SlideShare a Scribd company logo

Spectre and Meltdowns

S
skillupevent

«آسیب‌پذیری‌های spectre و meltdowns» ارائه شده توسط مصطفی سیدی در اسکیل‌آپ ششم

Technology
1 of 12
Download to read offline
6th SkillUp Event (14 Feb 2018) Mini Presentation: Spectre & Meltdown Vulnerability In the Name of God Provider: S.Mostafa Sayyedi /mostafasayyedi /mostafasayyedi
What is Vulnerability? (in Computing World!) Vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerabilities are the intersection of three elements: 1: a System susceptibility or flaw, 2: Attacker access to the flaw, 3: Attacker capability to exploit the flaw.
Spectre & Meltdown…. Overview about CPU & OS:
Spectre & Meltdown…. Overview about CPU & OS:
Spectre & Meltdown…. First: Spectre(CVE-2017-5753 or bounds check bypass, and CVE-2017-5715 or branch target injection.) Spectre abuses branch prediction and speculative execution to leak data from via a processor covert channel (cache lines) Spectre can only read memory from the current process, not the kernel and other physical memory
Spectre & Meltdown…. Second: Meltdown (CVE-2017-5754 or rogue data cache load) Meltdown allows attackers to read arbitrary physical memory (including kernel memory) from an unprivileged user process Meltdown uses out of order instruction execution to leak data via a processor covert channel (cache lines)
Which Processors?!
....Updates
Update Kernel & BIOS How Find and Defend?!
In The NEWS…
Spectre and Meltdowns

Recommended

Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linuxHammad Ahmed Khawaja
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & MeltdownMurray Security Services
 
6.Resource Exhaustion
6.Resource Exhaustion6.Resource Exhaustion
6.Resource Exhaustionphanleson
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 
Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and Exploitation Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and ExploitationMattia Salvi
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsKaspersky
 

Recommended

Pentesting with linux
Pentesting with linuxPentesting with linux
Pentesting with linuxHammad Ahmed Khawaja
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitRaghav Bisht
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & MeltdownMurray Security Services
 
6.Resource Exhaustion
6.Resource Exhaustion6.Resource Exhaustion
6.Resource Exhaustionphanleson
 
Modern malware and threats
Modern malware and threatsModern malware and threats
Modern malware and threatsMartin Holovský
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksDamaineFranklinMScBE
 
Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and Exploitation Virtual Machines Security Internals: Detection and Exploitation
Virtual Machines Security Internals: Detection and ExploitationMattia Salvi
 
The Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsThe Duqu 2.0: Technical Details
The Duqu 2.0: Technical DetailsKaspersky
 
Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Angelill0
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...a001
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceJames581435
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
LeftOverLocals. GPU Vulnerabilitiy.pdf
LeftOverLocals. GPU Vulnerabilitiy.pdfLeftOverLocals. GPU Vulnerabilitiy.pdf
LeftOverLocals. GPU Vulnerabilitiy.pdfOverkill Security
 
All about the Meltdown Cyber Attack (CVE-2017-5754) by Manula Udugahapattuwa
All about the Meltdown Cyber Attack (CVE-2017-5754) by Manula Udugahapattuwa All about the Meltdown Cyber Attack (CVE-2017-5754) by Manula Udugahapattuwa
All about the Meltdown Cyber Attack (CVE-2017-5754) by Manula Udugahapattuwa Manula Udugahapattuwa
 
Automated defense from rootkit attacks
Automated defense from rootkit attacksAutomated defense from rootkit attacks
Automated defense from rootkit attacksUltraUploader
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Designing and implementing malicious processors
Designing and implementing malicious processorsDesigning and implementing malicious processors
Designing and implementing malicious processorsNebyueAwoke
 
Symantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit AnalysisSymantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit AnalysisSymantec
 
1)It capture leaving on the purpose of the CA documentation it have.pdf
1)It capture leaving on the purpose of the CA documentation it have.pdf1)It capture leaving on the purpose of the CA documentation it have.pdf
1)It capture leaving on the purpose of the CA documentation it have.pdfcontact34
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackGavin Davey
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAli Habeeb
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Surreptitiously weakening cryptographic systems
Surreptitiously weakening cryptographic systemsSurreptitiously weakening cryptographic systems
Surreptitiously weakening cryptographic systemsYael Ziv
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 

More Related Content

Similar to Spectre and Meltdowns

Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Angelill0
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesAmit Kumbhar
 
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...a001
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceJames581435
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
LeftOverLocals. GPU Vulnerabilitiy.pdf
LeftOverLocals. GPU Vulnerabilitiy.pdfLeftOverLocals. GPU Vulnerabilitiy.pdf
LeftOverLocals. GPU Vulnerabilitiy.pdfOverkill Security
 
