1. 6th SkillUp Event (14 Feb 2018)
Mini Presentation: Spectre & Meltdown Vulnerability
In the Name of God
Provider: S.Mostafa Sayyedi
/mostafasayyedi
/mostafasayyedi
2. What is Vulnerability? (in Computing World!)
Vulnerability is a weakness which allows an attacker to reduce a system's information assurance.
Vulnerabilities are the intersection of three elements:
1: a System susceptibility or flaw,
2: Attacker access to the flaw,
3: Attacker capability to exploit the flaw.
5. Spectre & Meltdown….
First: Spectre(CVE-2017-5753 or bounds check bypass,
and CVE-2017-5715 or branch target injection.)
Spectre abuses branch prediction and speculative execution to leak
data from via a processor covert channel (cache lines)
Spectre can only read memory from the current process, not the
kernel and other physical memory
6. Spectre & Meltdown….
Second: Meltdown (CVE-2017-5754 or rogue data cache load)
Meltdown allows attackers to read arbitrary physical memory (including kernel
memory) from an unprivileged user process
Meltdown uses out of order instruction execution
to
leak data via a processor covert channel (cache
lines)