11/19/2023 0 Comments Specter meltdown![]() Advertisementįurther Meltdown-style attacks discovered over the past year include an attempt to read a privileged system register from user code (which, again, generates an error because the access is forbidden but not before some speculation was allowed to occur) an attempt to use the processor's floating point unit when it is not presently enabled (which generates an error to say that there's no floating point unit available-operating systems trap this error and respond by enabling the floating point unit) and an attempt to write over read-only data. In both cases, the processor does correctly block the forbidden access it just takes a few cycles to do so, enabling speculative execution to run ahead of the permissions check. In L1TF, the access is forbidden because code from outside an SGX enclave is attempting to access data within an SGX enclave. In the original Meltdown attack, the access is forbidden because a user program is trying to access "supervisor" (which is to say, kernel) memory. These disturbances can be detected and used to read data that should be inaccessible. The processor notices that access was forbidden and rolls back the speculative execution, but the speculation has caused small disturbances to the processor cache. Speculatively, however, the processor is able to access the forbidden memory and perform speculative execution based on the values the memory holds. ![]() At a high level, both of these attacks work in a similar way: an attempt is made to access memory to which access is forbidden. Meltdown, in generalįurther Reading Intel’s SGX blown wide open by, you guessed it, a speculative execution attackĬonsider, for example, the Meltdown attack (used to leak kernel data to user-mode programs on most Intel and some ARM chips, including those from Apple) and the Level 1 Terminal Fault (L1TF) attack (used to break into an SGX enclave). ![]() The new research is more systematic, looking at the underlying mechanisms behind both Meltdown and Spectre and running through all the different ways the speculative execution can be misdirected. The previous investigations into these attacks have been a little ad hoc in nature: examining particular features of interest to provide, for example, a Spectre attack that can be performed remotely over a network or Meltdown-esque attack to break into SGX enclaves. That means further work is required to safeguard vulnerable systems. ![]() Some are mitigated by known mitigation techniques, but others are not. In tandem, a range of mitigation techniques has been created to enable at-risk software, operating systems, and hypervisor platforms to protect against these attacks.Ī research team-including many of the original researchers behind Meltdown, Spectre, and the related Foreshadow and BranchScope attacks-has published a new paper disclosing yet more attacks in the Spectre and Meltdown families. Since then, numerous variants of these attacks have been devised. The attacks were named Meltdown and Spectre. Further Reading “Meltdown” and “Spectre:” Every modern processor has unfixable security flawsīack at the start of the year, a set of attacks that leveraged the speculative execution capabilities of modern high-performance processors was revealed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |