SlideShare a Scribd company logo

Spectre & Meltdown

Murray Security Services
Murray Security Services

This presentation is a collection of available information that has been organized to fill in gaps for professionals wanting to understand the Spectre and Meltdown vulnerabilities and associated threats.

Technology
1 of 22
Download to read offline
Spectre & Meltdown Dr. Shawn P. Murray, C|CISO, CISSP, CRISC, FITSP-A, C|ND ISSA Colorado Springs Chapter, Training Meetings, January 2018
Spectre & Meltdown - Agenda • What are they? • What are the issues? • What is the risk? • Who discovered them? • Who is affected? • Patches, Updates, Notices & Advisories • What should you do? • Resources • Questions?
Spectre & Meltdown What are they? Spectre • Spectre breaks the isolation between different applications. • Allows an attacker to trick error-free applications, which follow best practices, into leaking their secrets. • The safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre Meltdown • Meltdown breaks the most fundamental isolation between user applications and the operating system. • This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
Spectre & Meltdown What are they? What are the differences? What is the difference between Meltdown and Spectre? • Spectre tricks other applications into accessing arbitrary locations in their memory. • Both attacks use side channels to obtain the information from the accessed memory location. • Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. • Consequently, applications can access system memory.
Meltdown What are the issues? “One of the central security features of today’s operating systems is memory isolation. Operating systems ensure that user applications cannot access each other’s memories and prevent user applications from reading or writing kernel memory. This isolation is a cornerstone of our computing environments and allows running multiple applications on personal devices or executing processes of multiple users on a single machine in the cloud.” “Meltdown is a novel attack that allows overcoming memory isolation completely by providing a simple way for any user process to read the entire kernel memory of the machine it executes on, including all physical memory mapped in the kernel region. Meltdown does not exploit any software vulnerability, i.e., it works on all major operating systems. Instead, Meltdown exploits side-channel information available on most modern processors, e.g., modern Intel microarchitectures since 2010 and potentially on other CPUs of other vendors.”
While side-channel attacks typically require very specific knowledge about the target application and are tailored to only leak information about its secrets, Meltdown allows an adversary who can run code on the vulnerable processor to obtain a dump of the entire kernel address space, including any mapped physical memory. The root cause of the simplicity and strength of Meltdown are side effects caused by out-of-order execution.” “Out-of-order execution is an important performance feature of today’s processors in order to overcome latencies of busy execution units, e.g., a memory fetch unit needs to wait for data arrival from memory. Instead of stalling the execution, modern processors run operations out-of-order i.e., they look ahead and schedule subsequent operations to idle execution units of the processor.” PERFORMANCE BEFORE SECURITY!!! Meltdown What are the issues?
Meltdown What are the issues? “The Meltdown attack uses exception handling or suppression, e.g., TSX, to run a series of transient instructions. These transient instructions obtain a (persistent) secret value and change the microarchitectural state of the processor based on this secret value. This forms the sending part of a microarchitectural covert channel. The receiving side reads the microarchitectural state, making it architectural and recovering the secret value.”
Spectre What are the issues? “Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access to the victim’s memory and registers, and can perform operations with measurable side effects. Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.”
Spectre What are the issues? “Speculative execution is a technique used by high speed processors in order to increase performance by guessing likely future execution paths and prematurely executing the instructions in them. For example when the program’s control flow depends on an uncached value located in the physical memory, it may take several hundred clock cycles before the value becomes known. Rather than wasting these cycles by idling, the processor guesses the direction of control flow, saves a checkpoint of its register state, and proceeds to speculatively execute the program on the guessed path. When the value eventually arrives from memory the processor checks the correctness of its initial guess. If the guess was wrong, the processor discards the (incorrect) speculative execution by reverting the register state back to the stored checkpoint, resulting in performance comparable to idling. In case the guess was correct, however, the speculative execution results are committed, yielding a significant performance gain as useful work was accomplished during the delay.” PERFORMANCE OVER SECURITY!!
Spectre & Meltdown What is the risk? According to TECHI.ES • Meltdown and Spectre exploit critical vulnerabilities in modern processors. • These hardware bugs allow programs to steal data which is currently processed on the computer. • While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. • This might include: • passwords stored in a password manager or browser, • your personal photos, • Emails & instant messages • business-critical documents. • Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.
Spectre & Meltdown Who discovered them? Spectre was independently discovered and reported by two people: • Jann Horn (Google Project Zero) and • Paul Kocher in collaboration with: (in alphabetical order), • Daniel Genkin (University of Pennsylvania and University of Maryland), • Mike Hamburg (Rambus), • Moritz Lipp (Graz University of Technology), and • Yuval Yarom (University of Adelaide and Data61) Meltdown was independently discovered and reported by three teams: • Jann Horn (Google Project Zero), • Werner Haas, Thomas Prescher (Cyberus Technology), • Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology)
