Analyzing Security Threats and Solutions
VerifiedAdded on 2021/04/21
|16
|4298
|33
AI Summary
The provided assignment is a collection of references to research papers, patents, and articles related to computer security. It covers various topics including Meltdown and Spectre attacks, side channels, runtime encryption, and secure resource accounting. The references are from reputable sources such as IEEE conferences, patents, and academic journals. This document aims to provide a comprehensive understanding of security threats and solutions in the context of computer systems.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: SPECTRE AND MELTDOWN VULNERABILITIES
Spectre and Meltdown Vulnerabilities
Name of the Student:
Name of the University:
Author note
Spectre and Meltdown Vulnerabilities
Name of the Student:
Name of the University:
Author note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
SPECTRE AND MELTDOWN VULNERABILITIES
Executive Summary
The purpose of the paper is to identify the Spectre and Meltdown vulnerability. The paper
also identifies the procedure in which the vulnerabilities progress. The article also provides a
brief overview of the impacts of the vulnerabilities and the extent of its spread in the
microprocessor. It also provides the counter measures to the spectre and the meltdown
attacks. Finally, the paper provides the future impact on the system configuration.
SPECTRE AND MELTDOWN VULNERABILITIES
Executive Summary
The purpose of the paper is to identify the Spectre and Meltdown vulnerability. The paper
also identifies the procedure in which the vulnerabilities progress. The article also provides a
brief overview of the impacts of the vulnerabilities and the extent of its spread in the
microprocessor. It also provides the counter measures to the spectre and the meltdown
attacks. Finally, the paper provides the future impact on the system configuration.
2
SPECTRE AND MELTDOWN VULNERABILITIES
Table of Contents
Introduction................................................................................................................................3
Spectre Vulnerability.................................................................................................................4
Meltdown Vulnerability.............................................................................................................5
Counter measures to the Spectre and Meltdown Vulnerabilities...............................................6
Mitigations for the Spectre Vulnerabilities............................................................................6
Mitigations for the Meltdown Vulnerabilities........................................................................8
Future Impact of Spectre and Meltdown vulnerability..............................................................9
Conclusion................................................................................................................................10
References................................................................................................................................12
SPECTRE AND MELTDOWN VULNERABILITIES
Table of Contents
Introduction................................................................................................................................3
Spectre Vulnerability.................................................................................................................4
Meltdown Vulnerability.............................................................................................................5
Counter measures to the Spectre and Meltdown Vulnerabilities...............................................6
Mitigations for the Spectre Vulnerabilities............................................................................6
Mitigations for the Meltdown Vulnerabilities........................................................................8
Future Impact of Spectre and Meltdown vulnerability..............................................................9
Conclusion................................................................................................................................10
References................................................................................................................................12
3
SPECTRE AND MELTDOWN VULNERABILITIES
Introduction
Computer security, sometimes also known as Cyber Security is the activities or the
process by virtue of which the computer systems is protected against damage and threat to the
computer hardware as well as software (Bambauer 2013). Computer security secures the
computer system by disallowing the threats that peep into the computer system through
network access, code and data injection. The field of computer security needs utmost
attention as with the growing technologies and increased internet connections leads to the
increment is issues of cyber attack as well as data breaches across the network (Hsiao et al.,
2014). The spectre and Meltdown vulnerabilities are the vulnerabilities that attack the
computer system. The paper brings to light the major vulnerabilities to the computer system
namely Spectre and Meltdown vulnerabilities. The paper provides a brief overview of the
procedure of the Spectre and Meltdown attack. The article clearly points out the fact that
these vulnerabilities affect the computer at the processor level. The article also points out the
impacts of the Spectre and Meltdown vulnerabilities. Furthermore, the paper brings to light
that these vulnerabilities have a wide spread affect, including all the processors available in
the market. The paper also describes the techniques to mitigate the risks imparted by these
vulnerabilities. The article also describes the procedure through which the mitigation
techniques should be implemented in order to curb down the risks imparted by the Spectre
and Meltdown vulnerabilities. Finally, the paper provides the future implications of the
Spectre and the Meltdown vulnerabilities. The article also highlights that the changes
implemented in the future processors such that these vulnerabilities could be mitigated.
Various changes implemented in the operating system, help to curb down the risks
incorporated by the Spectre and Meltdown vulnerabilities. The mitigation of such risks is
SPECTRE AND MELTDOWN VULNERABILITIES
Introduction
Computer security, sometimes also known as Cyber Security is the activities or the
process by virtue of which the computer systems is protected against damage and threat to the
computer hardware as well as software (Bambauer 2013). Computer security secures the
computer system by disallowing the threats that peep into the computer system through
network access, code and data injection. The field of computer security needs utmost
attention as with the growing technologies and increased internet connections leads to the
increment is issues of cyber attack as well as data breaches across the network (Hsiao et al.,
2014). The spectre and Meltdown vulnerabilities are the vulnerabilities that attack the
computer system. The paper brings to light the major vulnerabilities to the computer system
namely Spectre and Meltdown vulnerabilities. The paper provides a brief overview of the
procedure of the Spectre and Meltdown attack. The article clearly points out the fact that
these vulnerabilities affect the computer at the processor level. The article also points out the
impacts of the Spectre and Meltdown vulnerabilities. Furthermore, the paper brings to light
that these vulnerabilities have a wide spread affect, including all the processors available in
the market. The paper also describes the techniques to mitigate the risks imparted by these
vulnerabilities. The article also describes the procedure through which the mitigation
techniques should be implemented in order to curb down the risks imparted by the Spectre
and Meltdown vulnerabilities. Finally, the paper provides the future implications of the
Spectre and the Meltdown vulnerabilities. The article also highlights that the changes
implemented in the future processors such that these vulnerabilities could be mitigated.
