SlideShare a Scribd company logo

Spectre and meltdown

A
Aditya Kamat

A detailed session on the basic concepts and three variants of spectre and meltdown.

Technology
1 of 31
Download to read offline
Spectre and Meltdown ~ Aditya Kamat
What will be covered? ● Memory Cache ● Speculative Execution ● Branch predictor ● Meltdown ● Spectre ● Mitigations ● FAQ’s
Memory & Cache ● L1, L2, L3 levels ● Cache hit and miss.
Memory & Cache
Covert channels
Out-of-Order Execution Outside Inside
Speculative Execution ● Coffee shop analogy for easy understanding. ● Why? ○ Instructions which require reading from memory take longer. CPU idle time is a waste of resources, speculative execution is the solution.
Branch predictors ● Use fancy algorithms to predict which condition might be met. ● Speculatively execute the branch that is predicted. ● What happens when the prediction turns out to be true? ● And what happens when the prediction is wrong? ● P.S: Branch predictors are often over 99% accurate at guessing.
User Space vs Kernel Space ● Kernel space & user space are segregations of the virtual memory. ● Each process is given virtual memory which is divided into kernel & user space. ● The user space region contains data, code, stack, heap of the process. ● The kernel-space contains things such as the page table for the process, kernel data structures and kernel code, etc. ● To run kernel space code, control must shift to kernel mode(using 0x80 software interrupt for system calls) & kernel stack is basically shared among all processes currently executing in kernel space.
User Space vs Kernel Space
Spectre: Variant 1(CVE-2017-5753) ● Bounds check bypass. ● The instructions after a conditional branch are speculatively executed as the result of a misprediction.
Spectre: Variant 2(CVE-2017-5715) ● Branch target injection ● The CPU executes instructions at a location determined by a mispredicted branch target.
Spectre (Variant-2)
Spectre (Variant-2)
Meltdown: Variant 3(CVE-2017-5754) ● Rogue data cache load, memory access permission check performed after kernel memory is read. ● It leverages out-of-order execution capabilities in modern CPUs. ● Vulnerable CPUs allow memory reads in out-of-order instruction execution, and also contain a race condition between the raising of exceptions and the out-of-order instruction execution.
Countermeasures ● Spectre (Variant 1): ○ Compiler patches. ○ Use barriers (LFENCE instruction) to prevent speculation for x86 - Sequential instructions. ○ Static analysis to identify locations where attackers can control speculation. ● Spectre (Variant 2): ○ Separate BTBs(Branch Target Buffers) for each process in the Branch predictor unit. ○ Prevent BTBs across SMT(Simultaneous MultiThreading) threads.
Countermeasures ● Meltdown:
FAQ’s ● Can I detect if someone has exploited Meltdown or Spectre against me? ● Can my antivirus detect or block this attack? ● Is there a workaround/fix? ● Why is it called Meltdown? ● Why is it called Spectre? ● Can I see Meltdown in action? Check this
References ● A 3 minute video explaining speculative execution. Link ● Meltdown paper. Link ● Spectre paper. Link ● Redhat documentation. Link ● Meltdown and spectre official website. Link ● IIT-M course by Chester Robeiro: Link ● Report by CMU: Link ● Miscellaneous: Link1, Link2, Link3, Link4
Thank you

Recommended

Dosass2
Dosass2Dosass2
Dosass2ShivaliKundra
 
Mid1 Revision
Mid1 RevisionMid1 Revision
Mid1 Revisiontech2click
 
Realtime
RealtimeRealtime
RealtimeMark Veltzer
 
Real time operating systems (rtos) concepts 4
Real time operating systems (rtos) concepts 4Real time operating systems (rtos) concepts 4
Real time operating systems (rtos) concepts 4Abu Bakr Ramadan
 
Meltdown and Spectre
Meltdown and SpectreMeltdown and Spectre
Meltdown and Spectreyeokm1
 
