Analysis of Spectre and Meltdown Vulnerabilities in Computer Security
VerifiedAdded on 2021/04/19
|15
|4076
|48
Report
AI Summary
This report provides a comprehensive overview of the Spectre and Meltdown vulnerabilities, two significant threats to computer security. It begins with an executive summary outlining the paper's objectives, which include explaining the effects and threats posed by these vulnerabilities, how they im...
Running head: COMPUTER SECURITY MAINTENANCE
Computer Security Maintenance
Name of the Student:
Name of the University:
Author note
Computer Security Maintenance
Name of the Student:
Name of the University:
Author note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1COMPUTER SECURITY MAINTENANCE
Executive Summary
The purpose of the paper is to provide a brief overview of the Spectre and Meltdown
vulnerabilities. The paper clearly explains the effects and threats imparted by the
vulnerabilities. It also describes the process in which these vulnerabilities have serious
impacts on the secured data and cause the leakage of the data’s. The paper also provides
mitigations to the risks imparted by the vulnerabilities. Finally, the paper provides the future
implications of the Spectre and Meltdown vulnerabilities such as introduction of new silicon
based processor in the market as well as highly secured database.
Executive Summary
The purpose of the paper is to provide a brief overview of the Spectre and Meltdown
vulnerabilities. The paper clearly explains the effects and threats imparted by the
vulnerabilities. It also describes the process in which these vulnerabilities have serious
impacts on the secured data and cause the leakage of the data’s. The paper also provides
mitigations to the risks imparted by the vulnerabilities. Finally, the paper provides the future
implications of the Spectre and Meltdown vulnerabilities such as introduction of new silicon
based processor in the market as well as highly secured database.
2COMPUTER SECURITY MAINTENANCE
Table of Contents
Introduction................................................................................................................................3
Spectre........................................................................................................................................4
Meltdown...................................................................................................................................5
Counter measures of the Spectre and Meltdown vulnerabilities................................................6
Browser related counter measures.........................................................................................6
Fixes, Patches and Kernel Modifications...............................................................................7
Predictions on the future impact of Spectre and Meltdown vulnerabilities...............................9
Conclusion................................................................................................................................10
References................................................................................................................................12
Table of Contents
Introduction................................................................................................................................3
Spectre........................................................................................................................................4
Meltdown...................................................................................................................................5
Counter measures of the Spectre and Meltdown vulnerabilities................................................6
Browser related counter measures.........................................................................................6
Fixes, Patches and Kernel Modifications...............................................................................7
Predictions on the future impact of Spectre and Meltdown vulnerabilities...............................9
Conclusion................................................................................................................................10
References................................................................................................................................12
3COMPUTER SECURITY MAINTENANCE
Introduction
Computer Security maintenance is an important aspect in the fast growing technical
world. It means safeguarding the computer resources such as maintaining the data integrity,
confidentiality and imparting access control to authorised users (Price 2018). Computer
security is the procedure by virtue of which unauthorised access to the computer data can be
blocked or denied. It presumes utmost importance as it keeps the data on the computer system
protected and secured (Almeshekah and Spafford 2014, September). There are various threats
to computer security such as Spectre and Meltdown, which have the potential to create
immense problem in computer security. The paper provides a clear overview of the various
threats to the computer system such as Spectre and Meltdown. The paper brings to light the
various impacts on the computer system due to the above mentioned threats. It describes how
these factors affect the computer security. The paper describes Spectre and Meltdown as the
two major vulnerabilities that operate at the processor level and pose serious impact on the
computer system. It also provides the way through which the Spectre and Meltdown
vulnerabilities affect the users. It also brings to light the procedure of execution of these
vulnerabilities. Moreover, the article also states the spread of the vulnerabilities and the
extent to which the people and users are affected by these vulnerabilities. The paper also
describes the possible ways to mitigate the effects of the vulnerabilities as almost all the
people around the world using computer system are vulnerable to be affected by the computer
vulnerabilities namely Spectre and Meltdown. Finally, the paper also provides future impact
of these vulnerabilities on the computer system. The article also provides the details of the
mitigation techniques and also provides the procedure in which the mitigation techniques
should be implemented so as to curb down the threats imparted by the Spectre and Meltdown
vulnerabilities. It also clarifies that due to the impact of these future vulnerabilities the design
Introduction
Computer Security maintenance is an important aspect in the fast growing technical
world. It means safeguarding the computer resources such as maintaining the data integrity,
confidentiality and imparting access control to authorised users (Price 2018). Computer
security is the procedure by virtue of which unauthorised access to the computer data can be
blocked or denied. It presumes utmost importance as it keeps the data on the computer system
protected and secured (Almeshekah and Spafford 2014, September). There are various threats
to computer security such as Spectre and Meltdown, which have the potential to create
immense problem in computer security. The paper provides a clear overview of the various
threats to the computer system such as Spectre and Meltdown. The paper brings to light the
various impacts on the computer system due to the above mentioned threats. It describes how
these factors affect the computer security. The paper describes Spectre and Meltdown as the
two major vulnerabilities that operate at the processor level and pose serious impact on the
computer system. It also provides the way through which the Spectre and Meltdown
vulnerabilities affect the users. It also brings to light the procedure of execution of these
vulnerabilities. Moreover, the article also states the spread of the vulnerabilities and the
extent to which the people and users are affected by these vulnerabilities. The paper also
describes the possible ways to mitigate the effects of the vulnerabilities as almost all the
people around the world using computer system are vulnerable to be affected by the computer
vulnerabilities namely Spectre and Meltdown. Finally, the paper also provides future impact
of these vulnerabilities on the computer system. The article also provides the details of the
mitigation techniques and also provides the procedure in which the mitigation techniques
should be implemented so as to curb down the threats imparted by the Spectre and Meltdown
vulnerabilities. It also clarifies that due to the impact of these future vulnerabilities the design
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4COMPUTER SECURITY MAINTENANCE
of processors would change with the patched Operating System. Since, these factors impart
serious threat to the computer security leading to data breaches and unauthorised data access,
the computer systems should be secured and protected.