All about the Meltdown Cyber Attack (CVE-2017-5754) by Manula Udugahapattuwa
All about the Meltdown Cyber Attack (CVE-2017-5754) by Manula Udugahapattuwa All about the Meltdown Cyber Attack (CVE-2017-5754) by Manula Udugahapattuwa
All about the Meltdown Cyber Attack (CVE-2017-5754) by Manula Udugahapattuwa Manula Udugahapattuwa
 
Automated defense from rootkit attacks
Automated defense from rootkit attacksAutomated defense from rootkit attacks
Automated defense from rootkit attacksUltraUploader
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Designing and implementing malicious processors
Designing and implementing malicious processorsDesigning and implementing malicious processors
Designing and implementing malicious processorsNebyueAwoke
 
Symantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit AnalysisSymantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit AnalysisSymantec
 
1)It capture leaving on the purpose of the CA documentation it have.pdf
1)It capture leaving on the purpose of the CA documentation it have.pdf1)It capture leaving on the purpose of the CA documentation it have.pdf
1)It capture leaving on the purpose of the CA documentation it have.pdfcontact34
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackGavin Davey
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAli Habeeb
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingRaghav Bisht
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationQualys
 
Surreptitiously weakening cryptographic systems
Surreptitiously weakening cryptographic systemsSurreptitiously weakening cryptographic systems
Surreptitiously weakening cryptographic systemsYael Ziv
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 

Similar to Spectre and Meltdowns (20)

Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09Rootkit&honeypot aalonso-dcu-dec09
Rootkit&honeypot aalonso-dcu-dec09
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...
Deliberately Un-Dependable Applications: the Role of Dependability Metrics in...
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
LeftOverLocals. GPU Vulnerabilitiy.pdf
LeftOverLocals. GPU Vulnerabilitiy.pdfLeftOverLocals. GPU Vulnerabilitiy.pdf
LeftOverLocals. GPU Vulnerabilitiy.pdf
 
All about the Meltdown Cyber Attack (CVE-2017-5754) by Manula Udugahapattuwa
All about the Meltdown Cyber Attack (CVE-2017-5754) by Manula Udugahapattuwa All about the Meltdown Cyber Attack (CVE-2017-5754) by Manula Udugahapattuwa
All about the Meltdown Cyber Attack (CVE-2017-5754) by Manula Udugahapattuwa
 
Automated defense from rootkit attacks
Automated defense from rootkit attacksAutomated defense from rootkit attacks
Automated defense from rootkit attacks
 
Metasploit
MetasploitMetasploit
Metasploit
 
Designing and implementing malicious processors
Designing and implementing malicious processorsDesigning and implementing malicious processors
Designing and implementing malicious processors
 
Symantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit AnalysisSymantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit Analysis
 
1)It capture leaving on the purpose of the CA documentation it have.pdf
1)It capture leaving on the purpose of the CA documentation it have.pdf1)It capture leaving on the purpose of the CA documentation it have.pdf
1)It capture leaving on the purpose of the CA documentation it have.pdf
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927
 
Analysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin AttackAnalysis of RSA Lockheed Martin Attack
Analysis of RSA Lockheed Martin Attack
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Avoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediationAvoid Meltdown from the Spectre - How to measure impact and track remediation
Avoid Meltdown from the Spectre - How to measure impact and track remediation
 
Surreptitiously weakening cryptographic systems
Surreptitiously weakening cryptographic systemsSurreptitiously weakening cryptographic systems
Surreptitiously weakening cryptographic systems
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 

Recently uploaded

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 

Recently uploaded (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 

Spectre and Meltdowns

  • 1. 6th SkillUp Event (14 Feb 2018) Mini Presentation: Spectre & Meltdown Vulnerability In the Name of God Provider: S.Mostafa Sayyedi /mostafasayyedi /mostafasayyedi
  • 2. What is Vulnerability? (in Computing World!) Vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerabilities are the intersection of three elements: 1: a System susceptibility or flaw, 2: Attacker access to the flaw, 3: Attacker capability to exploit the flaw.
  • 5. Spectre & Meltdown…. First: Spectre(CVE-2017-5753 or bounds check bypass, and CVE-2017-5715 or branch target injection.) Spectre abuses branch prediction and speculative execution to leak data from via a processor covert channel (cache lines) Spectre can only read memory from the current process, not the kernel and other physical memory
  • 6. Spectre & Meltdown…. Second: Meltdown (CVE-2017-5754 or rogue data cache load) Meltdown allows attackers to read arbitrary physical memory (including kernel memory) from an unprivileged user process Meltdown uses out of order instruction execution to leak data via a processor covert channel (cache lines)
  • 8.
  • 10. Update Kernel & BIOS How Find and Defend?!