Real time operating systems (rtos) concepts 9
Real time operating systems (rtos) concepts 9Real time operating systems (rtos) concepts 9
Real time operating systems (rtos) concepts 9Abu Bakr Ramadan
 
Virtual Machine Introspection with Xen
Virtual Machine Introspection with XenVirtual Machine Introspection with Xen
Virtual Machine Introspection with XenTamas K Lengyel
 
Hardware Assisted Latency Investigations
Hardware Assisted Latency InvestigationsHardware Assisted Latency Investigations
Hardware Assisted Latency InvestigationsScyllaDB
 

Recommended

Dosass2
Dosass2Dosass2
Dosass2ShivaliKundra
 
Mid1 Revision
Mid1 RevisionMid1 Revision
Mid1 Revisiontech2click
 
Realtime
RealtimeRealtime
RealtimeMark Veltzer
 
Real time operating systems (rtos) concepts 4
Real time operating systems (rtos) concepts 4Real time operating systems (rtos) concepts 4
Real time operating systems (rtos) concepts 4Abu Bakr Ramadan
 
Meltdown and Spectre
Meltdown and SpectreMeltdown and Spectre
Meltdown and Spectreyeokm1
 
Real time operating systems (rtos) concepts 9
Real time operating systems (rtos) concepts 9Real time operating systems (rtos) concepts 9
Real time operating systems (rtos) concepts 9Abu Bakr Ramadan
 
Virtual Machine Introspection with Xen
Virtual Machine Introspection with XenVirtual Machine Introspection with Xen
Virtual Machine Introspection with XenTamas K Lengyel
 
Hardware Assisted Latency Investigations
Hardware Assisted Latency InvestigationsHardware Assisted Latency Investigations
Hardware Assisted Latency InvestigationsScyllaDB
 
An Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelAn Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelSeongJae Park
 
ch2.pptx
ch2.pptxch2.pptx
ch2.pptxHalogens
 
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]RootedCON
 
HPP Week 1 Summary
HPP Week 1 SummaryHPP Week 1 Summary
HPP Week 1 SummaryPipat Methavanitpong
 
cachegrand: A Take on High Performance Caching
cachegrand: A Take on High Performance Cachingcachegrand: A Take on High Performance Caching
cachegrand: A Take on High Performance CachingScyllaDB
 
8051-microcontroller
8051-microcontroller8051-microcontroller
8051-microcontrollerjhcid
 
Computer Organization: Introduction to Microprocessor and Microcontroller
Computer Organization: Introduction to Microprocessor and MicrocontrollerComputer Organization: Introduction to Microprocessor and Microcontroller
Computer Organization: Introduction to Microprocessor and MicrocontrollerAmrutaMehata
 
Java under the hood
Java under the hoodJava under the hood
Java under the hoodVachagan Balayan
 
Linux Kernel Memory Model
Linux Kernel Memory ModelLinux Kernel Memory Model
Linux Kernel Memory ModelSeongJae Park
 
Gcc opt
Gcc optGcc opt
Gcc optMark Veltzer
 
computer devices and memory unit 2 notes.pdf
computer devices and memory unit 2 notes.pdfcomputer devices and memory unit 2 notes.pdf
computer devices and memory unit 2 notes.pdfshubhangisonawane6
 
Java Memory Model
Java Memory ModelJava Memory Model
Java Memory ModelŁukasz Koniecki
 
08. Central Processing Unit (CPU)
08. Central Processing Unit (CPU)08. Central Processing Unit (CPU)
08. Central Processing Unit (CPU)Akhila Dakshina
 
Caching in
Caching inCaching in
Caching inRichardWarburton
 
The Silence of the Canaries
The Silence of the CanariesThe Silence of the Canaries
The Silence of the CanariesKernel TLV
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking MechanismsKernel TLV
 