Spectre
Spectre is a computer security vulnerability issue that mostly imparts serious threats
to the modern microprocessor. The microprocessors that are involved with the branch
prediction are affected by the spectre vulnerability. The computer program does not have
access to other computer program but with the spectre, spying on the other computer
programs have turned out to be feasible. Spectre provides pathway to the unauthorised
processes to access other programs and retrieve important information (Quinones et al.,
2017). This vulnerability mostly occurs due to branch misprediction as most of the processors
today execute speculative execution as it is fast in providing outputs. The processors were so
designed as to perform the calculations to anticipate in the background. The results of the
calculations were stored in the cache memory for faster access and minimum time
consumption. Due to the misprediction of the branch the process of speculative execution
would reveal private data to the users that are not authorised to observe those data’s (Kocher
et al., 2018). This vulnerability tricks the program by accessing and executing any arbitrary
location in the program’s memory. This further enables the attacker to view to the contents of
the memory and thus, obtaining significant data’s. Spectre is used basically for manipulating
the process in such a way that it would reveal the important data’s. The Spectre vulnerability
has serious impacts on various processors namely, Mac, Windows, iOS and Linux. The
problem covers almost all the processors thus; it becomes an utmost need to mitigate the
effects of spectre vulnerability (De Smet et al., 2014). The spectre vulnerability affects the
computer system by removing the isolation between different applications. Moreover, the
of processors would change with the patched Operating System. Since, these factors impart
serious threat to the computer security leading to data breaches and unauthorised data access,
the computer systems should be secured and protected.
Spectre
Spectre is a computer security vulnerability issue that mostly imparts serious threats
to the modern microprocessor. The microprocessors that are involved with the branch
prediction are affected by the spectre vulnerability. The computer program does not have
access to other computer program but with the spectre, spying on the other computer
programs have turned out to be feasible. Spectre provides pathway to the unauthorised
processes to access other programs and retrieve important information (Quinones et al.,
2017). This vulnerability mostly occurs due to branch misprediction as most of the processors
today execute speculative execution as it is fast in providing outputs. The processors were so
designed as to perform the calculations to anticipate in the background. The results of the
calculations were stored in the cache memory for faster access and minimum time
consumption. Due to the misprediction of the branch the process of speculative execution
would reveal private data to the users that are not authorised to observe those data’s (Kocher
et al., 2018). This vulnerability tricks the program by accessing and executing any arbitrary
location in the program’s memory. This further enables the attacker to view to the contents of
the memory and thus, obtaining significant data’s. Spectre is used basically for manipulating
the process in such a way that it would reveal the important data’s. The Spectre vulnerability
has serious impacts on various processors namely, Mac, Windows, iOS and Linux. The
problem covers almost all the processors thus; it becomes an utmost need to mitigate the
effects of spectre vulnerability (De Smet et al., 2014). The spectre vulnerability affects the
computer system by removing the isolation between different applications. Moreover, the
5COMPUTER SECURITY MAINTENANCE
spectre vulnerability aims at allowing the attackers the access to the secured data from the
Random Access Memory (RAM) of the computer system.
Meltdown
Meltdown is also computer security vulnerability similar to the Spectre vulnerability,
which has serious impacts on the IBM POWER microprocessor, Intel microprocessors and
few ARM based microprocessors. Similar to the Spectre, Meltdown also allows different
computer processes to read the entire memory inspite of being unable to do so. The
Meltdown vulnerability affects the running systems (Trippel, Lustig and Martonosi 2018). It
also has serious impacts on the recently patched version of iOS, Windows, Linux and
macOS. In addition to these, the cloud services are also affected by the meltdown
vulnerability. The meltdown vulnerability causes the computer to slow down between 5 and
30 percent in certain conditions of workload (Lipp et al., 2018). It slows down the computer
systems by allowing a process to bypass the privilege process which is done so as to
segregate those processes that are not entitled to view and access data that belongs to other
process and the operating system. Unlike the spectre, Meltdown can be used to the access the
privileged memory in the process, which the process itself would not be able to access.