Various changes implemented in the operating system, help to curb down the risks
incorporated by the Spectre and Meltdown vulnerabilities. The mitigation of such risks is
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
SPECTRE AND MELTDOWN VULNERABILITIES
extremely essential as it leads to the security breaches such as leakage of potentially useful
data that need to be secured and protected.
Spectre Vulnerability
The Spectre vulnerability is a computer security vulnerability that targets the modern
microprocessors that has the capability to perform branch prediction. This vulnerability gets
executed by tricking the processor to execute the instruction stored in an arbitrary location in
the computer memory (Wang, Wei and Vangury 2014). Thus, the attacker gains the
advantage of accessing a memory location and thus, potentially gain the sensitive data stored
into it which he/ she is not authorised to view. The modern computers are so designed as to
produce computational data within seconds of time. Modern computers use the procedure of
speculative execution, through which the computational efficiency increases and thus, the
performance of the computer enhances. Speculative execution is a process utilized by the
high speed processor such that the performance of the computer increases; it progresses by
making predictions to the future execution paths and thus, in a premature manner executes
the instructions in them (Chen et al., 2018). The microprocessors that deal with branch
prediction or speculative execution technique are more vulnerable to such attacks. Spectre
attacks provide a path to computer programs to spy on the data of the other computer
program, thus leading to the loss of data. The computation is performed in the background
such that the computation in real time does not cause decrement in performance. This
vulnerability generally tricks the processor by accessing and executing the program stored in
an arbitrary location that leads to the data breaches and revealing of such data that are secured
and not accessible to unauthorized users. The extent of impact of the spectre vulnerability is
that it covers almost all the processors available worldwide namely, Windows, iOS, Linux
and Mac. It imparts serious impact on the computer system by removing the isolation
SPECTRE AND MELTDOWN VULNERABILITIES
extremely essential as it leads to the security breaches such as leakage of potentially useful
data that need to be secured and protected.
Spectre Vulnerability
The Spectre vulnerability is a computer security vulnerability that targets the modern
microprocessors that has the capability to perform branch prediction. This vulnerability gets
executed by tricking the processor to execute the instruction stored in an arbitrary location in
the computer memory (Wang, Wei and Vangury 2014). Thus, the attacker gains the
advantage of accessing a memory location and thus, potentially gain the sensitive data stored
into it which he/ she is not authorised to view. The modern computers are so designed as to
produce computational data within seconds of time. Modern computers use the procedure of
speculative execution, through which the computational efficiency increases and thus, the
performance of the computer enhances. Speculative execution is a process utilized by the
high speed processor such that the performance of the computer increases; it progresses by
making predictions to the future execution paths and thus, in a premature manner executes
the instructions in them (Chen et al., 2018). The microprocessors that deal with branch
prediction or speculative execution technique are more vulnerable to such attacks. Spectre
attacks provide a path to computer programs to spy on the data of the other computer
program, thus leading to the loss of data. The computation is performed in the background
such that the computation in real time does not cause decrement in performance. This
vulnerability generally tricks the processor by accessing and executing the program stored in
an arbitrary location that leads to the data breaches and revealing of such data that are secured
and not accessible to unauthorized users. The extent of impact of the spectre vulnerability is
that it covers almost all the processors available worldwide namely, Windows, iOS, Linux
and Mac. It imparts serious impact on the computer system by removing the isolation
5
SPECTRE AND MELTDOWN VULNERABILITIES
between the applications. This vulnerability allows the attacker to extract secret information
from the Random Access Memory of the computer hardware (Genkin et al., 2018).
Meltdown Vulnerability
The Meltdown vulnerability is a hardware security vulnerability that works on major
operating systems and does not have any effects on the computer software. The memory
isolation is the major concern in the operating system. The operating system prevents the
application to read or write data in to the kernel memory. It also prevents the user application
to modify the data stored in the Kernel memory (Watson et al., 2018). With the help of this
isolation it becomes easy for the modern day processors to perform multiple tasks and
support multiple users on one particular machine during performing operation on the cloud.
The modern day processor implements the usage of a processor bit to supervise the isolation
between the Kernel memory and the user processes. This bit determines whether the user
processes can access the memory page of the kernel or not. This feature is essential in during
interrupt handling and it allows the operating system, the mapping of the kernel to address
space of the processes such that an effective transition is possible for the user end to the
kernel (Hund, Willems and Holz 2013). The Meltdown vulnerability effects the memory
isolation between the kernel and the user processes. This vulnerability allows the overcoming
memory isolation entirely by allowing the user processes full access to the kernel memory
such that those processes have the accessibility of the entire kernel data (Kathapurkar 2016).
This vulnerability advances by exploiting the side channel information that is readily
available on all modern computers. This vulnerability allows the attacker to run a malicious
code on the vulnerable processor such that the entire information secured in the kernel
memory can be obtained. The out of order execution is the major cause of the Meltdown
vulnerability. This vulnerability has its effects on all Intel microprocessors as well as few
SPECTRE AND MELTDOWN VULNERABILITIES
between the applications. This vulnerability allows the attacker to extract secret information
from the Random Access Memory of the computer hardware (Genkin et al., 2018).
Meltdown Vulnerability
The Meltdown vulnerability is a hardware security vulnerability that works on major
operating systems and does not have any effects on the computer software. The memory
isolation is the major concern in the operating system. The operating system prevents the
application to read or write data in to the kernel memory. It also prevents the user application
to modify the data stored in the Kernel memory (Watson et al., 2018). With the help of this
isolation it becomes easy for the modern day processors to perform multiple tasks and
support multiple users on one particular machine during performing operation on the cloud.
The modern day processor implements the usage of a processor bit to supervise the isolation
between the Kernel memory and the user processes. This bit determines whether the user
processes can access the memory page of the kernel or not. This feature is essential in during
interrupt handling and it allows the operating system, the mapping of the kernel to address
space of the processes such that an effective transition is possible for the user end to the
kernel (Hund, Willems and Holz 2013). The Meltdown vulnerability effects the memory
isolation between the kernel and the user processes. This vulnerability allows the overcoming
memory isolation entirely by allowing the user processes full access to the kernel memory
such that those processes have the accessibility of the entire kernel data (Kathapurkar 2016).
This vulnerability advances by exploiting the side channel information that is readily
available on all modern computers. This vulnerability allows the attacker to run a malicious
code on the vulnerable processor such that the entire information secured in the kernel
memory can be obtained. The out of order execution is the major cause of the Meltdown
vulnerability. This vulnerability has its effects on all Intel microprocessors as well as few
6
SPECTRE AND MELTDOWN VULNERABILITIES
ARM based processors. The major effect of this vulnerability is that it slows down the
computer speed by approximately 30 percent during excessive workload (Kolawa et al.,
2013). The meltdown vulnerability slows down the computer system by implementing the
process of privilege checking which does not allow those instructions to get executed that
does not hold the access of a particular data or program. The meltdown vulnerability often
reduces the computing speed of the processor within a range of 5 percent to 30 percent. It
aims at exploiting the race condition of the CPU that arises between the privilege checking
and the instruction execution. The privilege checking is done such that any unauthorised
access to the data stored in the kernel memory is isolated and is not available to be accessed
by unauthentic users. It also imparts serious impacts on the patched versions of Windows,
iOS, macOS and Linux operating systems (Jin et al., 2015). This vulnerability progresses by
executing an attack code that leads to the loading of some secured data in the cache memory,
and the privilege check also takes place simultaneously. Following the above step, a code is
executed according to the data obtained from the cache memory. The value of the secured
data is obtained by following a side channel technique. The code for the execution is stored in
a memory chip and is executed according to the value of the data obtained. Another technique
named the side channel technique is implemented to obtain the value of the data obtained for
illegal usage.
Counter measures to the Spectre and Meltdown Vulnerabilities
There are various mitigation options available for the spectre and meltdown
vulnerabilities. The countermeasures of these vulnerabilities are essential as they affect
almost all processors available such as Intel and others. The mitigations for the Spectre and
Meltdown vulnerabilities are discussed separately as follows:
SPECTRE AND MELTDOWN VULNERABILITIES
ARM based processors. The major effect of this vulnerability is that it slows down the
computer speed by approximately 30 percent during excessive workload (Kolawa et al.,
2013). The meltdown vulnerability slows down the computer system by implementing the
process of privilege checking which does not allow those instructions to get executed that
does not hold the access of a particular data or program. The meltdown vulnerability often
reduces the computing speed of the processor within a range of 5 percent to 30 percent. It
aims at exploiting the race condition of the CPU that arises between the privilege checking
and the instruction execution. The privilege checking is done such that any unauthorised
access to the data stored in the kernel memory is isolated and is not available to be accessed
by unauthentic users. It also imparts serious impacts on the patched versions of Windows,
iOS, macOS and Linux operating systems (Jin et al., 2015). This vulnerability progresses by
executing an attack code that leads to the loading of some secured data in the cache memory,
and the privilege check also takes place simultaneously. Following the above step, a code is
executed according to the data obtained from the cache memory. The value of the secured
data is obtained by following a side channel technique. The code for the execution is stored in
a memory chip and is executed according to the value of the data obtained. Another technique
named the side channel technique is implemented to obtain the value of the data obtained for
illegal usage.
