Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. Spectre breaks the isolation between different applications. Luckily, there are software patches against Meltdown. This applies both to personal computers as well as cloud infrastructure. If your computer has a vulnerable processor and runs an unpatched operating system, it is not safe to work with sensitive information without the chance of leaking the information. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system. Meltdown breaks the most fundamental isolation between user applications and the operating system. It seems that over a hundred instructions can be in various stages of speculative execution, so relatively complex probing code is possible. Then the "false" result causes an undo of all the changes - except for the cache state.Īlternatively, the Branch Target Buffer can be misled so that there will be a ghost execution of code that will access something of interest that should be inaccessible and again the results are suppressed but side effects remain. type statement, then specially-chosen data such that the test result will be false, but, the usual result having been true, the ghost execution will proceed to access some location of interest and modify a memory location on the basis of its value. Spectre however relies on misleading the branch-prediction in the microcode via presenting multiple innocuous usages to a IF. A forbidden memory access causes a "trap", but, before the trap is triggered, speculative advance execution of further code has changed a cache state (because an actual memory access was made by the ghost) which survives the cancellation of the other effects of the ghost execution. This "melts" the barrier keeping the contents of the kernel inaccessible so that the runtime values may be read at a hundred KB a second, with low error. The latter in section 1.4 compares Spectre with Meltdown. The papers on Meltdown (Moritz Lapp, et al) and Spectre (Paul Kocher et al) would be improved by proofreading. Meltdown) using bounds check bypass (i.e. 2-in-1) proof of concept in just 99 lines of code: Here is my Linux Spectre-Based Meltdown (i.e. The key difference between Spectre and Meltdown is that due to Spectre you can read or trick other processes to leak memory on the same privilege level, using Meltdown you can read memory you have no privileges to access. Why Meltdown is dangerous? Kernel stores encryption keys, passwords or even physical pages of other processes, which due to Meltdown potentially could be read from any user process in the system. For example, user process is able to read kernel memory due to Meltdown. This opens a possibility to read memory you have no privilege to access to. Meltdown is a hardware issue on some processors (Intels, some ARMs, some IBM POWERs), which read memory and check privileges in parallel. Potentially, there might be some passwords, credit card numbers and other sensitive information. So, why can't we just read any byte in current process, without any Spectre? Why Spectre is dangerous? There are variety of languages which create sandboxes (JavaScript) or virtual machines (Java) to isolate local machine from potentially dangerous code you downloaded from Internet.ĭue to Spectre, there is no such isolation anymore, so JavaScript downloaded from a website can read any data within browser. It works on a variety of processors, including mobile phones, tables, etc. Spectre uses branch misprediction and cache side effects to read any byte in current process virtual memory. What are the key differences between recently discovered hardware vulnerabilities Meltdown and Spectre? Spectre
0 Comments
Leave a Reply. |