring and the Oath: Binding Symbolism in Viking Mythology,
p.42.
Han, Y., Chan, J., Alpcan, T. and Leckie, C., 2017. Using virtual machine allocation policies
to defend against co-resident attacks in cloud computing. IEEE Transactions on Dependable
and Secure Computing, 14(1), pp.95-108.
Heires, K., 2017. FLAWS IN THE DATA. Risk Management, 64(3), p.38.
Hill, D.W. and Lynn, J.T., Motorola Solutions Inc, 2010. Adaptive system and method for
responding to computer network security attacks. U.S. Patent 6,088,804.
Jolfaei, A., Wu, X.W. and Muthukkumarasamy, V., 2014. Comments on the security of
“Diffusion–substitution based gray image encryption” scheme. Digital signal processing, 32,
pp.34-36.
Anand, K., Crampon, M., Meester, R., Rozner, J. and Chase, J., PREVOTY Inc,
2017. Systems and methods for sql type evaluation to detect evaluation flaws. U.S. Patent
Application 15/268,503.
Boothby, B., 2015. Autonomous Attack—Opportunity or Spectre?. In Yearbook of
International Humanitarian Law 2013(pp. 71-88). TMC Asser Press, The Hague.
Dionne, G. and Hassani, S.S., 2015. Endogenous hidden markov regimes in operational loss
data: Application to the recent financial crisis. Cahier de recherche/Working Paper, 15, p.16.
Etzler, M., 2014. Ghostbuster: Cotton Mather’s Invocation of the History of the Specter in the
Justification of the Salem Witch Trials. Preface: Mission of the JGMF About the Authors
Ross Enochs. The Fetter, the Ring and the Oath: Binding Symbolism in Viking Mythology,
p.42.
Han, Y., Chan, J., Alpcan, T. and Leckie, C., 2017. Using virtual machine allocation policies
to defend against co-resident attacks in cloud computing. IEEE Transactions on Dependable
and Secure Computing, 14(1), pp.95-108.
Heires, K., 2017. FLAWS IN THE DATA. Risk Management, 64(3), p.38.
Hill, D.W. and Lynn, J.T., Motorola Solutions Inc, 2010. Adaptive system and method for
responding to computer network security attacks. U.S. Patent 6,088,804.
Jolfaei, A., Wu, X.W. and Muthukkumarasamy, V., 2014. Comments on the security of
“Diffusion–substitution based gray image encryption” scheme. Digital signal processing, 32,
pp.34-36.
Kim, S., Shin, Y., Ha, J., Kim, T. and Han, D., 2015, November. A first step towards
leveraging commodity trusted execution environments for network applications.
In Proceedings of the 14th ACM Workshop on Hot Topics in Networks (p. 7). ACM.
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher,
T., Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative
Execution. arXiv preprint arXiv:1801.01203.
Ma, C.G., Wang, D. and Zhao, S.D., 2014. Security flaws in two improved remote user
authentication schemes using smart cards. International Journal of Communication
Systems, 27(10), pp.2215-2227.
Matsuda, H. and Uemura, T., Canon KK, 2017. Inspection apparatus, inspection system, and
article manufacturing method. U.S. Patent Application 15/495,666.
Mollah, M.B., Azad, M.A.K. and Vasilakos, A., 2017. Security and privacy challenges in
mobile cloud computing: Survey and way ahead. Journal of Network and Computer
Applications, 84, pp.38-54.
Page, J., Kaur, M. and Waters, E., 2017. Directors’ liability survey: Cyber attacks and data
loss—a growing concern. Journal of Data Protection & Privacy, 1(2), pp.173-182.
Peng, Y., Zhao, H., Sun, X. and Sun, C., 2017, July. A Side-Channel Attack Resistant AES
with 500Mbps, 1.92 pJ/Bit PVT Variation Tolerant True Random Number Generator.
In VLSI (ISVLSI), 2017 IEEE Computer Society Annual Symposium on(pp. 249-254). IEEE.
Rieck, K., 2017. Vulnerability analysis. it-Information Technology, 59(2), pp.57-58.
leveraging commodity trusted execution environments for network applications.
In Proceedings of the 14th ACM Workshop on Hot Topics in Networks (p. 7). ACM.
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher,
T., Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative
Execution. arXiv preprint arXiv:1801.01203.
Ma, C.G., Wang, D. and Zhao, S.D., 2014. Security flaws in two improved remote user
authentication schemes using smart cards. International Journal of Communication
Systems, 27(10), pp.2215-2227.
Matsuda, H. and Uemura, T., Canon KK, 2017. Inspection apparatus, inspection system, and
article manufacturing method. U.S. Patent Application 15/495,666.
Mollah, M.B., Azad, M.A.K. and Vasilakos, A., 2017. Security and privacy challenges in
mobile cloud computing: Survey and way ahead. Journal of Network and Computer
Applications, 84, pp.38-54.
Page, J., Kaur, M. and Waters, E., 2017. Directors’ liability survey: Cyber attacks and data
loss—a growing concern. Journal of Data Protection & Privacy, 1(2), pp.173-182.
Peng, Y., Zhao, H., Sun, X. and Sun, C., 2017, July. A Side-Channel Attack Resistant AES
with 500Mbps, 1.92 pJ/Bit PVT Variation Tolerant True Random Number Generator.
In VLSI (ISVLSI), 2017 IEEE Computer Society Annual Symposium on(pp. 249-254). IEEE.
Rieck, K., 2017. Vulnerability analysis. it-Information Technology, 59(2), pp.57-58.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Sclofsky, S. and Funk, K., 2017. The Specter That Haunts Political Science: The Neglect and
Misreading of Marx in International Relations and Comparative Politics. International
Studies Perspectives.
Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and
Furlani, T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329.
Simonton, T.M., 2017. Optimized Parallel Training of Word Vectors on Multi-Core CPU and
GPU (Doctoral dissertation, University of Colorado at Denver).
Subashini, S. and Kavitha, V., 2011. A survey on security issues in service delivery models
of cloud computing. Journal of network and computer applications, 34(1), pp.1-11.
Thurnher, J.S., 2018. Feasible Precautions in Attack and Autonomous Weapons.
In Dehumanization of Warfare (pp. 99-117). Springer, Cham.
Trippel, C., Lustig, D. and Martonosi, M., 2018. MeltdownPrime and SpectrePrime:
Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence
Protocols. arXiv preprint arXiv:1802.03802.
Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
Misreading of Marx in International Relations and Comparative Politics. International
Studies Perspectives.
Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and
Furlani, T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329.
Simonton, T.M., 2017. Optimized Parallel Training of Word Vectors on Multi-Core CPU and
GPU (Doctoral dissertation, University of Colorado at Denver).
Subashini, S. and Kavitha, V., 2011. A survey on security issues in service delivery models
of cloud computing. Journal of network and computer applications, 34(1), pp.1-11.
Thurnher, J.S., 2018. Feasible Precautions in Attack and Autonomous Weapons.
In Dehumanization of Warfare (pp. 99-117). Springer, Cham.
Trippel, C., Lustig, D. and Martonosi, M., 2018. MeltdownPrime and SpectrePrime:
Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence
Protocols. arXiv preprint arXiv:1802.03802.
Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
1 out of 15
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.