Meltdown vulnerability basically exploits the race condition of the CPU. The race condition
in the CPU arises between the execution of the instruction and privilege checking, so as to
isolate the processes that are unauthorized to access the data of other process (Genkin et al.,
2018.). In this vulnerability the chip is loaded with secured data in such a way that it becomes
easy for the attacker to read those data’s later. In this vulnerability a code gets executed that
executes some attack code which leads to the loading of some secured data into the cache
memory and simultaneously, the permission check takes place in parallel. Then after, a code
spectre vulnerability aims at allowing the attackers the access to the secured data from the
Random Access Memory (RAM) of the computer system.
Meltdown
Meltdown is also computer security vulnerability similar to the Spectre vulnerability,
which has serious impacts on the IBM POWER microprocessor, Intel microprocessors and
few ARM based microprocessors. Similar to the Spectre, Meltdown also allows different
computer processes to read the entire memory inspite of being unable to do so. The
Meltdown vulnerability affects the running systems (Trippel, Lustig and Martonosi 2018). It
also has serious impacts on the recently patched version of iOS, Windows, Linux and
macOS. In addition to these, the cloud services are also affected by the meltdown
vulnerability. The meltdown vulnerability causes the computer to slow down between 5 and
30 percent in certain conditions of workload (Lipp et al., 2018). It slows down the computer
systems by allowing a process to bypass the privilege process which is done so as to
segregate those processes that are not entitled to view and access data that belongs to other
process and the operating system. Unlike the spectre, Meltdown can be used to the access the
privileged memory in the process, which the process itself would not be able to access.
Meltdown vulnerability basically exploits the race condition of the CPU. The race condition
in the CPU arises between the execution of the instruction and privilege checking, so as to
isolate the processes that are unauthorized to access the data of other process (Genkin et al.,
2018.). In this vulnerability the chip is loaded with secured data in such a way that it becomes
easy for the attacker to read those data’s later. In this vulnerability a code gets executed that
executes some attack code which leads to the loading of some secured data into the cache
memory and simultaneously, the permission check takes place in parallel. Then after, a code
6COMPUTER SECURITY MAINTENANCE
according to the data in the cache memory is executed and a side channel technique is used to
determine the value of the secured data.
Both the vulnerabilities namely, the Spectre and Meltdown vulnerabilities aims at
retrieving secured information from the computer system by allowing illegal access to the
secured data. The Spectre vulnerability was reported in CVE-2017-5753 and CVE-2017-5715
where as the Meltdown vulnerability was reported in CVE-2017-5754 (Simakov et al., 2018).
Counter measures of the Spectre and Meltdown vulnerabilities
There are various countermeasures for the effects of vulnerabilities of Spectre and
Meltdown vulnerabilities namely; browser related counter measures, various types of fixes
and patches, and isolating the kernel memory.
Browser related counter measures
The browser related counter measures of the threats posed by the Spectre and
Meltdown vulnerabilities include checking of the client software that have the potential to run
the third party code which posses the code that have the ability to counter measure the effects
of the threats imparted by Spectre and Meltdown. Moreover, sights such as Google chrome
has a specific feature known as the Site Isolation Feature that would help in reducing the risks
imparted by the Spectre and Meltdown vulnerabilities (Maisuradze and Rossow 2018).
Furthermore, the other web browsers such as Mozilla Firefox also stated that private data’s
can be obtained thus, various risk association techniques are needed and such techniques are
still under investigation. However, Google chrome’s Site Isolation Feature is potential
enough to mitigate the risks.
according to the data in the cache memory is executed and a side channel technique is used to
determine the value of the secured data.
Both the vulnerabilities namely, the Spectre and Meltdown vulnerabilities aims at
retrieving secured information from the computer system by allowing illegal access to the
secured data. The Spectre vulnerability was reported in CVE-2017-5753 and CVE-2017-5715
where as the Meltdown vulnerability was reported in CVE-2017-5754 (Simakov et al., 2018).
Counter measures of the Spectre and Meltdown vulnerabilities
There are various countermeasures for the effects of vulnerabilities of Spectre and
Meltdown vulnerabilities namely; browser related counter measures, various types of fixes
and patches, and isolating the kernel memory.