Spectre & Meltdown Who is affected? • Almost Everyone! Which systems are affected by Meltdown? • Many Desktop, Laptop, and Cloud computers may be affected by Meltdown. • More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 • (Does not apply to Intel Itanium and Intel Atom before 2013). • The team successfully tested Meltdown on Intel processor generations released as early as 2011. • Currently, we have only verified Meltdown on Intel processors. • At the moment, it is unclear whether AMD processors are also affected by Meltdown. • According to ARM, some of their processors are also affected.
Spectre & Meltdown Who is affected? • Almost Everyone! Which cloud providers are affected by Meltdown? • Cloud providers which use: • Intel CPUs and; • Xen PV as virtualization without having patches applied. • Also cloud providers without real hardware virtualization, • They rely on containers that share one kernel, such as: • Docker, • LXC, or • OpenVZ
Spectre & Meltdown Who is affected? • Almost Everyone! Which systems are affected by Spectre? • Almost every system is affected by Spectre: • Desktops, • Laptops, • Cloud Servers, • Smartphones. • More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. • In particular, the discovery team have verified Spectre on Intel, AMD, and ARM processors.
Spectre & Meltdown Patches, Updates, Notices & Advisories What are CVE-2017-5753 and CVE-2017-5715? CVE-2017-5753 and CVE-2017-5715 are the official references to Spectre. What is the CVE-2017-5754? CVE-2017-5754 is the official reference to Meltdown. Common Vulnerabilities & Exposures is the Standard for Information Security Vulnerability Names maintained by MITRE.
Spectre & Meltdown Patches, Updates, Notices & Advisories Where can I find official information or security advisories of involved/affected companies? Intel ARM AMD RISC-V NVIDIA Microsoft Amazon Google Android Apple Lenovo IBM Dell Hewlett Packard Enterprise HP Inc. Huawei Synology Security Advisory / Newsroom / Whitepaper Security Update Security Information Blog Security Bulletin / Product Security Security Guidance / Information regarding anti-virus software / Azure Blog / Windows (Client) / Windows (Server) Security Bulletin Project Zero Blog / Need to know Security Bulletin Apple Support Security Advisory Blog Knowledge Base / Knowledge Base (Server) Vulnerability Alert Security Bulletin Security Notice Security Advisory
Spectre & Meltdown Patches, Updates, Notices & Advisories Where can I find official information or security advisories of involved/affected companies? Cisco F5 Mozilla Red Hat Debian Ubuntu SUSE Fedora Qubes Fortinet NetApp LLVM CERT MITRE VMWare Citrix Xen Security Advisory Security Advisory Security Blog Vulnerability Response / Performance Impacts Security Tracker Knowledge Base Vulnerability Response Kernel update Announcement Advisory Advisory Spectre (Variant #2) Patch / Review builtin_load_no_speculate / Review llvm.nospeculateload Vulnerability Note CVE-2017-5715 / CVE-2017-5753 / CVE-2017-5754 Security Advisory / Blog Security Bulletin / Security Bulletin (XenServer) Security Advisory (XSA-254) / FAQ
Spectre & Meltdown What should you do? • Get with your hardware and software vendors to see which patches and/or updates are recommended. • Some application and OS patches are creating problems for users once they reboot. • Suggest a thorough backup of all files that the user doesn’t want to lose before installing patches • For cloud services, check with your provided to see if they run the affected chips that make them vulnerable • Check your contract and SLA for data sanitization and backup • Leakage less of a risk for dedicated cloud services • More of a risk for shared services • Most Mobile device manufacturers have developed patches as well • Ensure you back up your device and files before applying any updates
Most Common Questions & Answers can be attained from the Official Site https://meltdownattack.com/ There is additional technical information about Meltdown and Spectre on the official website. They have posted an academic paper and a blog post about Meltdown, and an academic paper about Spectre. There is also a link to the Google Project Zero blog about both attacks.
Questions? Meltdown Spectre
Resources • Spectre & Meltdown official website • https://meltdownattack.com/ • Meltdown and Spectre exploit critical vulnerabilities in modern processors • http://www.techi.es/meltdown-and-spectre-exploit-critical-vulnerabilities-in-modern-processors/ • Spectre Attack Paper • https://spectreattack.com/spectre.pdf • Meltdown Attack Paper • https://meltdownattack.com/meltdown.pdf • Microsoft puts update fixing Meltdown, Spectre flaws on hold as some AMD PCs become unbootable • https://www.digit.in/security-software/microsoft-update-fixing-meltdown-spectre-flaws-put-on-hold-as-some- amd-pcs-become-unbootable-39053.html
• https://www.clever-cloud.com/blog/img/medias/spectre-meltdown.jpg • https://i2.wp.com/chromeunboxed.com/wp-content/uploads/2018/01/spectreMeltdownChromebooks.jpeg?fit=1200%2C606&ssl=1 • https://betanews.com/wp-content/uploads/2018/01/intel-processor.jpg • https://www.blogcdn.com/www.engadget.com/media/2008/07/7-25-08-nvidia_geforce_9m_9600m_gt.jpg • https://www.ginjfo.com/wp-content/uploads/2015/04/LinuxKernel_01-620x330.jpg • https://upload.wikimedia.org/wikipedia/commons/d/de/Ic-photo-AMD--AMD-K6-166ALR-(K6-CPU).jpg • https://techviral.net/wp-content/uploads/2018/01/Here-Is-The-List-Of-Intel-CPUs-Affected-By-Spectre-Meltdown.png • https://www.servethehome.com/wp-content/uploads/2018/01/FreeBSD.jpg • http://editorial.designtaxi.com/editorial-images/news-ShieldSpectreMeltdownFlaws080118/1-Apple-Google-Microsoft-Spectre-Meltdown-Flaws-Gadgets.jpg • https://biztechmagazine.com/sites/default/files/articles/BizTech/201801/Spectre_Meltdown_3c.jpg • https://i-cdn.phonearena.com/images/article/101314-image/Apple-says-iOS-is-vulnerable-to-Meltdown-and-Spectre-issues.jpg • http://www.techi.es/wp-content/uploads/2017/06/Data-breach-public-site-image-2-678x390.jpg • http://resellermalaysia.my/wp-content/uploads/2018/01/CPU-Meltdown-Spectre-e1515481679130-702x336.png Images Credit