Embedded_System_wireless_Technolgy_with_Microcontrollers
Embedded_System_wireless_Technolgy_with_MicrocontrollersEmbedded_System_wireless_Technolgy_with_Microcontrollers
Embedded_System_wireless_Technolgy_with_Microcontrollersdundappabhangari
 
Windows kernel
Windows kernelWindows kernel
Windows kernelSisimon Soman
 
Affect of parallel computing on multicore processors
Affect of parallel computing on multicore processorsAffect of parallel computing on multicore processors
Affect of parallel computing on multicore processorscsandit
 
AFFECT OF PARALLEL COMPUTING ON MULTICORE PROCESSORS
AFFECT OF PARALLEL COMPUTING ON MULTICORE PROCESSORSAFFECT OF PARALLEL COMPUTING ON MULTICORE PROCESSORS
AFFECT OF PARALLEL COMPUTING ON MULTICORE PROCESSORScscpconf
 
Load Balancing Algorithms - Which one to choose?
Load Balancing Algorithms - Which one to choose?Load Balancing Algorithms - Which one to choose?
Load Balancing Algorithms - Which one to choose?Aditya Kamat
 
Cryptography 101
Cryptography 101Cryptography 101
Cryptography 101Aditya Kamat
 

More Related Content

Similar to Spectre and meltdown

An Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelAn Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelSeongJae Park
 
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]RootedCON
 
cachegrand: A Take on High Performance Caching
cachegrand: A Take on High Performance Cachingcachegrand: A Take on High Performance Caching
cachegrand: A Take on High Performance CachingScyllaDB
 
8051-microcontroller
8051-microcontroller8051-microcontroller
8051-microcontrollerjhcid
 
Computer Organization: Introduction to Microprocessor and Microcontroller
Computer Organization: Introduction to Microprocessor and MicrocontrollerComputer Organization: Introduction to Microprocessor and Microcontroller
Computer Organization: Introduction to Microprocessor and MicrocontrollerAmrutaMehata
 
Linux Kernel Memory Model
Linux Kernel Memory ModelLinux Kernel Memory Model
Linux Kernel Memory ModelSeongJae Park
 
computer devices and memory unit 2 notes.pdf
computer devices and memory unit 2 notes.pdfcomputer devices and memory unit 2 notes.pdf
computer devices and memory unit 2 notes.pdfshubhangisonawane6
 
08. Central Processing Unit (CPU)
08. Central Processing Unit (CPU)08. Central Processing Unit (CPU)
08. Central Processing Unit (CPU)Akhila Dakshina
 
The Silence of the Canaries
The Silence of the CanariesThe Silence of the Canaries
The Silence of the CanariesKernel TLV
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking MechanismsKernel TLV
 
Embedded_System_wireless_Technolgy_with_Microcontrollers
Embedded_System_wireless_Technolgy_with_MicrocontrollersEmbedded_System_wireless_Technolgy_with_Microcontrollers
Embedded_System_wireless_Technolgy_with_Microcontrollersdundappabhangari
 
Affect of parallel computing on multicore processors
Affect of parallel computing on multicore processorsAffect of parallel computing on multicore processors
Affect of parallel computing on multicore processorscsandit
 
AFFECT OF PARALLEL COMPUTING ON MULTICORE PROCESSORS
AFFECT OF PARALLEL COMPUTING ON MULTICORE PROCESSORSAFFECT OF PARALLEL COMPUTING ON MULTICORE PROCESSORS
AFFECT OF PARALLEL COMPUTING ON MULTICORE PROCESSORScscpconf
 

Similar to Spectre and meltdown (20)

An Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux KernelAn Introduction to the Formalised Memory Model for Linux Kernel
An Introduction to the Formalised Memory Model for Linux Kernel
 
ch2.pptx
ch2.pptxch2.pptx
ch2.pptx
 
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
 
HPP Week 1 Summary
HPP Week 1 SummaryHPP Week 1 Summary
HPP Week 1 Summary
 
cachegrand: A Take on High Performance Caching
cachegrand: A Take on High Performance Cachingcachegrand: A Take on High Performance Caching
cachegrand: A Take on High Performance Caching
 
