Comprehensive Analysis of Cybersecurity: Meltdown and Spectre Report
VerifiedAdded on 2022/08/26
|11
|3042
|21
Report
AI Summary
This report provides a detailed analysis of Meltdown and Spectre vulnerabilities, two significant hardware security flaws affecting Intel x86, ARM-based, and IBM POWER processors. The report explains the nature of these vulnerabilities, which allow unauthorized memory access and data breaches, and their impact on various systems, including personal computers, cloud services, and mobile devices. It explores examples of how these vulnerabilities can be exploited, such as through side-channel cache attacks, and discusses potential solutions and mitigation strategies, including software patches like Kernel Page Table Isolation (KPTI) and branch target injection. The report highlights the challenges in addressing these vulnerabilities and the ongoing efforts to redesign processors and implement hardware and firmware mitigations to enhance cybersecurity. The report emphasizes the importance of staying updated with software updates and avoiding untrusted sources to protect against these threats.
Running head: CYBERSECURITY
Cyber Security: Meltdown and Spectre Vulnerabilities
Name of the Student
Name of the University
Author’s Note:
Cyber Security: Meltdown and Spectre Vulnerabilities
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
CYBERSECURITY
Table of Contents
1. Introduction............................................................................................................................2
2. Discussion..............................................................................................................................2
2.1 Explanation of Meltdown and Spectre Vulnerabilities....................................................2
2.2 Examples of the Vulnerabilities with Probable Solutions to eradicate them...................5
3. Conclusion..............................................................................................................................7
References..................................................................................................................................9
CYBERSECURITY
Table of Contents
1. Introduction............................................................................................................................2
2. Discussion..............................................................................................................................2
2.1 Explanation of Meltdown and Spectre Vulnerabilities....................................................2
2.2 Examples of the Vulnerabilities with Probable Solutions to eradicate them...................5
3. Conclusion..............................................................................................................................7
References..................................................................................................................................9
2
CYBERSECURITY
1. Introduction
Cybersecurity can be referred to the subsequent practice to protect different system,
network as well as a program from digitalized attack [1]. Such distinct cyber attacks are
generally aimed at accessing, altering and even manipulating confidential data or subsequent
interruption of the usual business procedures. Successful deployment of an efficient measure
for cybersecurity is highly challenging since there exist numerous devices, in comparison to
the individuals and the attackers are eventually becoming more creative. A successful
approach for cybersecurity ultimately consists of different protection layers that are being
spread across the systems, datum and network that one intends to keep safe.
The subsequent technologies, processes and people in a company are required to be
saved after creating an effective defence from the cyber attacks. There are several types of
vulnerabilities present in the cyber world, which are responsible for bringing significant
issues in the systems and processes [2]. One of such famous and considerable type of
vulnerability is Meltdown and Spectre that could be extremely vulnerable for the organization
and business. The following report will be outlining a detailed analysis of the meltdown and
spectre vulnerabilities with proper examples and suitable solutions for these threats.
2. Discussion
2.1 Explanation of Meltdown and Spectre Vulnerabilities
Cybersecurity threats and vulnerabilities are responsible for conducting attacks on
systems, networks and data for the core purpose of gaining any type of unauthorized and
unauthenticated accessibility, disruption, damages and stealing the asset of information
technology assets, intellectual properties and computer networks and other forms of
confidential data [3]. These cybersecurity vulnerabilities are required to be eradicated on time
so that maximum advantages are gained, and the respective assets and resources are secured
CYBERSECURITY
1. Introduction
Cybersecurity can be referred to the subsequent practice to protect different system,
network as well as a program from digitalized attack [1]. Such distinct cyber attacks are
generally aimed at accessing, altering and even manipulating confidential data or subsequent
interruption of the usual business procedures. Successful deployment of an efficient measure
for cybersecurity is highly challenging since there exist numerous devices, in comparison to
the individuals and the attackers are eventually becoming more creative. A successful
approach for cybersecurity ultimately consists of different protection layers that are being
spread across the systems, datum and network that one intends to keep safe.
The subsequent technologies, processes and people in a company are required to be
saved after creating an effective defence from the cyber attacks. There are several types of
vulnerabilities present in the cyber world, which are responsible for bringing significant
issues in the systems and processes [2]. One of such famous and considerable type of
vulnerability is Meltdown and Spectre that could be extremely vulnerable for the organization
and business. The following report will be outlining a detailed analysis of the meltdown and
spectre vulnerabilities with proper examples and suitable solutions for these threats.