Recommended

Meltdown & Spectre
Meltdown & Spectre Meltdown & Spectre
Meltdown & Spectre
Marco Cipriano
 
Meltdown and Spectre
Meltdown and SpectreMeltdown and Spectre
Meltdown and Spectre
yeokm1
 
The Google File System (GFS)
The Google File System (GFS)The Google File System (GFS)
The Google File System (GFS)
Romain Jacotin
 
Meltdown & spectre
Meltdown & spectreMeltdown & spectre
Meltdown & spectre
Sergio Shevchenko
 
Advanced computer architecture
Advanced computer architectureAdvanced computer architecture
Advanced computer architecture
krishnaviswambharan
 
The Cyber Attack Lifecycle
The Cyber Attack LifecycleThe Cyber Attack Lifecycle
The Cyber Attack Lifecycle
Cybereason
 
DDR, GDDR, HBM Memory : Presentation
DDR, GDDR, HBM Memory : PresentationDDR, GDDR, HBM Memory : Presentation
DDR, GDDR, HBM Memory : Presentation
Subhajit Sahu
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
Pawan Arya
 

Recommended

Meltdown & Spectre
Meltdown & Spectre Meltdown & Spectre
Meltdown & Spectre
Marco Cipriano
 
Meltdown and Spectre
Meltdown and SpectreMeltdown and Spectre
Meltdown and Spectre
yeokm1
 
The Google File System (GFS)
The Google File System (GFS)The Google File System (GFS)
The Google File System (GFS)
Romain Jacotin
 
Meltdown & spectre
Meltdown & spectreMeltdown & spectre
Meltdown & spectre
Sergio Shevchenko
 
Advanced computer architecture
Advanced computer architectureAdvanced computer architecture
Advanced computer architecture
krishnaviswambharan
 
The Cyber Attack Lifecycle
The Cyber Attack LifecycleThe Cyber Attack Lifecycle
The Cyber Attack Lifecycle
Cybereason
 
DDR, GDDR, HBM Memory : Presentation
DDR, GDDR, HBM Memory : PresentationDDR, GDDR, HBM Memory : Presentation
DDR, GDDR, HBM Memory : Presentation
Subhajit Sahu
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
Pawan Arya
 
Get it right the first time lpddr4 validation and compliance test
Get it right the first time lpddr4 validation and compliance testGet it right the first time lpddr4 validation and compliance test
Get it right the first time lpddr4 validation and compliance test
Barbara Aichinger
 
Loops in flow
Loops in flowLoops in flow
Loops in flow
indhu mathi
 
John the ripper & hydra password cracking tool
John the ripper & hydra password cracking toolJohn the ripper & hydra password cracking tool
John the ripper & hydra password cracking tool
Md. Raquibul Hoque
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
Rutvik Mehta
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
Prince Rachit
 
Swift Parallel Scripting for High-Performance Workflow
Swift Parallel Scripting for High-Performance WorkflowSwift Parallel Scripting for High-Performance Workflow
Swift Parallel Scripting for High-Performance Workflow
Daniel S. Katz
 