8051-microcontroller
8051-microcontroller8051-microcontroller
8051-microcontroller
 
Computer Organization: Introduction to Microprocessor and Microcontroller
Computer Organization: Introduction to Microprocessor and MicrocontrollerComputer Organization: Introduction to Microprocessor and Microcontroller
Computer Organization: Introduction to Microprocessor and Microcontroller
 
Java under the hood
Java under the hoodJava under the hood
Java under the hood
 
Linux Kernel Memory Model
Linux Kernel Memory ModelLinux Kernel Memory Model
Linux Kernel Memory Model
 
Gcc opt
Gcc optGcc opt
Gcc opt
 
computer devices and memory unit 2 notes.pdf
computer devices and memory unit 2 notes.pdfcomputer devices and memory unit 2 notes.pdf
computer devices and memory unit 2 notes.pdf
 
Java Memory Model
Java Memory ModelJava Memory Model
Java Memory Model
 
08. Central Processing Unit (CPU)
08. Central Processing Unit (CPU)08. Central Processing Unit (CPU)
08. Central Processing Unit (CPU)
 
Caching in
Caching inCaching in
Caching in
 
The Silence of the Canaries
The Silence of the CanariesThe Silence of the Canaries
The Silence of the Canaries
 
Linux Locking Mechanisms
Linux Locking MechanismsLinux Locking Mechanisms
Linux Locking Mechanisms
 
Embedded_System_wireless_Technolgy_with_Microcontrollers
Embedded_System_wireless_Technolgy_with_MicrocontrollersEmbedded_System_wireless_Technolgy_with_Microcontrollers
Embedded_System_wireless_Technolgy_with_Microcontrollers
 
Windows kernel
Windows kernelWindows kernel
Windows kernel
 
Affect of parallel computing on multicore processors
Affect of parallel computing on multicore processorsAffect of parallel computing on multicore processors
Affect of parallel computing on multicore processors
 
AFFECT OF PARALLEL COMPUTING ON MULTICORE PROCESSORS
AFFECT OF PARALLEL COMPUTING ON MULTICORE PROCESSORSAFFECT OF PARALLEL COMPUTING ON MULTICORE PROCESSORS
AFFECT OF PARALLEL COMPUTING ON MULTICORE PROCESSORS
 

More from Aditya Kamat

Load Balancing Algorithms - Which one to choose?
Load Balancing Algorithms - Which one to choose?Load Balancing Algorithms - Which one to choose?
Load Balancing Algorithms - Which one to choose?Aditya Kamat
 
Web Hacking Series Part 5
Web Hacking Series Part 5Web Hacking Series Part 5
Web Hacking Series Part 5Aditya Kamat
 
Web Hacking Series Part 4
Web Hacking Series Part 4Web Hacking Series Part 4
Web Hacking Series Part 4Aditya Kamat
 
Web hacking series part 3
Web hacking series part 3Web hacking series part 3
Web hacking series part 3Aditya Kamat
 
Web Hacking series part 2
Web Hacking series part 2Web Hacking series part 2
Web Hacking series part 2Aditya Kamat
 
Web Hacking Series Part 1
Web Hacking Series Part 1Web Hacking Series Part 1
Web Hacking Series Part 1Aditya Kamat
 
Exploiting a vulnerability to gain a shell
Exploiting a vulnerability to gain a shellExploiting a vulnerability to gain a shell
Exploiting a vulnerability to gain a shellAditya Kamat
 

More from Aditya Kamat (9)

Load Balancing Algorithms - Which one to choose?
Load Balancing Algorithms - Which one to choose?Load Balancing Algorithms - Which one to choose?
Load Balancing Algorithms - Which one to choose?
 