2. Discussion
2.1 Explanation of Meltdown and Spectre Vulnerabilities
Cybersecurity threats and vulnerabilities are responsible for conducting attacks on
systems, networks and data for the core purpose of gaining any type of unauthorized and
unauthenticated accessibility, disruption, damages and stealing the asset of information
technology assets, intellectual properties and computer networks and other forms of
confidential data [3]. These cybersecurity vulnerabilities are required to be eradicated on time
so that maximum advantages are gained, and the respective assets and resources are secured
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
CYBERSECURITY
eventually. The most common examples of cyber threats include malware, spyware phishing
attack, distributed denial of service attacks, ransomware, zero-day exploits, advanced level
persistent threats, Trojan horses, wiper attacks, theft of intellectual properties, data
destruction, manipulation of data, man in the middle attacks, rogue software, unpatched
software and many more. These risks are present in almost every company and are not always
under the direct control of the IT security team. The increasing globalized connection and
utilization of cloud services are the reasons for the more significant attack vector and are
needed to be attended on a priority basis.
Meltdown and Spectre are a specific hardware vulnerabilities that affect the Intel x86
microprocessor, few of the ARM-based microprocessor and IBM POWER processor [4].
This particular vulnerability enables a rogue procedure for reading all memory and when it is
not being authenticated for doing so. It also impacts a wider variety of a system. During the
time of revelation, it involves every device running, however with the latest as well as
patched version of iOS as well as macOS, Linux and Windows. Several servers or different
cloud services are being afected to understand the potential majority of the smart device and
even implanted device with the help of ARM-based processor like smart TV, mobile device
and printer [5]. It also includes a wider variety of different networking apparatus.
A good software workaround to this Meltdown was being evaluated as the slowing
systems within 5% and 30% in few focussed working loads, even though the organizations
are responsible for correcting the exploitation with minimal effect from the generalized
benchmark testing [6]. It is referred to as one of the major and the most significant
vulnerability type, which has become quite common in recent days. Meltdown was eventually
issued a CVE ID of CVE 2017 5754 in January 2018. It is also referred to as Rogue Data
Cache Load or RDCL that was revealed in the subsequent conjunction with the other
exploitation, called Spectre with which it eventually segments few of the significant features.
CYBERSECURITY
eventually. The most common examples of cyber threats include malware, spyware phishing
attack, distributed denial of service attacks, ransomware, zero-day exploits, advanced level
persistent threats, Trojan horses, wiper attacks, theft of intellectual properties, data
destruction, manipulation of data, man in the middle attacks, rogue software, unpatched
software and many more. These risks are present in almost every company and are not always
under the direct control of the IT security team. The increasing globalized connection and
utilization of cloud services are the reasons for the more significant attack vector and are
needed to be attended on a priority basis.
Meltdown and Spectre are a specific hardware vulnerabilities that affect the Intel x86
microprocessor, few of the ARM-based microprocessor and IBM POWER processor [4].
This particular vulnerability enables a rogue procedure for reading all memory and when it is
not being authenticated for doing so. It also impacts a wider variety of a system. During the
time of revelation, it involves every device running, however with the latest as well as
patched version of iOS as well as macOS, Linux and Windows. Several servers or different
cloud services are being afected to understand the potential majority of the smart device and
even implanted device with the help of ARM-based processor like smart TV, mobile device
and printer [5]. It also includes a wider variety of different networking apparatus.
A good software workaround to this Meltdown was being evaluated as the slowing
systems within 5% and 30% in few focussed working loads, even though the organizations
are responsible for correcting the exploitation with minimal effect from the generalized
benchmark testing [6]. It is referred to as one of the major and the most significant
vulnerability type, which has become quite common in recent days. Meltdown was eventually
issued a CVE ID of CVE 2017 5754 in January 2018. It is also referred to as Rogue Data
Cache Load or RDCL that was revealed in the subsequent conjunction with the other
exploitation, called Spectre with which it eventually segments few of the significant features.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
CYBERSECURITY
These vulnerabilities of Meltdown, as well as Spectre, are ultimately considered as disastrous
by the security analyst [7]. These distinct vulnerabilities are highly severe, and the security
researcher has initially believed that the reports of vulnerabilities are falsified.
