Meltdown and Spectre
This material was developed with funding from the
National Science Foundation under Grant # DUE 1601612
Click the magnifying glass to continue.
Meltdown and Spectre are two vulnerabilities discovered by Google security researchers that affect almost all CPUs released since 1995. The impacted CPUs are within desktops, laptops, servers, smartphones, smart devices, and cloud services. Attackers exploiting these vulnerabilities can read data from a computer's kernel memory (Meltdown), but also data handled by other apps (Spectre). Meltdown and Spectre vulnerability exploitations are referred to as side-channel attacks which results in leaked memory data. Large amounts of memory data can be compromised because the attacks can be run multiple times on a system with very little possibility of a crash or other error.
is a protected area of the main memory within the operating system.
Click the memory data to see what’s inside.
Affected technologies include web browsers, CPU chips, and operating systems. The memory data can include the most protected information stored in memory which includes passwords stored in a password manager or browser, emails, personal photos, instant messages and other sensitive documents.
is when code executes.
From a technical standpoint, when a branch in code execution depends upon a runtime condition, that is to say an overflow condition, unusual events, or an array out of bounds, modern processors make a “guess” in an attempt to save time. This speculatively executed branch progresses with a guess of the value of the condition upon which the branch must depend. That guess is typically based upon the last step of the same branch’s previous execution.
Click the question mark to continue.
The guessed value is cached for reuse in case that particular branch is taken again. There is no loss of computing time if the condition arrives at a new value because the processor must in any event wait for the value’s computation. Invalid speculative executions are thrown away but data from the execution may be retained in the processor caches. The retaining of invalid execution data is one of the properties of modern CPUs upon which Meltdown and Spectre depend.
is an emulation of a computer system that provides a substitute for a real machine.
Click the bug to continue.
Spectre is designed to foster attacks across application boundaries and thus allows an attacker to cross virtual machine boundaries. This vulnerability might allow an attacker to use a cloud virtual machine instance to attack other tenants of the cloud.
Both Meltdown and Spectre are exceptionally hard to detect because they do not leave forensic traces or halt program execution. This makes post-infection investigations and attack attribution much more complex.
Currently the best way to deal with Meltdown and Spectre is to deploy patches at the chip-level, the Operating System (OS) level and the application level to all affected devices and products.
Click the patch to continue.