Browser related counter measures
The browser related counter measures of the threats posed by the Spectre and
Meltdown vulnerabilities include checking of the client software that have the potential to run
the third party code which posses the code that have the ability to counter measure the effects
of the threats imparted by Spectre and Meltdown. Moreover, sights such as Google chrome
has a specific feature known as the Site Isolation Feature that would help in reducing the risks
imparted by the Spectre and Meltdown vulnerabilities (Maisuradze and Rossow 2018).
Furthermore, the other web browsers such as Mozilla Firefox also stated that private data’s
can be obtained thus, various risk association techniques are needed and such techniques are
still under investigation. However, Google chrome’s Site Isolation Feature is potential
enough to mitigate the risks.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7COMPUTER SECURITY MAINTENANCE
Fixes, Patches and Kernel Modifications
Most of the industries such as Microsoft, Intel, Apple and Linux are involved in
releasing patches for the attacks such as to counter measure the effect of the attack. Most of
the organizations are involved in working to mitigate the Spectre and Meltdown
vulnerabilities including the Cloud based services such as Amazon and Google. Moreover,
the vulnerabilities do not have the potential of modifying, corrupting or deleting data but they
do pose the ability to access those data’s that they are unauthorized to view. Moreover,
releasing of security updates and deploying the mitigation to the cloud services will assist the
customers of windows against the vulnerabilities that pose a threat to the hardware chips of
Intel, ARM and AMD (Azab et al., 2016).
Moreover, changes in the code of the Operating system kernel would serve as
mitigation to meltdown vulnerability. Kernel page table Isolation patches have been
developed as mitigation to the risks imparted by the Spectre and Meltdown vulnerabilities in
the Linux kernel (Waschke 2017). Thus, the fix for the Spectre and Meltdown vulnerabilities
can occur through updates of the processor or the operating systems. It has also been found
that be fixed through updates. Thus, the systems should be updates as soon as the updated
patches are released. Moreover, the updated patches have the potential to fix the risks
imparted by the Spectre and Meltdown vulnerabilities (Chernov and Sornette 2016).
However, fixing these issues would slow down the processing speed leading to slow
performance. The long term fix of the Spectre and Meltdown vulnerabilities would require
the innovation of new processor such that processor would eliminate the risk. Moreover, the
installation of the Kernel page table isolation would slow down the processing speed of the
processor (Chen et al., 2018).
However, some features in the Intel such as Process context identifiers (PCID) was
introduced that possess the potential to speed up the processor as they were not affected by
Fixes, Patches and Kernel Modifications
Most of the industries such as Microsoft, Intel, Apple and Linux are involved in
releasing patches for the attacks such as to counter measure the effect of the attack. Most of
the organizations are involved in working to mitigate the Spectre and Meltdown
vulnerabilities including the Cloud based services such as Amazon and Google. Moreover,
the vulnerabilities do not have the potential of modifying, corrupting or deleting data but they
do pose the ability to access those data’s that they are unauthorized to view. Moreover,
releasing of security updates and deploying the mitigation to the cloud services will assist the
customers of windows against the vulnerabilities that pose a threat to the hardware chips of
Intel, ARM and AMD (Azab et al., 2016).
Moreover, changes in the code of the Operating system kernel would serve as
mitigation to meltdown vulnerability. Kernel page table Isolation patches have been
developed as mitigation to the risks imparted by the Spectre and Meltdown vulnerabilities in
the Linux kernel (Waschke 2017). Thus, the fix for the Spectre and Meltdown vulnerabilities
can occur through updates of the processor or the operating systems. It has also been found
that be fixed through updates. Thus, the systems should be updates as soon as the updated
patches are released. Moreover, the updated patches have the potential to fix the risks
imparted by the Spectre and Meltdown vulnerabilities (Chernov and Sornette 2016).
However, fixing these issues would slow down the processing speed leading to slow
performance. The long term fix of the Spectre and Meltdown vulnerabilities would require
the innovation of new processor such that processor would eliminate the risk. Moreover, the
installation of the Kernel page table isolation would slow down the processing speed of the
processor (Chen et al., 2018).
However, some features in the Intel such as Process context identifiers (PCID) was
introduced that possess the potential to speed up the processor as they were not affected by
8COMPUTER SECURITY MAINTENANCE
the updated patches. This was because the necessary information was stored in a Translation
Look aside Buffer (TLB) therefore; the rapid flushing out of the cache memory was not
required thus, increasing the speed of the processor (Pham et al.,2014). Various update
patches are released by various vendors but whether these patches are safe to use or not is
uncertain as the mitigations for the Spectre vulnerability does not work against the Meltdown
vulnerability attacks. Moreover, the Spectre vulnerability is not only a hardware issue but it
also requires a secure construction of the system that would be addressed with the help of
both hardware and software.
There are different mitigations for the Bound Check Bypass Spectre Vulnerability and
the Branch Target Injection Spectre vulnerability (Ouyang et al., 2016). For the Bound Check
Bypass Vulnerability certain changes should be implemented in the windows of the system
such as the compilation should be done again by a new compiler hence, replacing the former
compiler. In addition to this, the browser should also be hardened to block the exploitation of
the system’s data through the browser via JavaScript (Russell and Van Duren 2016).