Various processes are present for helping to protect the host computers as well as
other associated devices from the vulnerabilities of the Meltdown and Spectre [8]. The
patches of Meltdown are responsible for producing a loss in the performances and on the
other hand, the patches of Spectre are being reported for reducing returns, majorly on the
older systems and even on the new 8th generation core platforms. As a result, the benchmark
performance was dropped to 2% to 14%, and the unwanted reboots were being reported for
the patches of Meltdown and Spectre even for the new chips of Intel [9]. Moreover, there had
been a prompt adoption of software updates and avoidance of unrecognized web sites and
hyperlinks as well as not downloading the applications and files from any type of unknown
source with secure password protocols. The current status and the possible future
consideration for resolving the vulnerabilities of the Meltdown and Spectre were required to
be considered.
During the year of 2018, Intel had reported that it would be redesigning the CPU
processor to secure against the vulnerabilities of Meltdown as well as Spectre and the
redesigned processors were needed to be released within time [10]. Intel even added
mitigations of the firmware and hardware to their latest processors for eradicating the threats
with different versions. These distinct vulnerabilities of Meltdown and Spectre exploit the
most significant risks in the modernized processes and the hardware threats enable various
programs in stealing confidential data that is being currently processed within the computer
system [11]. Although the plans do not have permission to read the datum from any other
program, a specific malware program could easily exploit the Meltdown and Spectre for the
purpose of getting into the sensitive data that are stored within the memory of another
CYBERSECURITY
These vulnerabilities of Meltdown, as well as Spectre, are ultimately considered as disastrous
by the security analyst [7]. These distinct vulnerabilities are highly severe, and the security
researcher has initially believed that the reports of vulnerabilities are falsified.
Various processes are present for helping to protect the host computers as well as
other associated devices from the vulnerabilities of the Meltdown and Spectre [8]. The
patches of Meltdown are responsible for producing a loss in the performances and on the
other hand, the patches of Spectre are being reported for reducing returns, majorly on the
older systems and even on the new 8th generation core platforms. As a result, the benchmark
performance was dropped to 2% to 14%, and the unwanted reboots were being reported for
the patches of Meltdown and Spectre even for the new chips of Intel [9]. Moreover, there had
been a prompt adoption of software updates and avoidance of unrecognized web sites and
hyperlinks as well as not downloading the applications and files from any type of unknown
source with secure password protocols. The current status and the possible future
consideration for resolving the vulnerabilities of the Meltdown and Spectre were required to
be considered.
During the year of 2018, Intel had reported that it would be redesigning the CPU
processor to secure against the vulnerabilities of Meltdown as well as Spectre and the
redesigned processors were needed to be released within time [10]. Intel even added
mitigations of the firmware and hardware to their latest processors for eradicating the threats
with different versions. These distinct vulnerabilities of Meltdown and Spectre exploit the
most significant risks in the modernized processes and the hardware threats enable various
programs in stealing confidential data that is being currently processed within the computer
system [11]. Although the plans do not have permission to read the datum from any other
program, a specific malware program could easily exploit the Meltdown and Spectre for the
purpose of getting into the sensitive data that are stored within the memory of another
5
CYBERSECURITY
running program. It includes the passwords, emails, business-related documents and many
more.
2.2 Examples of the Vulnerabilities with Probable Solutions to eradicate them
Meltdown and Spectre work on personalized computer systems, cloud and even
mobile devices. Based on different infrastructures of the cloud provider, it may get possible
to hack the data from other customers [12]. Meltdown is responsible for breaking the most
important isolation within the OS and user application. This particular attack enables a
program in retrieving the memory and hence release confidentiality of all other programs and
even the OS. When the computer system of the user comprises of a weak processor and also
runs the unpatched OS, it is not safer in working with the confidential information without
having the significant chance to leak the news, and it is applicable to both cloud infrastructure
and personal computers [13].