Counter measures to the Spectre and Meltdown Vulnerabilities
There are various mitigation options available for the spectre and meltdown
vulnerabilities. The countermeasures of these vulnerabilities are essential as they affect
almost all processors available such as Intel and others. The mitigations for the Spectre and
Meltdown vulnerabilities are discussed separately as follows:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7
SPECTRE AND MELTDOWN VULNERABILITIES
Mitigations for the Spectre Vulnerabilities
The Spectre vulnerability also termed as the conditional branch vulnerability
mitigation can be possible when the speculative execution can be stopped on the sensitive
code execution path. Moreover, some Intel processors serialize the execution of the
instruction such that branching conditions do not occur that would mitigate the effects of
branching code instructions. It has a different perspective from ensuring that the speculative
execution would not occur or leak information (Kocher et al., 2018). However, the sequential
execution of the instruction does not prove to be an effective counter measure against the
Spectre vulnerability on all processors. Moreover, the utilization of the three user mode
serializing instructions used by the Intel processors poses serious threats to many registers.
However, the mfence and lfence instructions can add to the counter measure without
affecting the content of registers. However, there lies a constraint in the utilization of mfence
and lfence as they do not properly work for all CPU’s and all system configurations. In
addition to these allowing delays in the instruction execution but the delay should be
approximately about 200 instructions which should be ahead to the cache miss (Simakov wet
al., 2018). However, it is a challenging approach to insert the speculative execution block as
it is easy for the compiler to insert instructions after the conditional branch and the
destination but this insertion causes degradation in the performance of the computer. The
checks could be eliminated by the static analysis technique.
The indirect branch poisoning is even more critical and challenging that needs to be
mitigated in the software. However, during context switching the flush branch prediction and
hyper threading can be disabled although the architecture does not define any procedure to do
so. Moreover, the switch statement case could not be addressed by disabling the hyper
threading and flushing the branch prediction technique. Furthermore, the speculative
SPECTRE AND MELTDOWN VULNERABILITIES
Mitigations for the Spectre Vulnerabilities
The Spectre vulnerability also termed as the conditional branch vulnerability
mitigation can be possible when the speculative execution can be stopped on the sensitive
code execution path. Moreover, some Intel processors serialize the execution of the
instruction such that branching conditions do not occur that would mitigate the effects of
branching code instructions. It has a different perspective from ensuring that the speculative
execution would not occur or leak information (Kocher et al., 2018). However, the sequential
execution of the instruction does not prove to be an effective counter measure against the
Spectre vulnerability on all processors. Moreover, the utilization of the three user mode
serializing instructions used by the Intel processors poses serious threats to many registers.
However, the mfence and lfence instructions can add to the counter measure without
affecting the content of registers. However, there lies a constraint in the utilization of mfence
and lfence as they do not properly work for all CPU’s and all system configurations. In
addition to these allowing delays in the instruction execution but the delay should be
approximately about 200 instructions which should be ahead to the cache miss (Simakov wet
al., 2018). However, it is a challenging approach to insert the speculative execution block as
it is easy for the compiler to insert instructions after the conditional branch and the
destination but this insertion causes degradation in the performance of the computer. The
checks could be eliminated by the static analysis technique.
The indirect branch poisoning is even more critical and challenging that needs to be
mitigated in the software. However, during context switching the flush branch prediction and
hyper threading can be disabled although the architecture does not define any procedure to do
so. Moreover, the switch statement case could not be addressed by disabling the hyper
threading and flushing the branch prediction technique. Furthermore, the speculative
8
SPECTRE AND MELTDOWN VULNERABILITIES
execution that follows other forms of jumps is unknown and there are chances that they
would vary from processor to processor.
The code fixes of the vulnerability is still unknown for the existing processors but the
patches posses the capability to disable the speculative execution. The installation of patches
would slow down the processor to some extent and slow down the processor. Moreover, the
buffering of the speculatively initiated memory transaction for the cache does not act as an
efficient mitigation against the vulnerability until the speculative execution is committed. The
adoption of the above methods affects the performance of the processor by degrading the
speed of operations (Ruj and Nayak 2013). Thus, these counter measures are insufficient as
there exists other ways in which the speculative execution can leak potentially secured
information.
Mitigations for the Meltdown Vulnerabilities
The Meltdown vulnerability also poses serious impacts on all the available
microprocessors just like the Spectre vulnerability and specific counter measures should be
adopted such as to mitigate the threats posed by the vulnerability. The following sections
provide the counter measure against the attacks regarding the hardware counter measures and
the KAISER counter measure:
Hardware
The meltdown vulnerability affects the isolation layer of the user processes and the
kernel thereby, disturbing the security domains, and does not affect the software hence, no
software vulnerability is involved in the meltdown attack. Thus, the usage of the software
patches as a counter measure does not completely fix the vulnerability. The trivial counter
measure against the meltdown attack is to completely halt the out of order execution as the
root cause of this vulnerability is the out of order execution of the processor (Lee et al.,
SPECTRE AND MELTDOWN VULNERABILITIES
execution that follows other forms of jumps is unknown and there are chances that they
would vary from processor to processor.
The code fixes of the vulnerability is still unknown for the existing processors but the
patches posses the capability to disable the speculative execution. The installation of patches
would slow down the processor to some extent and slow down the processor. Moreover, the
buffering of the speculatively initiated memory transaction for the cache does not act as an
efficient mitigation against the vulnerability until the speculative execution is committed. The
adoption of the above methods affects the performance of the processor by degrading the
speed of operations (Ruj and Nayak 2013). Thus, these counter measures are insufficient as
there exists other ways in which the speculative execution can leak potentially secured
information.