Furthermore for the Meltdown vulnerability issue of Rogue Data Load in the Cache memory
the change required in the windows is the separation of the user mode page table and the
kernel mode page table.
Moreover, the prompt downloading and installation of the new updates should be
adopted so that the risks associated with the attacks of the Spectre and Malware
vulnerabilities could be curbed down (Sinclair 2014). Furthermore, unrecognised hyperlinks
and websites should not be visited as they may contain the Spectre and Meltdown
vulnerabilities. In addition to the above stated counter measures against the Spectre and
Meltdown vulnerabilities the users should also avoid downloading of files and applications
form unknown and unrecognised sources as the files or applications would be a malicious one
containing the malware that would pose threat to the computer system (Pescaroli and
the updated patches. This was because the necessary information was stored in a Translation
Look aside Buffer (TLB) therefore; the rapid flushing out of the cache memory was not
required thus, increasing the speed of the processor (Pham et al.,2014). Various update
patches are released by various vendors but whether these patches are safe to use or not is
uncertain as the mitigations for the Spectre vulnerability does not work against the Meltdown
vulnerability attacks. Moreover, the Spectre vulnerability is not only a hardware issue but it
also requires a secure construction of the system that would be addressed with the help of
both hardware and software.
There are different mitigations for the Bound Check Bypass Spectre Vulnerability and
the Branch Target Injection Spectre vulnerability (Ouyang et al., 2016). For the Bound Check
Bypass Vulnerability certain changes should be implemented in the windows of the system
such as the compilation should be done again by a new compiler hence, replacing the former
compiler. In addition to this, the browser should also be hardened to block the exploitation of
the system’s data through the browser via JavaScript (Russell and Van Duren 2016).
Furthermore for the Meltdown vulnerability issue of Rogue Data Load in the Cache memory
the change required in the windows is the separation of the user mode page table and the
kernel mode page table.
Moreover, the prompt downloading and installation of the new updates should be
adopted so that the risks associated with the attacks of the Spectre and Malware
vulnerabilities could be curbed down (Sinclair 2014). Furthermore, unrecognised hyperlinks
and websites should not be visited as they may contain the Spectre and Meltdown
vulnerabilities. In addition to the above stated counter measures against the Spectre and
Meltdown vulnerabilities the users should also avoid downloading of files and applications
form unknown and unrecognised sources as the files or applications would be a malicious one
containing the malware that would pose threat to the computer system (Pescaroli and
9COMPUTER SECURITY MAINTENANCE
Alexander 2017). However, the required security updates must be downloaded. Initially, the
antivirus software update should be done which should be followed by the installation of the
operating system and the firmware update. It is also recommended to install the monthly
updates such that the devices are secured and up to date. Once, the system updates are over,
the server should also be updated so as to ensure complete security. This updation could be
ensured by executing the regular package manager such that it can download the latest
version of the kernel and then the device is rebooted such that it can switch to the new
installed patched code.
Predictions on the future impact of Spectre and Meltdown vulnerabilities
The Spectre and Meltdown vulnerabilities act as malware and affects adversely to
almost all the available processors such as Intel, Windows, Linux and others. These
vulnerabilities affect numerous modern day processors there by allowing the access to
secured data in the computer memory. The processor design is constructed in such a way that
the performance of the processor is optimized and enhanced, but due to these changes the
attackers take advantages and steal secured data from the system (Geelen 2016). The attacks
become feasible due to the Spectre and Meltdown vulnerabilities. The working procedures of
both the vulnerabilities are different as the Spectre vulnerability progresses with the
misprediction of the branch statement where as the Meltdown vulnerability progresses by
reading a different memory location and viewing the contents that the user is unauthorized to
access (Quinones et al., 2017). The two vulnerabilities lead to immense loss of data such as
passwords, messages, important information. They directly affect the processor of the
computer system, though the counter measure for the threat posed in updation in the
processor, but a complete new processor should be developed that would completely mitigate
the threats as no updation has the potential of completely eliminating the risk of Spectre and
Alexander 2017). However, the required security updates must be downloaded. Initially, the
antivirus software update should be done which should be followed by the installation of the
operating system and the firmware update. It is also recommended to install the monthly
updates such that the devices are secured and up to date. Once, the system updates are over,
the server should also be updated so as to ensure complete security. This updation could be
ensured by executing the regular package manager such that it can download the latest
version of the kernel and then the device is rebooted such that it can switch to the new
installed patched code.