Spectre is responsible for breaking the isolation within various distinct application,
and it enables the attacker for tricking different error-free program that monitor the best
practice into exposing the vulnerabilities. As a result, the safety measure checks of these best
practices could quickly increment the respective attack surface and also make application
much more vulnerable to the Spectre. It is considered harder to exploit, in comparison to
Meltdown and even harder to mitigate. These vulnerabilities majorly affect the computer
chips that are manufactured in the past 20 years, and these threats were being revealed
through the published researches in the starting of 2018. These threats affected the
weaknesses in the procedure of processors managing data within the chips from larger
manufacturers, like ARM, Intel and AMB [14]. Both Meltdown and Spectre exploit
eventually allow the attackers in gaining access to the data like passwords, emails, photos and
many more.
CYBERSECURITY
running program. It includes the passwords, emails, business-related documents and many
more.
2.2 Examples of the Vulnerabilities with Probable Solutions to eradicate them
Meltdown and Spectre work on personalized computer systems, cloud and even
mobile devices. Based on different infrastructures of the cloud provider, it may get possible
to hack the data from other customers [12]. Meltdown is responsible for breaking the most
important isolation within the OS and user application. This particular attack enables a
program in retrieving the memory and hence release confidentiality of all other programs and
even the OS. When the computer system of the user comprises of a weak processor and also
runs the unpatched OS, it is not safer in working with the confidential information without
having the significant chance to leak the news, and it is applicable to both cloud infrastructure
and personal computers [13].
Spectre is responsible for breaking the isolation within various distinct application,
and it enables the attacker for tricking different error-free program that monitor the best
practice into exposing the vulnerabilities. As a result, the safety measure checks of these best
practices could quickly increment the respective attack surface and also make application
much more vulnerable to the Spectre. It is considered harder to exploit, in comparison to
Meltdown and even harder to mitigate. These vulnerabilities majorly affect the computer
chips that are manufactured in the past 20 years, and these threats were being revealed
through the published researches in the starting of 2018. These threats affected the
weaknesses in the procedure of processors managing data within the chips from larger
manufacturers, like ARM, Intel and AMB [14]. Both Meltdown and Spectre exploit
eventually allow the attackers in gaining access to the data like passwords, emails, photos and
many more.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
CYBERSECURITY
One of the most famous examples of Meltdown vulnerability is to invalidate the cache
for every address in the User Mode Attack Buffer and also read one byte from the kernel
memory to variable Kernel Data and finally reading from the User Mode attack buffer. As a
result, a side-channel cache attack occurs, and the user is unable to stop it successfully. When
a specific user application is executing it, the access to the kernel memory will trigger a
segmentation fault while reading the byte from the kernel memory for access restrictions. The
side-channel attacks can easily exploit the unwanted cache effects, and the buffer offsets of
this address read the fastest subsequently reveal the respective values of Kernel Data [15].
The malicious codes have obtained one byte of the kernel memory and the repeated
executions of such attack on various address exploit the sensitive data. The user does not get
any chance to save the data, and hence data is lost forever.
Few of the most significant and essential software patches are being introduced for
minimization of the impacts of Meltdown and Spectre vulnerabilities. However, there are
different variants of these vulnerabilities, and hence it becomes complicated to control them.
Different strategies of mitigation for understanding the level of exploitation of in the
Meltdown as well as Spectre over the big data working loads within the cloud are present and
are highly effective. There are some of the most distinct and noteworthy fixes for Meltdown.
The Linux patch is referred to as kernel page table isolation or KPTI. For ceasing Meltdown
vulnerability, KPTI can restore the fundamental security assumptions regarding kernel or user
memory isolations.
It subsequently provides every distinct application with two distinct sets of page table
and not switch within these sets for every transition related to the user to kernel and kernel to
the user. The collection of the page tables involve mapping for the kernel data while
execution of user mode, and it protects against the exploitation of Meltdown as when the
malicious users’ mode is detected even before it could cause harm to the sensitive data. The
CYBERSECURITY
One of the most famous examples of Meltdown vulnerability is to invalidate the cache
for every address in the User Mode Attack Buffer and also read one byte from the kernel
memory to variable Kernel Data and finally reading from the User Mode attack buffer. As a
result, a side-channel cache attack occurs, and the user is unable to stop it successfully. When
a specific user application is executing it, the access to the kernel memory will trigger a
segmentation fault while reading the byte from the kernel memory for access restrictions. The
side-channel attacks can easily exploit the unwanted cache effects, and the buffer offsets of
this address read the fastest subsequently reveal the respective values of Kernel Data [15].