Mitigations for the Meltdown Vulnerabilities
The Meltdown vulnerability also poses serious impacts on all the available
microprocessors just like the Spectre vulnerability and specific counter measures should be
adopted such as to mitigate the threats posed by the vulnerability. The following sections
provide the counter measure against the attacks regarding the hardware counter measures and
the KAISER counter measure:
Hardware
The meltdown vulnerability affects the isolation layer of the user processes and the
kernel thereby, disturbing the security domains, and does not affect the software hence, no
software vulnerability is involved in the meltdown attack. Thus, the usage of the software
patches as a counter measure does not completely fix the vulnerability. The trivial counter
measure against the meltdown attack is to completely halt the out of order execution as the
root cause of this vulnerability is the out of order execution of the processor (Lee et al.,
9
SPECTRE AND MELTDOWN VULNERABILITIES
2013). The side effect of disabling this feature is that the performance of the processor
decreases. This could be devastating as the speed of the processor could not be delayed. Thus,
the adopted process was not considered as a viable solution.
The meltdown vulnerability actually exploits the race condition between the privilege
check and the instruction execution (Biswas and Karunakaran 2015). Thus, the effective
counter measure would be to serialize the instruction execution and the privilege checking
such that those instructions that do not pass the privilege checking criteria are never executed
(Lindo and Daudel 2014). However, this would cause a significant delay in the execution of
the instruction as once the instruction is fetched; the execution is delayed till the privilege
check is completed.
The most effective counter measure would be the introduction of the hard split of the
kernel space and the user space (Rojas and Hussain 2013). The hard split can be enabled in
the modern kernels through the usage of the hard split bit in the control register of the CPU.
The hard split has the potential to identify which instruction fetching would lead to the
violation of the security (Adda, Alon and Braverman 2014). Moreover, the implementation
would lead to performance degradation as well as backward compatibility is also ensured as
there are no provisions for the default setting of the hard split bit and can only be set by the
kernel.
KAISER
The hardware patching is a challenging task thus, the software patching was
implemented. A software patch known as KAISER was introduced such that the kernel was
not mapped to the user processes. This modification prevents the side channel attack as well
as meltdown attacks. It is a software measure to prevent the meltdown attacks as it ensures
that there exists no valid mapping to kernel space to the user space. However, the architecture
SPECTRE AND MELTDOWN VULNERABILITIES
2013). The side effect of disabling this feature is that the performance of the processor
decreases. This could be devastating as the speed of the processor could not be delayed. Thus,
the adopted process was not considered as a viable solution.
The meltdown vulnerability actually exploits the race condition between the privilege
check and the instruction execution (Biswas and Karunakaran 2015). Thus, the effective
counter measure would be to serialize the instruction execution and the privilege checking
such that those instructions that do not pass the privilege checking criteria are never executed
(Lindo and Daudel 2014). However, this would cause a significant delay in the execution of
the instruction as once the instruction is fetched; the execution is delayed till the privilege
check is completed.
The most effective counter measure would be the introduction of the hard split of the
kernel space and the user space (Rojas and Hussain 2013). The hard split can be enabled in
the modern kernels through the usage of the hard split bit in the control register of the CPU.
The hard split has the potential to identify which instruction fetching would lead to the
violation of the security (Adda, Alon and Braverman 2014). Moreover, the implementation
would lead to performance degradation as well as backward compatibility is also ensured as
there are no provisions for the default setting of the hard split bit and can only be set by the
kernel.
KAISER
The hardware patching is a challenging task thus, the software patching was
implemented. A software patch known as KAISER was introduced such that the kernel was
not mapped to the user processes. This modification prevents the side channel attack as well
as meltdown attacks. It is a software measure to prevent the meltdown attacks as it ensures
that there exists no valid mapping to kernel space to the user space. However, the architecture
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
SPECTRE AND MELTDOWN VULNERABILITIES
of the processor requires the mapping of the user’s space to the kernel space using the Kernel
Page Table Isolation technique (Alexander, Heller and Shum 2013). Thus, do not completely
mitigate the effects of the attacks as the memory location could still be accessed from the user
space. Thus, the short term mitigation to the attacks is the utilization of the patched software.
The other counter measure could be to keep the browser as well as the software updated as it
contains the fixes for the vulnerabilities. This however reduces the speed of the processor as
well as degrades the performance of the processor. Thus no software patches are still
developed that completely mitigates the risk imparted by the meltdown vulnerability.
Moreover, both the vulnerabilities are different but both allow the illegal access of
data by the attackers such that they would obtain the secured data. The Meltdown
vulnerability was reported in the CVE-2017-5754 while the Spectre vulnerability was
reported in CVE-2017-5715 and CVE-2017-5753.
Future Impact of Spectre and Meltdown vulnerability
The Spectre and Meltdown vulnerability affects the system at the processor and the
operating system level. Moreover, it becomes practically impossible to execute the
instructions and simultaneously perform the privilege checking. Furthermore, the network
oriented attacks that executes a malicious code in the CPU also pose serious threats (More
2018). There are various counter measures to mitigate the risks posed by these attacks but,
the architecture of processors is not designed to properly implement the patches (Lipp et al.,
2018). The long term future impact would be the need for new silicon based processor.