Cryptography 101
Cryptography 101Cryptography 101
Cryptography 101
 
Web Hacking Series Part 5
Web Hacking Series Part 5Web Hacking Series Part 5
Web Hacking Series Part 5
 
Web Hacking Series Part 4
Web Hacking Series Part 4Web Hacking Series Part 4
Web Hacking Series Part 4
 
Web hacking series part 3
Web hacking series part 3Web hacking series part 3
Web hacking series part 3
 
Web Hacking series part 2
Web Hacking series part 2Web Hacking series part 2
Web Hacking series part 2
 
Web Hacking Series Part 1
Web Hacking Series Part 1Web Hacking Series Part 1
Web Hacking Series Part 1
 
Web Hacking Intro
Web Hacking IntroWeb Hacking Intro
Web Hacking Intro
 
Exploiting a vulnerability to gain a shell
Exploiting a vulnerability to gain a shellExploiting a vulnerability to gain a shell
Exploiting a vulnerability to gain a shell
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Spectre and meltdown

  • 1. Spectre and Meltdown ~ Aditya Kamat
  • 2. What will be covered? ● Memory Cache ● Speculative Execution ● Branch predictor ● Meltdown ● Spectre ● Mitigations ● FAQ’s
  • 3. Memory & Cache ● L1, L2, L3 levels ● Cache hit and miss.
  • 7. Speculative Execution ● Coffee shop analogy for easy understanding. ● Why? ○ Instructions which require reading from memory take longer. CPU idle time is a waste of resources, speculative execution is the solution.
  • 8. Branch predictors ● Use fancy algorithms to predict which condition might be met. ● Speculatively execute the branch that is predicted. ● What happens when the prediction turns out to be true? ● And what happens when the prediction is wrong? ● P.S: Branch predictors are often over 99% accurate at guessing.
  • 9.
  • 10. User Space vs Kernel Space ● Kernel space & user space are segregations of the virtual memory. ● Each process is given virtual memory which is divided into kernel & user space. ● The user space region contains data, code, stack, heap of the process. ● The kernel-space contains things such as the page table for the process, kernel data structures and kernel code, etc. ● To run kernel space code, control must shift to kernel mode(using 0x80 software interrupt for system calls) & kernel stack is basically shared among all processes currently executing in kernel space.
  • 11. User Space vs Kernel Space
  • 12. Spectre: Variant 1(CVE-2017-5753) ● Bounds check bypass. ● The instructions after a conditional branch are speculatively executed as the result of a misprediction.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18. Spectre: Variant 2(CVE-2017-5715) ● Branch target injection ● The CPU executes instructions at a location determined by a mispredicted branch target.
  • 21. Meltdown: Variant 3(CVE-2017-5754) ● Rogue data cache load, memory access permission check performed after kernel memory is read. ● It leverages out-of-order execution capabilities in modern CPUs. ● Vulnerable CPUs allow memory reads in out-of-order instruction execution, and also contain a race condition between the raising of exceptions and the out-of-order instruction execution.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27. Countermeasures ● Spectre (Variant 1): ○ Compiler patches. ○ Use barriers (LFENCE instruction) to prevent speculation for x86 - Sequential instructions. ○ Static analysis to identify locations where attackers can control speculation. ● Spectre (Variant 2): ○ Separate BTBs(Branch Target Buffers) for each process in the Branch predictor unit. ○ Prevent BTBs across SMT(Simultaneous MultiThreading) threads.
  • 29. FAQ’s ● Can I detect if someone has exploited Meltdown or Spectre against me? ● Can my antivirus detect or block this attack? ● Is there a workaround/fix? ● Why is it called Meltdown? ● Why is it called Spectre? ● Can I see Meltdown in action? Check this
  • 30. References ● A 3 minute video explaining speculative execution. Link ● Meltdown paper. Link ● Spectre paper. Link ● Redhat documentation. Link ● Meltdown and spectre official website. Link ● IIT-M course by Chester Robeiro: Link ● Report by CMU: Link ● Miscellaneous: Link1, Link2, Link3, Link4