The malicious codes have obtained one byte of the kernel memory and the repeated
executions of such attack on various address exploit the sensitive data. The user does not get
any chance to save the data, and hence data is lost forever.
Few of the most significant and essential software patches are being introduced for
minimization of the impacts of Meltdown and Spectre vulnerabilities. However, there are
different variants of these vulnerabilities, and hence it becomes complicated to control them.
Different strategies of mitigation for understanding the level of exploitation of in the
Meltdown as well as Spectre over the big data working loads within the cloud are present and
are highly effective. There are some of the most distinct and noteworthy fixes for Meltdown.
The Linux patch is referred to as kernel page table isolation or KPTI. For ceasing Meltdown
vulnerability, KPTI can restore the fundamental security assumptions regarding kernel or user
memory isolations.
It subsequently provides every distinct application with two distinct sets of page table
and not switch within these sets for every transition related to the user to kernel and kernel to
the user. The collection of the page tables involve mapping for the kernel data while
execution of user mode, and it protects against the exploitation of Meltdown as when the
malicious users’ mode is detected even before it could cause harm to the sensitive data. The
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
CYBERSECURITY
subsequent performances’ impact subsequently comes from 2 new page table and it gets
swapped over all the system calls, interruptions as well as exceptions.
Spectre is the class of exploits that are considered more vulnerable than Meltdown.
One of the major and the most famous examples of Spectre occur when Array 1 index is
lesser than Array 1 length. The value from array one is being read at the offset Array 1 index
to Array 2 index and also reading an amount from Array 2 at the offset of Array 2 Index. For
the purpose of exploiting this particular vulnerable code, the hackers should search it within a
proper victim application that they could constantly appeal from their applications with
separate values of Array 1 index [16]. In this situation, the attacker could efficiently train the
branch predictor after the repeated supply of the victim array one index values, which are
lesser than the array one length.
It eventually convinces this processor that the second supplied index would be lesser
for causing it to implement the codes speculatively. It could be mitigated by prevention of the
malicious customer’s Apache Spark job from direct appealing of the next client and also
stealing of the most confidential datum. Branch target injection is referred to another vital
and significant methodology to eradicate the issues related to Spectre exploitation. It would
help mitigate the risk of hypervisor patch, and the user would be able to save the data most
effectively. As a result, high effectiveness is gained from this mitigation technique.
3. Conclusion
Therefore, a conclusion could be drawn that cybersecurity is the collection of
different technologies, practices and procedures that are being designed for protecting the
networks, programs and data from any type of unauthorized accessibility, damage and attack.
It is incredibly vital as the government and the corporate sector remains safe and secured
without much complexity. The organizations transmit confidential data within different
CYBERSECURITY
subsequent performances’ impact subsequently comes from 2 new page table and it gets
swapped over all the system calls, interruptions as well as exceptions.
Spectre is the class of exploits that are considered more vulnerable than Meltdown.
One of the major and the most famous examples of Spectre occur when Array 1 index is
lesser than Array 1 length. The value from array one is being read at the offset Array 1 index
to Array 2 index and also reading an amount from Array 2 at the offset of Array 2 Index. For
the purpose of exploiting this particular vulnerable code, the hackers should search it within a
proper victim application that they could constantly appeal from their applications with
separate values of Array 1 index [16]. In this situation, the attacker could efficiently train the
branch predictor after the repeated supply of the victim array one index values, which are
lesser than the array one length.
It eventually convinces this processor that the second supplied index would be lesser
for causing it to implement the codes speculatively. It could be mitigated by prevention of the
malicious customer’s Apache Spark job from direct appealing of the next client and also
stealing of the most confidential datum. Branch target injection is referred to another vital
and significant methodology to eradicate the issues related to Spectre exploitation. It would
help mitigate the risk of hypervisor patch, and the user would be able to save the data most
effectively. As a result, high effectiveness is gained from this mitigation technique.
3. Conclusion
Therefore, a conclusion could be drawn that cybersecurity is the collection of
different technologies, practices and procedures that are being designed for protecting the
networks, programs and data from any type of unauthorized accessibility, damage and attack.