Moreover, the instruction set architecture should also be updated such that it would include
the clear guidance regarding the security issues of the computer processor (Leiserson 2014).
Furthermore, the implementation of the patches causes the performance degradation of the
processor. Thus, the processor should be constructed in such a manner that the installation of
SPECTRE AND MELTDOWN VULNERABILITIES
of the processor requires the mapping of the user’s space to the kernel space using the Kernel
Page Table Isolation technique (Alexander, Heller and Shum 2013). Thus, do not completely
mitigate the effects of the attacks as the memory location could still be accessed from the user
space. Thus, the short term mitigation to the attacks is the utilization of the patched software.
The other counter measure could be to keep the browser as well as the software updated as it
contains the fixes for the vulnerabilities. This however reduces the speed of the processor as
well as degrades the performance of the processor. Thus no software patches are still
developed that completely mitigates the risk imparted by the meltdown vulnerability.
Moreover, both the vulnerabilities are different but both allow the illegal access of
data by the attackers such that they would obtain the secured data. The Meltdown
vulnerability was reported in the CVE-2017-5754 while the Spectre vulnerability was
reported in CVE-2017-5715 and CVE-2017-5753.
Future Impact of Spectre and Meltdown vulnerability
The Spectre and Meltdown vulnerability affects the system at the processor and the
operating system level. Moreover, it becomes practically impossible to execute the
instructions and simultaneously perform the privilege checking. Furthermore, the network
oriented attacks that executes a malicious code in the CPU also pose serious threats (More
2018). There are various counter measures to mitigate the risks posed by these attacks but,
the architecture of processors is not designed to properly implement the patches (Lipp et al.,
2018). The long term future impact would be the need for new silicon based processor.
Moreover, the instruction set architecture should also be updated such that it would include
the clear guidance regarding the security issues of the computer processor (Leiserson 2014).
Furthermore, the implementation of the patches causes the performance degradation of the
processor. Thus, the processor should be constructed in such a manner that the installation of
11
SPECTRE AND MELTDOWN VULNERABILITIES
the patches does not affect the performance of the processor. Moreover, the innovation of the
silicon based processors would incorporate the potential to curb down the risks imparted by
the Spectre and Meltdown attacks (Pieprzyk, Hardjono and Seberry 2013). The processor
should contain alternative implementation technique so as to maintain the security of the data
and to provide maximum attention to the security maintenance. The data stored in the system
are highly vulnerable to the leakage, thus more secured database needs to be adopted such
that any cases of data breaches could be mitigated and the important data is secured (Jiang et
al., 2013). The database should incorporate more security features such that data can be
properly maintained and stored. Furthermore, the database should be decentralized as it offers
more security to the data. Moreover, the cloud storage methods should be implemented as it
offers more data security and has the architecture support to prevent the loss of data. It also
incorporates the back up and the recovery techniques so as to recover the lost data.
Conclusion
Thus, with the above discussion it can be concluded that the Spectre and Meltdown
vulnerabilities imparts serious threats to the computer processor and thus, needs the prior
attention of the microprocessor vendors such as to secure the data and prevent any data
breach activities. Both the vulnerabilities namely, Spectre and Meltdown provides a pathway
to the attacker such that the attacker could access the data that he/ she is unauthorised to view
or access. Moreover, the computer programs runs in isolation and other programs or
applications are not authorized to view the instructions and data of other programs. The
vulnerabilities were recently recognized. It allows the illegal access to data from the cache
memory or the RAM. These vulnerabilities occur due to out of order execution and the
speculation execution that are ultimately aimed at leaking the personal data such as email,
passwords, pictures and other potentially valuable data. Thus, it becomes a necessity to
SPECTRE AND MELTDOWN VULNERABILITIES
the patches does not affect the performance of the processor. Moreover, the innovation of the
silicon based processors would incorporate the potential to curb down the risks imparted by
the Spectre and Meltdown attacks (Pieprzyk, Hardjono and Seberry 2013). The processor
should contain alternative implementation technique so as to maintain the security of the data
and to provide maximum attention to the security maintenance. The data stored in the system
are highly vulnerable to the leakage, thus more secured database needs to be adopted such
that any cases of data breaches could be mitigated and the important data is secured (Jiang et
al., 2013). The database should incorporate more security features such that data can be
properly maintained and stored. Furthermore, the database should be decentralized as it offers
more security to the data. Moreover, the cloud storage methods should be implemented as it
offers more data security and has the architecture support to prevent the loss of data. It also
incorporates the back up and the recovery techniques so as to recover the lost data.
Conclusion
Thus, with the above discussion it can be concluded that the Spectre and Meltdown
vulnerabilities imparts serious threats to the computer processor and thus, needs the prior
attention of the microprocessor vendors such as to secure the data and prevent any data
breach activities. Both the vulnerabilities namely, Spectre and Meltdown provides a pathway
to the attacker such that the attacker could access the data that he/ she is unauthorised to view
or access. Moreover, the computer programs runs in isolation and other programs or
applications are not authorized to view the instructions and data of other programs. The
vulnerabilities were recently recognized. It allows the illegal access to data from the cache
memory or the RAM. These vulnerabilities occur due to out of order execution and the
speculation execution that are ultimately aimed at leaking the personal data such as email,
passwords, pictures and other potentially valuable data. Thus, it becomes a necessity to
12
SPECTRE AND MELTDOWN VULNERABILITIES
implement measures to secure the data and protect the processor against such vulnerabilities.
