Intro: malicious program to run on guest systems

Published by admin on

Intro:
      Meltdown and Spectre threats can be classified under technical hardware failures.They exploit critical vulnerabilities in modern processors.They can attack computers, mobile devices, and devices connected to the cloud. It compromises data integrity as it can access unauthorized information.

Meltdown
     Meltdown exploits the non-accessible area of kernel memory which is guarded against user access. The out of order execution arbitrarily reads restricted memory location including personal details and password.

Meltdown breaks all security assumptions given by address space isolation and every security mechanism building upon this foundation. On affected systems, Meltdown enables an adversary to read the memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually every user of a personal computer.2

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

Spectre
    It exploits the speculative execution resulting from a branch mis-prediction of microprocessors to read private information in the cache that may reveal data to the adversary.The resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack.

Spectre is more of a threat than the meltdown. Eg: A website can read browser data or data from another website. Spectre can also command malicious program to run on guest systems virtually. 

Impact
They affect  Intel x86 microprocessors and embedded devices using ARM-based processors including a wide range of networking equipment.

Defense against Meltdown and Spectre:
Mitigations include updates to both system software (Operating System (OS) patch) and firmware (BIOS, microcode updates). In some environments, this may include hypervisor patches, patches to virtualization software, browsers and JavaScript engines.1CPU design changes are wanted. Until then software patches are known to cause considerable performance issues. Keep rebooting the devices and stay up to date on new software and os releases are advised.

Categories: Data

x

Hi!
I'm Iren!

Would you like to get a custom essay? How about receiving a customized one?

Check it out