It is incredibly vital as the government and the corporate sector remains safe and secured
without much complexity. The organizations transmit confidential data within different
8
CYBERSECURITY
networks as well to other devices for doing businesses and even using different systems for
processing and storing the data. The cybersecurity vulnerability or threat is a specific
malicious activity, which seeks to damage the confidential data, disrupt the digitalized world
and steal data. These cyber-threats involve different computerized viruses, denial of service
attacks and data breaches. Such threats mainly occur from inside an organization by the most
trusted users and even from the remote locations by different unknown parties. The above-
provided report has appropriately described the significant analysis of meltdown and spectre
vulnerabilities with suitable examples and proper solutions to these vulnerabilities.
CYBERSECURITY
networks as well to other devices for doing businesses and even using different systems for
processing and storing the data. The cybersecurity vulnerability or threat is a specific
malicious activity, which seeks to damage the confidential data, disrupt the digitalized world
and steal data. These cyber-threats involve different computerized viruses, denial of service
attacks and data breaches. Such threats mainly occur from inside an organization by the most
trusted users and even from the remote locations by different unknown parties. The above-
provided report has appropriately described the significant analysis of meltdown and spectre
vulnerabilities with suitable examples and proper solutions to these vulnerabilities.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
CYBERSECURITY
References
[1] J., Abawajy. User preference of cyber security awareness delivery methods. Behaviour &
Information Technology, 33(3), pp.237-248. 2014.
[2] D., Craigen, N., Diakun-Thibault and R., Purse. Defining cybersecurity. Technology
Innovation Management Review, 4(10). 2014.
[3] M.D., Cavelty. Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), pp.701-715. 2014.
[4] Meltdown and Spectre. [online]. Accessed from https://meltdownattack.com/ [Accessed
on 10 January 2020]. 2020.
[5] P., Kocher, J., Horn, A., Fogh, D., Genkin, D., Gruss, W., Haas, M., Hamburg, M., Lipp,
S., Mangard, T. Prescher and M., Schwarz. Spectre attacks: Exploiting speculative execution.
In 2019 IEEE Symposium on Security and Privacy (SP) (pp. 1-19). IEEE. 2019, May.
[6] M., Lipp, M., Schwarz, D., Gruss, T., Prescher, W., Haas, S., Mangard, P., Kocher, D.,
Genkin, Y., Yarom and M., Hamburg. Meltdown. arXiv preprint arXiv:1801.01207. 2018.
[7] N.A., Simakov, M.D., Innus, M.D., Jones, J.P., White, S.M., Gallo, R.L., DeLeon and
T.R., Furlani. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329. 2018.
[8] R.N., Watson, J., Woodruff, M., Roe, S.W., Moore and P.G., Neumann Capability
hardware enhanced RISC instructions (CHERI): Notes on the Meltdown and Spectre
attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory. 2018.
[9] E.M., Koruyeh, K.N., Khasawneh, C. Song and N., Abu-Ghazaleh. Spectre returns!
speculation attacks using the return stack buffer. In 12th {USENIX} Workshop on Offensive
Technologies ({WOOT} 18). 2018.
CYBERSECURITY
References
[1] J., Abawajy. User preference of cyber security awareness delivery methods. Behaviour &
Information Technology, 33(3), pp.237-248. 2014.
[2] D., Craigen, N., Diakun-Thibault and R., Purse. Defining cybersecurity. Technology
Innovation Management Review, 4(10). 2014.
[3] M.D., Cavelty. Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), pp.701-715. 2014.
[4] Meltdown and Spectre. [online]. Accessed from https://meltdownattack.com/ [Accessed
on 10 January 2020]. 2020.
[5] P., Kocher, J., Horn, A., Fogh, D., Genkin, D., Gruss, W., Haas, M., Hamburg, M., Lipp,
S., Mangard, T. Prescher and M., Schwarz. Spectre attacks: Exploiting speculative execution.
In 2019 IEEE Symposium on Security and Privacy (SP) (pp. 1-19). IEEE. 2019, May.
[6] M., Lipp, M., Schwarz, D., Gruss, T., Prescher, W., Haas, S., Mangard, P., Kocher, D.,
Genkin, Y., Yarom and M., Hamburg. Meltdown. arXiv preprint arXiv:1801.01207. 2018.
[7] N.A., Simakov, M.D., Innus, M.D., Jones, J.P., White, S.M., Gallo, R.L., DeLeon and
T.R., Furlani. Effect of Meltdown and Spectre Patches on the Performance of HPC
Applications. arXiv preprint arXiv:1801.04329. 2018.
