Understanding Meltdown and Spectre Attacks: An Overview

Slide Note
Embed
Share

Delve into the world of cybersecurity with a detailed exploration of the Meltdown and Spectre attacks, their implications, and innovative techniques like using CPU cache for memory retention. Discover how out-of-order execution and security room setups play crucial roles in safeguarding sensitive information.

por_alt
por_alt Follow

Uploaded on Sep 24, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Meltdown & Spectre Attacks

  2. Overview An analogy CPU cache and use it as side channel Meltdown attack Spectre attack

  3. Microsoft Interview Question

  4. Stealing A Secret Secret: 7 Guard with Memory Eraser Restricted Room

  5. CPU Cache

  6. From Lights to CPU Cache Question You just learned a secret number 7, and you want to keep it. However, your memory will be erased and whatever you do will be rolled back (except the CPU cache). How do you recall the secret after your memory about this secret number is erased?

  7. Using CPU Cache to Remember Secret

  8. The FLUSH+RELOAD Technique Secret S FLUSH: Flush the CPU Cache RELOAD: Check which one is in the cache Access memory location at S

  9. FLUSH+RELOAD: The FLUSH Step Flush the CPU Cache

  10. FLUSH+RELOAD: The RELOAD Step

  11. The Meltdown Attack

  12. The Security Room and Guard

  13. Staying Alive: Exception Handling in C

  14. Out-Of-Order Execution

  15. Out-of-Order Execution How do I prove that the out-of-order execution has happened?

  16. Out-of-Order Execution Experiment Evidence of out-of-order execution

  17. Meltdown Attack: A Nave Approach

  18. Improvement: Get Secret Cached Why does this help?

  19. Improve the Attack Using Assembly Code Execution Results

  20. Improve the Attack Using Statistic Approach

  21. Countermeasures Fundamental problem is in the CPU hardware Expensive to fix Develop workaround in operating system KASLR (Kernel Address Space Layout Randomization) Does not map any kernel memory in the user space, except for some parts required by the x86 architecture (e.g., interrupt handlers) User-level programs cannot directly use kernel memory addresses, as such addresses cannot be resolved

  22. The Spectre Attack

  23. Will It Be Executed? Will Line 3 be executed if x > size ?

  24. Out-Of-Order Execution

  25. Lets Find a Proof size is 10 FLUSH Flush the CPU Cache RELOAD Training Train CPU to go to the true branch Invoke victim(97) Check which one is in the cache Evidence Not always working though

  26. Target of the Attack This protection pattern is widely used in software sandbox (such as those implemented inside browsers)

  27. The Spectre Attack spectreAttack(int larger_x)

  28. Attack Result Why is 0 in the cache?

  29. Spectre Variant and Mitigation Since it was discovered in 2017, several Spectre variants have been found Affecting Intel, ARM, and ARM The problem is in hardware Unlike Meltdown, there is no easy software workaround

  30. Summary Stealing secrets using side channels Meltdown attack Spectre attack A form of race condition vulnerability Vulnerabilities are inside hardware AMD, Intel, and ARM are affected

Related


Understanding Spectre and Meltdown Security Vulnerabilities

Understanding Spectre and Meltdown Security Vulnerabilities

mcsherry_k
Types Cyber Attacks: Cyber Security Training Workshop

Types Cyber Attacks: Cyber Security Training Workshop

anara
Understanding Network Denial of Service (DoS) Attacks

Understanding Network Denial of Service (DoS) Attacks

zahra
Managing Covid-19 Cyber and Data Protection Risks

Managing Covid-19 Cyber and Data Protection Risks

kaisen
Automated Signature Extraction for High Volume Attacks in Cybersecurity

Automated Signature Extraction for High Volume Attacks in Cybersecurity

klos_k
Understanding Denial-of-Service Attacks and Defense Strategies

Understanding Denial-of-Service Attacks and Defense Strategies

delphi
Preventing Active Timing Attacks in Low-Latency Anonymous Communication

Preventing Active Timing Attacks in Low-Latency Anonymous Communication

kmike
Strategies to Protect School Systems from Cyber Attacks

Strategies to Protect School Systems from Cyber Attacks

alins
Mitigation of DMA-based Rowhammer Attacks on ARM

Mitigation of DMA-based Rowhammer Attacks on ARM

baylee
Understanding Malicious Attacks, Threats, and Vulnerabilities in IT Security

Understanding Malicious Attacks, Threats, and Vulnerabilities in IT Security

ciel
Understanding Control Hijacking Attacks in Software Systems

Understanding Control Hijacking Attacks in Software Systems

kit_631
Adversarial Machine Learning

Adversarial Machine Learning

caterina
Cybersecurity Challenges: Attacks on Web Applications and Cost of Security Breaches

