Meltdown and Spectre: A Tear at the Foundation of Computer Security – CF042
This week on Cyber Frontiers we jump into full coverage of the 6-day old public disclosures of the meltdown and spectre vulnerabilities. With some issues mitigated, the news is a gravitational force that has dominated cybersecurity early into 2018 and could continue to engage industry for years to come. We discuss the short and long term security implications and performance debacles, and provide technical and non-technical explanations for the two classes of vulnerabilities disclosed. We review the mitigations users can start employing now, and discuss impacts for the average guy and the enterprise.
Cyber Frontiers is all about Exploring Cyber security, Big Data, and the Technologies Shaping the Future! Christian Johnson will bring fresh and relevant topics to the show based on the current work he does.
Support the Average Guy: https://www.patreon.com/theaverageguy
You can contact us via email at firstname.lastname@example.org
Full show notes and video at http://theAverageGuy.tv/cf042
Tags: Podcast, Cyber Frontiers, Cybersecurity, Spectre, Meltdown, Computer Security, Intel, AMD, ARM, CPU
- Technical Paper: https://meltdownattack.com/meltdown.pdf
- Out-of-order execution creates a side channel vulnerability. Modern CPUs execute instructions out of order and these instructions may not actually be needed to return the real result of what a program is computing.
- These transient or temporary results may be written to the CPU in registers or to the cache. Flush+Reload targets lines to be moved out of the CPU into main memory for access as the side channel.
- Out-of-order execution itself is not a flaw, it’s a CPU feature. Other execution units can run ahead of the current running program counter if the resources are available to support parallel computing.
- Restricted meaning in meltdown paper: refers to an instruction sequence following a branch, and executing that operation before the results of all prior instructions have been returned. (Programs operate linearly, think of the parallelism jumping ahead on a work line to do other work ahead of time).
- Technical Paper: https://spectreattack.com/spectre.pdf
- Takes advantage of processors using branch prediction. Branch prediction tries to guess the destination of memory addresses in use to attempt to jump ahead and execute.
- Attack involves making program perform operations speculatively that never occur during proper program execution, and leak data via a side channel.
- From the Spectre Paper: “Specter attacks trick the processor into speculatively executing instruction sequences that should not have executed during correct program execution.”
- Exploiting conditional branches in a loop is one of the easy to understand techniques for this attack (see Exploiting Conditional Branches on pg. 2)
- The read that is cached is not properly reverted when the processor realizes that the speculative execution was erroneous.
Differences Between Meltdown and Spectre:
- Spectre limited to process memory, meltdown accesses kernel memory space from user space.
- Meltdown fully mitigatable in the operating system with a patch, spectre is not. There is no real “fix” for spectre, its indicative of the way we’ve run processors for years (branch prediction).
- They both require the use of the CPU cache as a side channel for reading out serialized values into memory space that the attacker leverages.
Things you should do today:
- Make sure you received the latest out-of-band security updates for Windows update.
- Make sure you have installed the latest linux kernel from your package manager (likely yum or apt-get).
- Make sure you are on iOS 11.2.2 and macOS 10.13.2 and with the Safari fix to mitigate Meltdown and Specter.
- For desktop or server owners, check with your manufacturer for BIOS updates that have been released to provide mitigations for spectre.
For those in the Windows Server Community:
Some non-technical explanations:
Contact Christian: email@example.com
Contact the show at firstname.lastname@example.org