[8] R.N., Watson, J., Woodruff, M., Roe, S.W., Moore and P.G., Neumann Capability
hardware enhanced RISC instructions (CHERI): Notes on the Meltdown and Spectre
attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory. 2018.
[9] E.M., Koruyeh, K.N., Khasawneh, C. Song and N., Abu-Ghazaleh. Spectre returns!
speculation attacks using the return stack buffer. In 12th {USENIX} Workshop on Offensive
Technologies ({WOOT} 18). 2018.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
CYBERSECURITY
[10] K.N., Khasawneh, E.M., Koruyeh, C., Song, D., Evtyushkin, D., Ponomarev and N.,
Abu-Ghazaleh. Safespec: Banishing the Spectre of a meltdown with leakage-free speculation.
In 2019 56th ACM/IEEE Design Automation Conference (DAC) (pp. 1-6). IEEE. 2019, June.
[11] M., Lipp, M., Schwarz, D., Gruss, T., Prescher, W., Haas, A., Fogh, J., Horn, S.,
Mangard, P., Kocher, D., Genkin and Y., Yarom. Meltdown: Reading kernel memory from
user space. In 27th {USENIX} Security Symposium ({USENIX} Security 18) (pp. 973-990).
2018.
[12] T.M., Conte, E.P., DeBenedictis, A., Mendelson and D. Milojičić. Rebooting computers
to avoid Meltdown and Spectre. Computer, 51(4), pp.74-77. 2018.
[13] A., Prout, W., Arcand, D., Bestor, B., Bergeron, C., Byun, V., Gadepally, M., Houle, M.,
Hubbell, M., Jones, A., Klein and P. Michaleas. Measuring the Impact of Spectre and
Meltdown. In 2018 IEEE High Performance extreme Computing Conference (HPEC) (pp. 1-
5). IEEE. 2018, September.
[14] R., Bennett, C., Callahan, S., Jones, M., Levine, M., Miller and A. Ozment. How to live
in a post-meltdown and-spectre world. Communications of the ACM, 61(12), pp.40-44. 2018.
[15] N.,Abu-Ghazaleh, D., Ponomarev and D. Evtyushkin. How the spectre and meltdown
hacks really worked. IEEE Spectrum, 56(3), pp.42-49. 2019.
[16] S. Lueders. Computer security: Spectre and Meltdown, just the beginning?. 2018.
CYBERSECURITY
[10] K.N., Khasawneh, E.M., Koruyeh, C., Song, D., Evtyushkin, D., Ponomarev and N.,
Abu-Ghazaleh. Safespec: Banishing the Spectre of a meltdown with leakage-free speculation.
In 2019 56th ACM/IEEE Design Automation Conference (DAC) (pp. 1-6). IEEE. 2019, June.
[11] M., Lipp, M., Schwarz, D., Gruss, T., Prescher, W., Haas, A., Fogh, J., Horn, S.,
Mangard, P., Kocher, D., Genkin and Y., Yarom. Meltdown: Reading kernel memory from
user space. In 27th {USENIX} Security Symposium ({USENIX} Security 18) (pp. 973-990).
2018.
[12] T.M., Conte, E.P., DeBenedictis, A., Mendelson and D. Milojičić. Rebooting computers
to avoid Meltdown and Spectre. Computer, 51(4), pp.74-77. 2018.
[13] A., Prout, W., Arcand, D., Bestor, B., Bergeron, C., Byun, V., Gadepally, M., Houle, M.,
Hubbell, M., Jones, A., Klein and P. Michaleas. Measuring the Impact of Spectre and
Meltdown. In 2018 IEEE High Performance extreme Computing Conference (HPEC) (pp. 1-
5). IEEE. 2018, September.
[14] R., Bennett, C., Callahan, S., Jones, M., Levine, M., Miller and A. Ozment. How to live
in a post-meltdown and-spectre world. Communications of the ACM, 61(12), pp.40-44. 2018.
[15] N.,Abu-Ghazaleh, D., Ponomarev and D. Evtyushkin. How the spectre and meltdown
hacks really worked. IEEE Spectrum, 56(3), pp.42-49. 2019.
[16] S. Lueders. Computer security: Spectre and Meltdown, just the beginning?. 2018.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.