Predictions on the future impact of Spectre and Meltdown vulnerabilities
The Spectre and Meltdown vulnerabilities act as malware and affects adversely to
almost all the available processors such as Intel, Windows, Linux and others. These
vulnerabilities affect numerous modern day processors there by allowing the access to
secured data in the computer memory. The processor design is constructed in such a way that
the performance of the processor is optimized and enhanced, but due to these changes the
attackers take advantages and steal secured data from the system (Geelen 2016). The attacks
become feasible due to the Spectre and Meltdown vulnerabilities. The working procedures of
both the vulnerabilities are different as the Spectre vulnerability progresses with the
misprediction of the branch statement where as the Meltdown vulnerability progresses by
reading a different memory location and viewing the contents that the user is unauthorized to
access (Quinones et al., 2017). The two vulnerabilities lead to immense loss of data such as
passwords, messages, important information. They directly affect the processor of the
computer system, though the counter measure for the threat posed in updation in the
processor, but a complete new processor should be developed that would completely mitigate
the threats as no updation has the potential of completely eliminating the risk of Spectre and
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10COMPUTER SECURITY MAINTENANCE
Meltdown vulnerabilities. Thus, these vulnerabilities will lead to the innovation of new
processors. The security of the data in the coming future is in danger as today none of the
processor are able to mitigate the risks imparted by the vulnerability. Moreover, the processor
developed would have the counter effect of performance degradation (Watson et al., 2018).
Moreover, the attacks on the computers have also increased as the information was leaked
and cases of attacks will further increase in the near future till the complete mitigation for the
malware is not constructed. Furthermore, the reduction in the security maintenance the future
would encounter an increment in the number of attacks. This will lead to the establishment of
more secured database. Moreover, the attacks of the Spectre and Meltdown would have a
long term existence that demands the innovation of new silicon based processors that would
have the potential to curb down the threats posed by the Spectre and Meltdown vulnerabilities
(Kim et al., 2016). Moreover, the new processors would require alternative implementation
implementing security in the first place. However, the newly implemented software and the
processor would suffer a setback of slow speed and a decrement of performance (Simakov et
al., 2018). Moreover, the databases should be incorporated with decentralised database and
more security features should be incorporated within it.
Conclusion
Thus, with the above discussion it can be concluded that the Spectre and Meltdown
vulnerabilities directly affect the computer users by allowing the illegal access of the
important and secured information with the cache memory or from the random access
memory. The two vulnerabilities were reported recently and impart severe impacts on almost
all the existing processors. The Spectre vulnerabilities occur due to the misprediction of the
branching statement allowing the attackers to view such information or data that they are not
authorized to view. The stolen information includes personal data such as passwords, emails,
Meltdown vulnerabilities. Thus, these vulnerabilities will lead to the innovation of new
processors. The security of the data in the coming future is in danger as today none of the
processor are able to mitigate the risks imparted by the vulnerability. Moreover, the processor
developed would have the counter effect of performance degradation (Watson et al., 2018).
Moreover, the attacks on the computers have also increased as the information was leaked
and cases of attacks will further increase in the near future till the complete mitigation for the
malware is not constructed. Furthermore, the reduction in the security maintenance the future
would encounter an increment in the number of attacks. This will lead to the establishment of
more secured database. Moreover, the attacks of the Spectre and Meltdown would have a
long term existence that demands the innovation of new silicon based processors that would
have the potential to curb down the threats posed by the Spectre and Meltdown vulnerabilities
(Kim et al., 2016). Moreover, the new processors would require alternative implementation
implementing security in the first place. However, the newly implemented software and the
processor would suffer a setback of slow speed and a decrement of performance (Simakov et
al., 2018). Moreover, the databases should be incorporated with decentralised database and
more security features should be incorporated within it.
Conclusion
Thus, with the above discussion it can be concluded that the Spectre and Meltdown
vulnerabilities directly affect the computer users by allowing the illegal access of the
important and secured information with the cache memory or from the random access
memory. The two vulnerabilities were reported recently and impart severe impacts on almost
all the existing processors. The Spectre vulnerabilities occur due to the misprediction of the
branching statement allowing the attackers to view such information or data that they are not
authorized to view. The stolen information includes personal data such as passwords, emails,
11COMPUTER SECURITY MAINTENANCE
photographs and many other data. Patching of the operating system serves as a mitigation of
the vulnerability as running the programs on an unpatched operating system would lead to the
leakage of the important and sensitive information. The Meltdown vulnerability exploitation
allows the attacker to gain access on the data in the computer by running a program that
would reveal such data that would be only accessed by other program or administrators. The
researchers have innovated ways to mitigate the effects of the above stated vulnerabilities.
The risks of the vulnerabilities could be avoided by timely updating the system software as
the update patches are released. One should always update the antivirus package as it helps to
protect the system against such vulnerabilities. Moreover, the browser should also be kept
updated JavaScript serves as a dangerous vector that is highly susceptible for the Spectre
vulnerability attack. However, the updation of the patches causes a decrease in the
performance of the computer processor as the background processes operate in slow speed.