Dichotomy of parallel computing platforms
Dichotomy of parallel computing platformsDichotomy of parallel computing platforms
Dichotomy of parallel computing platforms
Syed Zaid Irshad
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Type Checking(Compiler Design) #ShareThisIfYouLike
Type Checking(Compiler Design) #ShareThisIfYouLikeType Checking(Compiler Design) #ShareThisIfYouLike
Type Checking(Compiler Design) #ShareThisIfYouLike
United International University
 
Cache optimization
Cache optimizationCache optimization
Cache optimization
Kavi Kathir
 
Distance Vector Multicast Routing Protocol (DVMRP) : Presentation
Distance Vector Multicast Routing Protocol (DVMRP) : PresentationDistance Vector Multicast Routing Protocol (DVMRP) : Presentation
Distance Vector Multicast Routing Protocol (DVMRP) : Presentation
Subhajit Sahu
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Joe McCarthy
 
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
The Linux Foundation
 
CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1
Sam Bowne
 
Parallel computing persentation
Parallel computing persentationParallel computing persentation
Parallel computing persentation
VIKAS SINGH BHADOURIA
 
Block cipher modes of operations
Block cipher modes of operationsBlock cipher modes of operations
Block cipher modes of operations
AkashRanjandas1
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Punnya Babu
 
[Outdated] Secrets of Performance Tuning Java on Kubernetes
[Outdated] Secrets of Performance Tuning Java on Kubernetes[Outdated] Secrets of Performance Tuning Java on Kubernetes
[Outdated] Secrets of Performance Tuning Java on Kubernetes
Bruno Borges
 
Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
Setia Juli Irzal Ismail
 
LeftOverLocals. GPU Vulnerabilitiy.pdf
LeftOverLocals. GPU Vulnerabilitiy.pdfLeftOverLocals. GPU Vulnerabilitiy.pdf
LeftOverLocals. GPU Vulnerabilitiy.pdf
Overkill Security
 

More Related Content

What's hot

Get it right the first time lpddr4 validation and compliance test
Get it right the first time lpddr4 validation and compliance testGet it right the first time lpddr4 validation and compliance test
Get it right the first time lpddr4 validation and compliance test
Barbara Aichinger
 
Loops in flow
Loops in flowLoops in flow
Loops in flow
indhu mathi
 
John the ripper & hydra password cracking tool
John the ripper & hydra password cracking toolJohn the ripper & hydra password cracking tool
John the ripper & hydra password cracking tool
Md. Raquibul Hoque
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
Rutvik Mehta
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
Prince Rachit
 
Swift Parallel Scripting for High-Performance Workflow
Swift Parallel Scripting for High-Performance WorkflowSwift Parallel Scripting for High-Performance Workflow
Swift Parallel Scripting for High-Performance Workflow
Daniel S. Katz
 
Dichotomy of parallel computing platforms
Dichotomy of parallel computing platformsDichotomy of parallel computing platforms
Dichotomy of parallel computing platforms
Syed Zaid Irshad
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
Riya Choudhary
 
Type Checking(Compiler Design) #ShareThisIfYouLike
Type Checking(Compiler Design) #ShareThisIfYouLikeType Checking(Compiler Design) #ShareThisIfYouLike
Type Checking(Compiler Design) #ShareThisIfYouLike
United International University
 
Cache optimization
Cache optimizationCache optimization
Cache optimization
Kavi Kathir
 
Distance Vector Multicast Routing Protocol (DVMRP) : Presentation
Distance Vector Multicast Routing Protocol (DVMRP) : PresentationDistance Vector Multicast Routing Protocol (DVMRP) : Presentation
Distance Vector Multicast Routing Protocol (DVMRP) : Presentation
Subhajit Sahu
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
Joe McCarthy
 
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
The Linux Foundation
 
CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1
Sam Bowne
 
Parallel computing persentation
Parallel computing persentationParallel computing persentation
Parallel computing persentation
VIKAS SINGH BHADOURIA
 
Block cipher modes of operations
Block cipher modes of operationsBlock cipher modes of operations
Block cipher modes of operations
AkashRanjandas1
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
Jyothishmathi Institute of Technology and Science Karimnagar
 
Hash Function
Hash FunctionHash Function
Hash Function
Siddharth Srivastava
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
Punnya Babu
 
[Outdated] Secrets of Performance Tuning Java on Kubernetes
[Outdated] Secrets of Performance Tuning Java on Kubernetes[Outdated] Secrets of Performance Tuning Java on Kubernetes
[Outdated] Secrets of Performance Tuning Java on Kubernetes
Bruno Borges
 

What's hot (20)

Get it right the first time lpddr4 validation and compliance test
Get it right the first time lpddr4 validation and compliance testGet it right the first time lpddr4 validation and compliance test
Get it right the first time lpddr4 validation and compliance test
 
Loops in flow
Loops in flowLoops in flow
Loops in flow
 
John the ripper & hydra password cracking tool
John the ripper & hydra password cracking toolJohn the ripper & hydra password cracking tool
John the ripper & hydra password cracking tool
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptography
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
 
