Spectre & Meltdown Vulnerabilities

Intel, AMD, Qualcomm, and ARM architecture are all affected. The Spectre family of attacks is documented under CVE-2017-5753 and CVE-2017-5715. Intel is the primary component to Meltdown. Yet, all operating systems built on Intel technologies are potentially a victim. Intel has been producing their defective, yet needed, processors into the market since 2010.

Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary. Side channel attacks like this focus on exploiting the execution technique by high speed processors to leak information. When a high speed processor processes information, it guesses at the instructions that might come next in order to have it ready. The Spectre microarchitectural attack tricks the processor into guessing and executing instructions that should not have occurred during correct computation.  The unexpected execution of code is the attacker’s way of having the processor leaks data to the attacker. The attacker monitors a partition of the cache level in memory. When multiple programs access the same hardware, the microarcheticual state changes the cache in memory. This in turn, allows the attacker to read the binary data stored in memory. Through probing techniques, the attacker can learn which cache level to read.  Attacks can be created using native code or JavaScript.

Meltdown exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords. The attack is independent of the operating system and software. Meltdown breaks all the rules of computer security address space, consequently every security mechanism built upon its technology. Operating systems security ensures users and applications are prevented from reading and writing to areas which are not allowed. This is a cornerstone to IT infrastructure user and network management. However, it is violated with Meltdown. Isolation of the kernel memory and users is known by a bit of the processor that defines what can be accessed. Memory is isolated by using virtual memory spaces translated into physical memory, except in Windows 10 which uses page pooling and system cache. Memory isolation allows for the operating system to map the kernel to the address space for every process since CPUS do not use linear instruction streams. However, Meltdown allows overcoming the restrictions by using the user’s credentials. It tailors itself to the user’s software environment. Meltdown runs an out-of-order execution of processes to retrieve the data from memory. This out-of-order or transient processing is when the processor is looking ahead to guess as to what the next step should be. Privileged memory of a side channel can be read and dumped in out-of-order execution stream. Meltdown is the execution of transient instructions and transfer of the microarchitechural state.