In addition to it, the usage of the Kernel Page Table Isolation method (KPTI) also ensures to
mitigate the threats imparted by the Meltdown vulnerability. However, the updated patches
and the KPTI method do not possess the potential to completely mitigate the risk imparted by
the spectre and the meltdown vulnerability. The researchers are in a continuous process to
devise a way to completely mitigate the risks. Moreover, the future predictions include the
usage of the silicon based processors and a more secured database such as a centralised
database should be implemented.
photographs and many other data. Patching of the operating system serves as a mitigation of
the vulnerability as running the programs on an unpatched operating system would lead to the
leakage of the important and sensitive information. The Meltdown vulnerability exploitation
allows the attacker to gain access on the data in the computer by running a program that
would reveal such data that would be only accessed by other program or administrators. The
researchers have innovated ways to mitigate the effects of the above stated vulnerabilities.
The risks of the vulnerabilities could be avoided by timely updating the system software as
the update patches are released. One should always update the antivirus package as it helps to
protect the system against such vulnerabilities. Moreover, the browser should also be kept
updated JavaScript serves as a dangerous vector that is highly susceptible for the Spectre
vulnerability attack. However, the updation of the patches causes a decrease in the
performance of the computer processor as the background processes operate in slow speed.
In addition to it, the usage of the Kernel Page Table Isolation method (KPTI) also ensures to
mitigate the threats imparted by the Meltdown vulnerability. However, the updated patches
and the KPTI method do not possess the potential to completely mitigate the risk imparted by
the spectre and the meltdown vulnerability. The researchers are in a continuous process to
devise a way to completely mitigate the risks. Moreover, the future predictions include the
usage of the silicon based processors and a more secured database such as a centralised
database should be implemented.
12COMPUTER SECURITY MAINTENANCE
References
Almeshekah, M.H. and Spafford, E.H., 2014, September. Planning and integrating deception
into computer security defenses. In Proceedings of the 2014 New Security Paradigms
Workshop (pp. 127-138). ACM.
Azab, A.M., Swidowski, K., Bhutkar, R., Ma, J., Shen, W., Wang, R. and Ning, P., 2016.
SKEE: A lightweight Secure Kernel-level Execution Environment for ARM. In NDSS.
Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z. and Lai, T.H., 2018. SgxPectre Attacks:
Leaking Enclave Secrets via Speculative Execution. arXiv preprint arXiv:1802.09085.
Chernov, D. and Sornette, D., 2016. Major On-going Cases with Information Concealment
Practice. In Man-made Catastrophes and Risk Information Concealment (pp. 281-336).
Springer, Cham.
De Smet, I., Cenci, J., Laplume, D. and Becue, V., 2014. Analysis of the spectre of urban
density from the perspective of compactness of forms: a response to a new urban
vulnerability. In 9° Congresso Città e Territorio Virtuale, Roma, 2, 3 e 4 ottobre 2013 (pp.
367-372). Università degli Studi Roma Tre.
Geelen, M., 2016. Cyber Securitization and Security Policy. The impact of the Discursive
Construction of Computer Security on (National) Security Policymaking in the
Netherlands (Master's thesis).
Genkin, D., Pachmanov, L., Tromer, E. and Yarom, Y., 2018. Drive-by Key-Extraction
Cache Attacks from Portable Code.
Kim, T., Sun, Z., Cook, C., Gaddipati, J., Wang, H., Chen, H. and Tan, S.X.D., 2016,
November. Dynamic reliability management for near-threshold dark silicon processors.
References
Almeshekah, M.H. and Spafford, E.H., 2014, September. Planning and integrating deception
into computer security defenses. In Proceedings of the 2014 New Security Paradigms
Workshop (pp. 127-138). ACM.
Azab, A.M., Swidowski, K., Bhutkar, R., Ma, J., Shen, W., Wang, R. and Ning, P., 2016.
SKEE: A lightweight Secure Kernel-level Execution Environment for ARM. In NDSS.
Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z. and Lai, T.H., 2018. SgxPectre Attacks:
Leaking Enclave Secrets via Speculative Execution. arXiv preprint arXiv:1802.09085.
Chernov, D. and Sornette, D., 2016. Major On-going Cases with Information Concealment
Practice. In Man-made Catastrophes and Risk Information Concealment (pp. 281-336).
Springer, Cham.
De Smet, I., Cenci, J., Laplume, D. and Becue, V., 2014. Analysis of the spectre of urban
density from the perspective of compactness of forms: a response to a new urban
vulnerability. In 9° Congresso Città e Territorio Virtuale, Roma, 2, 3 e 4 ottobre 2013 (pp.
367-372). Università degli Studi Roma Tre.
Geelen, M., 2016. Cyber Securitization and Security Policy. The impact of the Discursive
Construction of Computer Security on (National) Security Policymaking in the
Netherlands (Master's thesis).
Genkin, D., Pachmanov, L., Tromer, E. and Yarom, Y., 2018. Drive-by Key-Extraction
Cache Attacks from Portable Code.
Kim, T., Sun, Z., Cook, C., Gaddipati, J., Wang, H., Chen, H. and Tan, S.X.D., 2016,
November. Dynamic reliability management for near-threshold dark silicon processors.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13COMPUTER SECURITY MAINTENANCE
In Proceedings of the 35th International Conference on Computer-Aided Design (p. 70).
ACM.
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher,
T., Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative
Execution. arXiv preprint arXiv:1801.01203.
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin,
D., Yarom, Y. and Hamburg, M., 2018. Meltdown. arXiv preprint arXiv:1801.01207.
Maisuradze, G. and Rossow, C., 2018. Speculose: Analyzing the Security Implications of
Speculative Execution in CPUs. arXiv preprint arXiv:1801.04084.
Ouyang, J., Kocoloski, B., Lange, J.R. and Pedretti, K., 2015, June. Achieving performance
isolation with lightweight co-kernels. In Proceedings of the 24th International Symposium on
High-Performance Parallel and Distributed Computing (pp. 149-160). ACM.
Pescaroli, G. and Alexander, D., 2017. Critical infrastructure, panarchies and the
vulnerability paths of cascading disasters. Natural Hazards, 82(1), pp.175-192.
Pham, B., Bhattacharjee, A., Eckert, Y. and Loh, G.H., 2014, February. Increasing TLB reach
by exploiting clustering in page translations. In High Performance Computer Architecture
(HPCA), 2014 IEEE 20th International Symposium on (pp. 558-567). IEEE.
Price, K., 2018. Computer Security for Home Users and Small Businesses for the Department
of Homeland Security.
Quinones, L., Paz, J., Anderson, R.S. and Wright, V.L., 2017. Cyber-Informed
Engineering (No. INL/EXT-16-40099). Idaho National Laboratory (INL), Idaho Falls, ID
(United States).
In Proceedings of the 35th International Conference on Computer-Aided Design (p. 70).
ACM.
Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher,
T., Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative
Execution. arXiv preprint arXiv:1801.01203.
Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin,
D., Yarom, Y. and Hamburg, M., 2018. Meltdown. arXiv preprint arXiv:1801.01207.
Maisuradze, G. and Rossow, C., 2018. Speculose: Analyzing the Security Implications of
Speculative Execution in CPUs. arXiv preprint arXiv:1801.04084.
Ouyang, J., Kocoloski, B., Lange, J.R. and Pedretti, K., 2015, June. Achieving performance
isolation with lightweight co-kernels. In Proceedings of the 24th International Symposium on
High-Performance Parallel and Distributed Computing (pp. 149-160). ACM.
Pescaroli, G. and Alexander, D., 2017. Critical infrastructure, panarchies and the
vulnerability paths of cascading disasters. Natural Hazards, 82(1), pp.175-192.
Pham, B., Bhattacharjee, A., Eckert, Y. and Loh, G.H., 2014, February. Increasing TLB reach
by exploiting clustering in page translations. In High Performance Computer Architecture
(HPCA), 2014 IEEE 20th International Symposium on (pp. 558-567). IEEE.
Price, K., 2018. Computer Security for Home Users and Small Businesses for the Department
of Homeland Security.
Quinones, L., Paz, J., Anderson, R.S. and Wright, V.L., 2017. Cyber-Informed
Engineering (No. INL/EXT-16-40099). Idaho National Laboratory (INL), Idaho Falls, ID
(United States).
14COMPUTER SECURITY MAINTENANCE
Russell, B. and Van Duren, D., 2016. Practical Internet of Things Security. Packt Publishing
Ltd.
Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and
Furlani, T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329.
Sinclair, S., 2014. Access control in and for the real world. Dartmouth College.
Trippel, C., Lustig, D. and Martonosi, M., 2018. MeltdownPrime and SpectrePrime:
Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence
Protocols. arXiv preprint arXiv:1802.03802.
Waschke, M., 2017. Your Computer Is a Target. In Personal Cybersecurity (pp. 81-101).
Apress, Berkeley, CA.
Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
Russell, B. and Van Duren, D., 2016. Practical Internet of Things Security. Packt Publishing
Ltd.
Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and
Furlani, T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329.
Sinclair, S., 2014. Access control in and for the real world. Dartmouth College.
Trippel, C., Lustig, D. and Martonosi, M., 2018. MeltdownPrime and SpectrePrime:
Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence
Protocols. arXiv preprint arXiv:1802.03802.
Waschke, M., 2017. Your Computer Is a Target. In Personal Cybersecurity (pp. 81-101).
Apress, Berkeley, CA.
Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability
Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre
Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.
1 out of 15
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.