Swift Parallel Scripting for High-Performance Workflow
Swift Parallel Scripting for High-Performance WorkflowSwift Parallel Scripting for High-Performance Workflow
Swift Parallel Scripting for High-Performance Workflow
 
Dichotomy of parallel computing platforms
Dichotomy of parallel computing platformsDichotomy of parallel computing platforms
Dichotomy of parallel computing platforms
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distribution
 
Type Checking(Compiler Design) #ShareThisIfYouLike
Type Checking(Compiler Design) #ShareThisIfYouLikeType Checking(Compiler Design) #ShareThisIfYouLike
Type Checking(Compiler Design) #ShareThisIfYouLike
 
Cache optimization
Cache optimizationCache optimization
Cache optimization
 
Distance Vector Multicast Routing Protocol (DVMRP) : Presentation
Distance Vector Multicast Routing Protocol (DVMRP) : PresentationDistance Vector Multicast Routing Protocol (DVMRP) : Presentation
Distance Vector Multicast Routing Protocol (DVMRP) : Presentation
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
 
CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1
 
Parallel computing persentation
Parallel computing persentationParallel computing persentation
Parallel computing persentation
 
Block cipher modes of operations
Block cipher modes of operationsBlock cipher modes of operations
Block cipher modes of operations
 
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail SecurityCRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
CRYPTOGRAPHY AND NETWORK SECURITY- E-Mail Security
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Pretty good privacy
Pretty good privacyPretty good privacy
Pretty good privacy
 
[Outdated] Secrets of Performance Tuning Java on Kubernetes
[Outdated] Secrets of Performance Tuning Java on Kubernetes[Outdated] Secrets of Performance Tuning Java on Kubernetes
[Outdated] Secrets of Performance Tuning Java on Kubernetes
 

Similar to Spectre & Meltdown

Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
Setia Juli Irzal Ismail
 
LeftOverLocals. GPU Vulnerabilitiy.pdf
LeftOverLocals. GPU Vulnerabilitiy.pdfLeftOverLocals. GPU Vulnerabilitiy.pdf
LeftOverLocals. GPU Vulnerabilitiy.pdf
Overkill Security
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14
jemtallon
 
Metasploit
MetasploitMetasploit
Metasploit
Parth Sahu
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
shreyng
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
Amit Kumbhar
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
RohitGautam261127
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
Farouk2nd
 
Computer assignment on virus and memory and printer
Computer assignment on virus and memory and printerComputer assignment on virus and memory and printer
Computer assignment on virus and memory and printer
ShamzayAli
 
FALCON.pptx
FALCON.pptxFALCON.pptx
FALCON.pptx
AvinashRanjan80
 
Program security
Program securityProgram security
Program security
G Prachi
 
Metasploit
MetasploitMetasploit
Metasploit
Lalith Sai
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Complete notes security
Complete notes securityComplete notes security
Complete notes security
Kitkat Emoo
 
Catch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your networkCatch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your network
DefCamp
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networks
ahmad abdelhafeez
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
Anurag Srivastava
 
Processing tech malicioussoftware_ecommerce
Processing tech malicioussoftware_ecommerceProcessing tech malicioussoftware_ecommerce
Processing tech malicioussoftware_ecommerce
Chittagong University
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
Le Quyen
 
Implementing whole disk encryption State Wide, the good, the bad and the encr...
Implementing whole disk encryption State Wide, the good, the bad and the encr...Implementing whole disk encryption State Wide, the good, the bad and the encr...
Implementing whole disk encryption State Wide, the good, the bad and the encr...
Duane Rigsby
 

Similar to Spectre & Meltdown (20)

Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]Chapter 9 system penetration [compatibility mode]
Chapter 9 system penetration [compatibility mode]
 
LeftOverLocals. GPU Vulnerabilitiy.pdf
LeftOverLocals. GPU Vulnerabilitiy.pdfLeftOverLocals. GPU Vulnerabilitiy.pdf
LeftOverLocals. GPU Vulnerabilitiy.pdf
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14
 
Metasploit
MetasploitMetasploit
Metasploit
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Exploits Attack on Windows Vulnerabilities
Exploits Attack on Windows VulnerabilitiesExploits Attack on Windows Vulnerabilities
Exploits Attack on Windows Vulnerabilities
 
unit 2 confinement techniques.pdf
unit 2 confinement techniques.pdfunit 2 confinement techniques.pdf
unit 2 confinement techniques.pdf
 
Bypass_AV-EDR.pdf
Bypass_AV-EDR.pdfBypass_AV-EDR.pdf
Bypass_AV-EDR.pdf
 
Computer assignment on virus and memory and printer
Computer assignment on virus and memory and printerComputer assignment on virus and memory and printer
Computer assignment on virus and memory and printer
 