Thus, various mitigations were developed by the researchers such as providing the patches
such as KAISER that is software mitigation against the meltdown vulnerability. The other
mitigation also includes the mitigations regarding the hardware such as isolation of the kernel
process with the user process. Moreover, the Kernel Page Table Isolation is also a mitigation
technique implemented to isolate the kernel process with the user process. Moreover, the hard
split bit also enhances the capability of the processor to control the CPU register. It can only
be changed if the hard bit is set and can only be set and reset by the kernel process. However
most of the mitigations available as the counter measure of Spectre and Meltdown
vulnerabilities does not completely guarantee the mitigation against the security issues. Thus,
certain changes are required in the architectural design such as to completely mitigate the risk
of the security issues. The future impact involves the innovation of the silicon based
processors such that the security issues are maintained properly and also such that it does not
hampers the performance of the system.
SPECTRE AND MELTDOWN VULNERABILITIES
implement measures to secure the data and protect the processor against such vulnerabilities.
Thus, various mitigations were developed by the researchers such as providing the patches
such as KAISER that is software mitigation against the meltdown vulnerability. The other
mitigation also includes the mitigations regarding the hardware such as isolation of the kernel
process with the user process. Moreover, the Kernel Page Table Isolation is also a mitigation
technique implemented to isolate the kernel process with the user process. Moreover, the hard
split bit also enhances the capability of the processor to control the CPU register. It can only
be changed if the hard bit is set and can only be set and reset by the kernel process. However
most of the mitigations available as the counter measure of Spectre and Meltdown
vulnerabilities does not completely guarantee the mitigation against the security issues. Thus,
certain changes are required in the architectural design such as to completely mitigate the risk
of the security issues. The future impact involves the innovation of the silicon based
processors such that the security issues are maintained properly and also such that it does not
hampers the performance of the system.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
13
SPECTRE AND MELTDOWN VULNERABILITIES
References
Adda, M., Aloni, D. and Braverman, A., International Business Machines Corp,
2014. Executing a kernel device driver as a user space process. U.S. Patent 8,806,511.
Alexander, G.W., Heller, L.C. and Shum, C.L.K., International Business Machines Corp,
2013. Serializing translation lookaside buffer access around address translation parameter
modification. U.S. Patent 8,433,855.
Bambauer, D.E., 2013. Ghost in the Network. U. Pa. L. Rev., 162, p.1011.
Biswas, A. and Karunakaran, S., 2015. Cybernetic modeling of Industrial Control Systems:
Towards threat analysis of critical infrastructure. arXiv preprint arXiv:1510.01861.
Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z. and Lai, T.H., 2018. SgxPectre Attacks:
Leaking Enclave Secrets via Speculative Execution. arXiv preprint arXiv:1802.09085.
Genkin, D., Pachmanov, L., Tromer, E. and Yarom, Y., 2018. Drive-by Key-Extraction
Cache Attacks from Portable Code.
Hsiao, D.K., Kerr, D.S. and Madnick, S.E., 2014. Computer security. Academic Press.
Hund, R., Willems, C. and Holz, T., 2013, May. Practical timing side channel attacks against
kernel space ASLR. In Security and Privacy (SP), 2013 IEEE Symposium on (pp. 191-205).
IEEE.
Jiang, Y., Guo, X., Li, C., Wen, H., Lei, C. and Rui, Z., 2013, October. An efficient and
secure search database scheme for cloud computing in smart grid. In Communications and
Network Security (CNS), 2013 IEEE Conference on (pp. 413-414). IEEE.
SPECTRE AND MELTDOWN VULNERABILITIES
References
Adda, M., Aloni, D. and Braverman, A., International Business Machines Corp,
2014. Executing a kernel device driver as a user space process. U.S. Patent 8,806,511.
Alexander, G.W., Heller, L.C. and Shum, C.L.K., International Business Machines Corp,
2013. Serializing translation lookaside buffer access around address translation parameter
modification. U.S. Patent 8,433,855.
Bambauer, D.E., 2013. Ghost in the Network. U. Pa. L. Rev., 162, p.1011.
Biswas, A. and Karunakaran, S., 2015. Cybernetic modeling of Industrial Control Systems:
Towards threat analysis of critical infrastructure. arXiv preprint arXiv:1510.01861.
Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z. and Lai, T.H., 2018. SgxPectre Attacks:
Leaking Enclave Secrets via Speculative Execution. arXiv preprint arXiv:1802.09085.
Genkin, D., Pachmanov, L., Tromer, E. and Yarom, Y., 2018. Drive-by Key-Extraction
Cache Attacks from Portable Code.
Hsiao, D.K., Kerr, D.S. and Madnick, S.E., 2014. Computer security. Academic Press.
Hund, R., Willems, C. and Holz, T., 2013, May. Practical timing side channel attacks against
kernel space ASLR. In Security and Privacy (SP), 2013 IEEE Symposium on (pp. 191-205).