Cybersecurity Challenges: Attacks on Web Applications and Cost of Security Breaches

hari
Principles of Cyber Security

Principles of Cyber Security

gillian
History of Software Supply Chain Attacks: A Comprehensive Overview

History of Software Supply Chain Attacks: A Comprehensive Overview

younglove_l
Understanding Data Security and Privacy: An Overview of k-Anonymity, l-Diversity, t-Closeness, and Reconstruction Attacks

Understanding Data Security and Privacy: An Overview of k-Anonymity, l-Diversity, t-Closeness, and Reconstruction Attacks

strozier_k
Understanding Adversarial Machine Learning Attacks

Understanding Adversarial Machine Learning Attacks

sand_379
Understanding Phishing Attacks: Risks, Prevention, and Awareness

Understanding Phishing Attacks: Risks, Prevention, and Awareness

lenny
Understanding Control Hijacking Attacks and Defenses

Understanding Control Hijacking Attacks and Defenses

dawn_o
Understanding Low-Intensity DoS Attacks on BGP Infrastructure

Understanding Low-Intensity DoS Attacks on BGP Infrastructure

serg_6
Understanding Buffer Overflow Attacks at Carnegie Mellon

Understanding Buffer Overflow Attacks at Carnegie Mellon

siofra
Understanding BGP and DNS Worms in Network Security

Understanding BGP and DNS Worms in Network Security

euey175
Understanding Heap Overflow Attacks

Understanding Heap Overflow Attacks

naya_822
Understanding Adversarial Attacks in Machine Learning

Understanding Adversarial Attacks in Machine Learning

yese_788

More Related Content

Security Issues in Parallel and Distributed Computing - Side Channel Attacks and Defenses
Security Issues in Parallel and Distributed Computing - Side Channel Attacks and Defenses
Attacks on Fully Random 64QAM Sounding Signal in IEEE 802.11-20/0964r0
Attacks on Fully Random 64QAM Sounding Signal in IEEE 802.11-20/0964r0
Adversarial Machine Learning in Cybersecurity: Challenges and Defenses
Adversarial Machine Learning in Cybersecurity: Challenges and Defenses
Effective Method to Protect Web Servers Against Breach Attacks
Effective Method to Protect Web Servers Against Breach Attacks
Defending Against Cache-Based Side-Channel Attacks
Defending Against Cache-Based Side-Channel Attacks
Role of AI in Threat Detection and Zero-day Attacks
Role of AI in Threat Detection and Zero-day Attacks
Active Response Mechanism for IaaS Cloud Security
Active Response Mechanism for IaaS Cloud Security
International Conference on Jungian Studies - Spectre of the Other in Cape Town
International Conference on Jungian Studies - Spectre of the Other in Cape Town
Latest Updates and Features in GNAT Pro
Latest Updates and Features in GNAT Pro
Rainbow Signatures Overview and New Attacks
Rainbow Signatures Overview and New Attacks
Overview of Cyber Operations and Security Threats
Overview of Cyber Operations and Security Threats
Location Privacy Protection Strategies: A Comprehensive Overview
Location Privacy Protection Strategies: A Comprehensive Overview
Stack Based Attacks in Linux (an intro)
Stack Based Attacks in Linux (an intro)
An Overview of Evading Anomaly Detection using Variance Injection Attacks on PCA
An Overview of Evading Anomaly Detection using Variance Injection Attacks on PCA
Understanding Asthma: Symptoms, Triggers, and Management in Schools
Understanding Asthma: Symptoms, Triggers, and Management in Schools
DoS Detection for IoT Networks Using Machine Learning: Study Overview
DoS Detection for IoT Networks Using Machine Learning: Study Overview
Understanding Network Security: Hijacking, Denial of Service, and IDS
Understanding Network Security: Hijacking, Denial of Service, and IDS
Understanding Sensor-Based Mobile Web Fingerprinting and Attacks
Understanding Sensor-Based Mobile Web Fingerprinting and Attacks
Understanding Privilege Escalation in Windows and Linux Systems
Understanding Privilege Escalation in Windows and Linux Systems
Supporting Students with Anxiety Attacks: Strategies and Symptoms
Supporting Students with Anxiety Attacks: Strategies and Symptoms
Understanding TLS/SSL: Security, Attacks, and TLS 1.3
Understanding TLS/SSL: Security, Attacks, and TLS 1.3
Understanding Man-in-the-Middle Attacks and Network Security Threats
Understanding Man-in-the-Middle Attacks and Network Security Threats
Exploring Adversarial Machine Learning in Cybersecurity
Exploring Adversarial Machine Learning in Cybersecurity
Understanding ReDoS Attacks in Web Applications
Understanding ReDoS Attacks in Web Applications