FALCON.pptx
FALCON.pptxFALCON.pptx
FALCON.pptx
 
Program security
Program securityProgram security
Program security
 
Metasploit
MetasploitMetasploit
Metasploit
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Complete notes security
Complete notes securityComplete notes security
Complete notes security
 
Catch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your networkCatch Me If You Can - Finding APTs in your network
Catch Me If You Can - Finding APTs in your network
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networks
 
Metasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With MetasploitMetasploit (Module-1) - Getting Started With Metasploit
Metasploit (Module-1) - Getting Started With Metasploit
 
Processing tech malicioussoftware_ecommerce
Processing tech malicioussoftware_ecommerceProcessing tech malicioussoftware_ecommerce
Processing tech malicioussoftware_ecommerce
 
metaploit framework
metaploit frameworkmetaploit framework
metaploit framework
 
Implementing whole disk encryption State Wide, the good, the bad and the encr...
Implementing whole disk encryption State Wide, the good, the bad and the encr...Implementing whole disk encryption State Wide, the good, the bad and the encr...
Implementing whole disk encryption State Wide, the good, the bad and the encr...
 

More from Murray Security Services

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
Murray Security Services
 
Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
Murray Security Services
 
Manufacturing Hacks
Manufacturing HacksManufacturing Hacks
Manufacturing Hacks
Murray Security Services
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Murray Security Services
 
Cybersecurity for Small Business
Cybersecurity for Small BusinessCybersecurity for Small Business
Cybersecurity for Small Business
Murray Security Services
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?
Murray Security Services
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
Murray Security Services
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
Murray Security Services
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
Murray Security Services
 
How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good Policies
Murray Security Services
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
Murray Security Services
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
Murray Security Services
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
Murray Security Services
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
Murray Security Services
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
Murray Security Services
 

More from Murray Security Services (15)

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
 
Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
 
Manufacturing Hacks
Manufacturing HacksManufacturing Hacks
Manufacturing Hacks
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
 
Cybersecurity for Small Business
Cybersecurity for Small BusinessCybersecurity for Small Business
Cybersecurity for Small Business
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good Policies
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 

Recently uploaded

Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
Wouter Lemaire
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
Federico Razzoli
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Project Management Semester Long Project - Acuity
Project Management Semester Long Project - AcuityProject Management Semester Long Project - Acuity
Project Management Semester Long Project - Acuity
jpupo2018
 

Recently uploaded (20)

Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
UI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentationUI5 Controls simplified - UI5con2024 presentation
UI5 Controls simplified - UI5con2024 presentation
 
Webinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data WarehouseWebinar: Designing a schema for a Data Warehouse
Webinar: Designing a schema for a Data Warehouse
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Project Management Semester Long Project - Acuity
Project Management Semester Long Project - AcuityProject Management Semester Long Project - Acuity
Project Management Semester Long Project - Acuity
 