IEEE.
Jiang, Y., Guo, X., Li, C., Wen, H., Lei, C. and Rui, Z., 2013, October. An efficient and
secure search database scheme for cloud computing in smart grid. In Communications and
Network Security (CNS), 2013 IEEE Conference on (pp. 413-414). IEEE.
14
SPECTRE AND MELTDOWN VULNERABILITIES
Jin, S., Seol, J., Huh, J. and Maeng, S., 2015, March. Hardware-Assisted Secure Resource
Accounting under a Vulnerable Hypervisor. In ACM SIGPLAN Notices (Vol. 50, No. 7, pp.
201-213). ACM.
Kathapurkar, A.H., 2016. Processor-level integration of the architectural support for
monitoring and securing the operating system kernel. The University of Texas at San
Antonio.
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher,
T., Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative
Execution. arXiv preprint arXiv:1801.01203.
Kolawa, A.K., Jakubiak, N.M., Lambert, M.L., Haaker, W. and Gandhi, N., Parasoft Corp,
2013. Detection of deadlocks or race conditions in physical systems using load testing. U.S.
Patent 8,448,148.
Lee, M., Wieland, P., Ganapathy, N., Erlingson, U., Abadi, M. and Richardson, J., Microsoft
Corp, 2013. Synchronizing split user-mode/kernel-mode device driver architecture. U.S.
Patent 8,434,098.
Leiserson, A, 2014. Side Channels and Runtime Encryption Solutions with Intel® SGX.
Lindo, J. and Daudel, J., CA Technologies Inc, 2014. Thread management to prevent race
conditions in computer programs. U.S. Patent 8,813,079.
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin,
D., Yarom, Y. and Hamburg, M., 2018. Meltdown. arXiv preprint arXiv:1801.01207.
More, A.C.Y., 2018. Security Alert!.
Pieprzyk, J., Hardjono, T. and Seberry, J., 2013. Fundamentals of computer security.
Springer Science & Business Media.
SPECTRE AND MELTDOWN VULNERABILITIES
Jin, S., Seol, J., Huh, J. and Maeng, S., 2015, March. Hardware-Assisted Secure Resource
Accounting under a Vulnerable Hypervisor. In ACM SIGPLAN Notices (Vol. 50, No. 7, pp.
201-213). ACM.
Kathapurkar, A.H., 2016. Processor-level integration of the architectural support for
monitoring and securing the operating system kernel. The University of Texas at San
Antonio.
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher,
T., Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative
Execution. arXiv preprint arXiv:1801.01203.
Kolawa, A.K., Jakubiak, N.M., Lambert, M.L., Haaker, W. and Gandhi, N., Parasoft Corp,
2013. Detection of deadlocks or race conditions in physical systems using load testing. U.S.
Patent 8,448,148.
Lee, M., Wieland, P., Ganapathy, N., Erlingson, U., Abadi, M. and Richardson, J., Microsoft
Corp, 2013. Synchronizing split user-mode/kernel-mode device driver architecture. U.S.
Patent 8,434,098.
Leiserson, A, 2014. Side Channels and Runtime Encryption Solutions with Intel® SGX.
Lindo, J. and Daudel, J., CA Technologies Inc, 2014. Thread management to prevent race
conditions in computer programs. U.S. Patent 8,813,079.
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin,
D., Yarom, Y. and Hamburg, M., 2018. Meltdown. arXiv preprint arXiv:1801.01207.
More, A.C.Y., 2018. Security Alert!.
Pieprzyk, J., Hardjono, T. and Seberry, J., 2013. Fundamentals of computer security.
Springer Science & Business Media.
15
SPECTRE AND MELTDOWN VULNERABILITIES
Rojas, J.P. and Hussain, M.M., 2013. Flexible semi‐transparent silicon (100) fabric with
high‐k/metal gate devices. physica status solidi (RRL)-Rapid Research Letters, 7(3), pp.187-
191.
Ruj, S. and Nayak, A., 2013. A decentralized security framework for data aggregation and
access control in smart grids. IEEE transactions on smart grid, 4(1), pp.196-205.
Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and
Furlani, T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329.
Wang, Y., Wei, J. and Vangury, K., 2014, January. Bring your own device security issues
and challenges. In Consumer Communications and Networking Conference (CCNC), 2014
IEEE 11th (pp. 80-85). IEEE.
Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
SPECTRE AND MELTDOWN VULNERABILITIES
Rojas, J.P. and Hussain, M.M., 2013. Flexible semi‐transparent silicon (100) fabric with
high‐k/metal gate devices. physica status solidi (RRL)-Rapid Research Letters, 7(3), pp.187-
191.
Ruj, S. and Nayak, A., 2013. A decentralized security framework for data aggregation and
access control in smart grids. IEEE transactions on smart grid, 4(1), pp.196-205.
Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and
Furlani, T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329.
Wang, Y., Wei, J. and Vangury, K., 2014, January. Bring your own device security issues
and challenges. In Consumer Communications and Networking Conference (CCNC), 2014
IEEE 11th (pp. 80-85). IEEE.
Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
1 out of 16
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.