Spectre & Meltdown

  • 1. Spectre & Meltdown Dr. Shawn P. Murray, C|CISO, CISSP, CRISC, FITSP-A, C|ND ISSA Colorado Springs Chapter, Training Meetings, January 2018
  • 2. Spectre & Meltdown - Agenda • What are they? • What are the issues? • What is the risk? • Who discovered them? • Who is affected? • Patches, Updates, Notices & Advisories • What should you do? • Resources • Questions?
  • 3. Spectre & Meltdown What are they? Spectre • Spectre breaks the isolation between different applications. • Allows an attacker to trick error-free applications, which follow best practices, into leaking their secrets. • The safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre Meltdown • Meltdown breaks the most fundamental isolation between user applications and the operating system. • This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
  • 4. Spectre & Meltdown What are they? What are the differences? What is the difference between Meltdown and Spectre? • Spectre tricks other applications into accessing arbitrary locations in their memory. • Both attacks use side channels to obtain the information from the accessed memory location. • Meltdown breaks the mechanism that keeps applications from accessing arbitrary system memory. • Consequently, applications can access system memory.
  • 5. Meltdown What are the issues? “One of the central security features of today’s operating systems is memory isolation. Operating systems ensure that user applications cannot access each other’s memories and prevent user applications from reading or writing kernel memory. This isolation is a cornerstone of our computing environments and allows running multiple applications on personal devices or executing processes of multiple users on a single machine in the cloud.” “Meltdown is a novel attack that allows overcoming memory isolation completely by providing a simple way for any user process to read the entire kernel memory of the machine it executes on, including all physical memory mapped in the kernel region. Meltdown does not exploit any software vulnerability, i.e., it works on all major operating systems. Instead, Meltdown exploits side-channel information available on most modern processors, e.g., modern Intel microarchitectures since 2010 and potentially on other CPUs of other vendors.”
  • 6. While side-channel attacks typically require very specific knowledge about the target application and are tailored to only leak information about its secrets, Meltdown allows an adversary who can run code on the vulnerable processor to obtain a dump of the entire kernel address space, including any mapped physical memory. The root cause of the simplicity and strength of Meltdown are side effects caused by out-of-order execution.” “Out-of-order execution is an important performance feature of today’s processors in order to overcome latencies of busy execution units, e.g., a memory fetch unit needs to wait for data arrival from memory. Instead of stalling the execution, modern processors run operations out-of-order i.e., they look ahead and schedule subsequent operations to idle execution units of the processor.” PERFORMANCE BEFORE SECURITY!!! Meltdown What are the issues?
  • 7. Meltdown What are the issues? “The Meltdown attack uses exception handling or suppression, e.g., TSX, to run a series of transient instructions. These transient instructions obtain a (persistent) secret value and change the microarchitectural state of the processor based on this secret value. This forms the sending part of a microarchitectural covert channel. The receiving side reads the microarchitectural state, making it architectural and recovering the secret value.”
  • 8. Spectre What are the issues? “Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access to the victim’s memory and registers, and can perform operations with measurable side effects. Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.”
  • 9. Spectre What are the issues? “Speculative execution is a technique used by high speed processors in order to increase performance by guessing likely future execution paths and prematurely executing the instructions in them. For example when the program’s control flow depends on an uncached value located in the physical memory, it may take several hundred clock cycles before the value becomes known. Rather than wasting these cycles by idling, the processor guesses the direction of control flow, saves a checkpoint of its register state, and proceeds to speculatively execute the program on the guessed path. When the value eventually arrives from memory the processor checks the correctness of its initial guess. If the guess was wrong, the processor discards the (incorrect) speculative execution by reverting the register state back to the stored checkpoint, resulting in performance comparable to idling. In case the guess was correct, however, the speculative execution results are committed, yielding a significant performance gain as useful work was accomplished during the delay.” PERFORMANCE OVER SECURITY!!
  • 10. Spectre & Meltdown What is the risk? According to TECHI.ES • Meltdown and Spectre exploit critical vulnerabilities in modern processors. • These hardware bugs allow programs to steal data which is currently processed on the computer. • While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. • This might include: • passwords stored in a password manager or browser, • your personal photos, • Emails & instant messages • business-critical documents. • Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.
  • 11. Spectre & Meltdown Who discovered them? Spectre was independently discovered and reported by two people: • Jann Horn (Google Project Zero) and • Paul Kocher in collaboration with: (in alphabetical order), • Daniel Genkin (University of Pennsylvania and University of Maryland), • Mike Hamburg (Rambus), • Moritz Lipp (Graz University of Technology), and • Yuval Yarom (University of Adelaide and Data61) Meltdown was independently discovered and reported by three teams: • Jann Horn (Google Project Zero), • Werner Haas, Thomas Prescher (Cyberus Technology), • Daniel Gruss, Moritz Lipp, Stefan Mangard, Michael Schwarz (Graz University of Technology)
  • 12. Spectre & Meltdown Who is affected? • Almost Everyone! Which systems are affected by Meltdown? • Many Desktop, Laptop, and Cloud computers may be affected by Meltdown. • More technically, every Intel processor which implements out-of-order execution is potentially affected, which is effectively every processor since 1995 • (Does not apply to Intel Itanium and Intel Atom before 2013). • The team successfully tested Meltdown on Intel processor generations released as early as 2011. • Currently, we have only verified Meltdown on Intel processors. • At the moment, it is unclear whether AMD processors are also affected by Meltdown. • According to ARM, some of their processors are also affected.
  • 13. Spectre & Meltdown Who is affected? • Almost Everyone! Which cloud providers are affected by Meltdown? • Cloud providers which use: • Intel CPUs and; • Xen PV as virtualization without having patches applied. • Also cloud providers without real hardware virtualization, • They rely on containers that share one kernel, such as: • Docker, • LXC, or • OpenVZ
  • 14. Spectre & Meltdown Who is affected? • Almost Everyone! Which systems are affected by Spectre? • Almost every system is affected by Spectre: • Desktops, • Laptops, • Cloud Servers, • Smartphones. • More specifically, all modern processors capable of keeping many instructions in flight are potentially vulnerable. • In particular, the discovery team have verified Spectre on Intel, AMD, and ARM processors.
  • 15. Spectre & Meltdown Patches, Updates, Notices & Advisories What are CVE-2017-5753 and CVE-2017-5715? CVE-2017-5753 and CVE-2017-5715 are the official references to Spectre. What is the CVE-2017-5754? CVE-2017-5754 is the official reference to Meltdown. Common Vulnerabilities & Exposures is the Standard for Information Security Vulnerability Names maintained by MITRE.
  • 16. Spectre & Meltdown Patches, Updates, Notices & Advisories Where can I find official information or security advisories of involved/affected companies? Intel ARM AMD RISC-V NVIDIA Microsoft Amazon Google Android Apple Lenovo IBM Dell Hewlett Packard Enterprise HP Inc. Huawei Synology Security Advisory / Newsroom / Whitepaper Security Update Security Information Blog Security Bulletin / Product Security Security Guidance / Information regarding anti-virus software / Azure Blog / Windows (Client) / Windows (Server) Security Bulletin Project Zero Blog / Need to know Security Bulletin Apple Support Security Advisory Blog Knowledge Base / Knowledge Base (Server) Vulnerability Alert Security Bulletin Security Notice Security Advisory
  • 17. Spectre & Meltdown Patches, Updates, Notices & Advisories Where can I find official information or security advisories of involved/affected companies? Cisco F5 Mozilla Red Hat Debian Ubuntu SUSE Fedora Qubes Fortinet NetApp LLVM CERT MITRE VMWare Citrix Xen Security Advisory Security Advisory Security Blog Vulnerability Response / Performance Impacts Security Tracker Knowledge Base Vulnerability Response Kernel update Announcement Advisory Advisory Spectre (Variant #2) Patch / Review builtin_load_no_speculate / Review llvm.nospeculateload Vulnerability Note CVE-2017-5715 / CVE-2017-5753 / CVE-2017-5754 Security Advisory / Blog Security Bulletin / Security Bulletin (XenServer) Security Advisory (XSA-254) / FAQ
  • 18. Spectre & Meltdown What should you do? • Get with your hardware and software vendors to see which patches and/or updates are recommended. • Some application and OS patches are creating problems for users once they reboot. • Suggest a thorough backup of all files that the user doesn’t want to lose before installing patches • For cloud services, check with your provided to see if they run the affected chips that make them vulnerable • Check your contract and SLA for data sanitization and backup • Leakage less of a risk for dedicated cloud services • More of a risk for shared services • Most Mobile device manufacturers have developed patches as well • Ensure you back up your device and files before applying any updates
  • 19. Most Common Questions & Answers can be attained from the Official Site https://meltdownattack.com/ There is additional technical information about Meltdown and Spectre on the official website. They have posted an academic paper and a blog post about Meltdown, and an academic paper about Spectre. There is also a link to the Google Project Zero blog about both attacks.
  • 21. Resources • Spectre & Meltdown official website • https://meltdownattack.com/ • Meltdown and Spectre exploit critical vulnerabilities in modern processors • http://www.techi.es/meltdown-and-spectre-exploit-critical-vulnerabilities-in-modern-processors/ • Spectre Attack Paper • https://spectreattack.com/spectre.pdf • Meltdown Attack Paper • https://meltdownattack.com/meltdown.pdf • Microsoft puts update fixing Meltdown, Spectre flaws on hold as some AMD PCs become unbootable • https://www.digit.in/security-software/microsoft-update-fixing-meltdown-spectre-flaws-put-on-hold-as-some- amd-pcs-become-unbootable-39053.html
  • 22. • https://www.clever-cloud.com/blog/img/medias/spectre-meltdown.jpg • https://i2.wp.com/chromeunboxed.com/wp-content/uploads/2018/01/spectreMeltdownChromebooks.jpeg?fit=1200%2C606&ssl=1 • https://betanews.com/wp-content/uploads/2018/01/intel-processor.jpg • https://www.blogcdn.com/www.engadget.com/media/2008/07/7-25-08-nvidia_geforce_9m_9600m_gt.jpg • https://www.ginjfo.com/wp-content/uploads/2015/04/LinuxKernel_01-620x330.jpg • https://upload.wikimedia.org/wikipedia/commons/d/de/Ic-photo-AMD--AMD-K6-166ALR-(K6-CPU).jpg • https://techviral.net/wp-content/uploads/2018/01/Here-Is-The-List-Of-Intel-CPUs-Affected-By-Spectre-Meltdown.png • https://www.servethehome.com/wp-content/uploads/2018/01/FreeBSD.jpg • http://editorial.designtaxi.com/editorial-images/news-ShieldSpectreMeltdownFlaws080118/1-Apple-Google-Microsoft-Spectre-Meltdown-Flaws-Gadgets.jpg • https://biztechmagazine.com/sites/default/files/articles/BizTech/201801/Spectre_Meltdown_3c.jpg • https://i-cdn.phonearena.com/images/article/101314-image/Apple-says-iOS-is-vulnerable-to-Meltdown-and-Spectre-issues.jpg • http://www.techi.es/wp-content/uploads/2017/06/Data-breach-public-site-image-2-678x390.jpg • http://resellermalaysia.my/wp-content/uploads/2018/01/CPU-Meltdown-Spectre-e1515481679130-702x336.png Images Credit