![]() ![]() ![]() Think of it as knocking on a box to see if it’s hollow. ![]() And because CPU cache memory can be accessed more quickly than regular memory, the process can attempt to access certain memory locations to find out if the data there has been cached - it still won’t be able to access the data, but if the data has been cached, its attempt to read it will be rejected much more quickly than it otherwise would. The problem arises because the protected data is stored in CPU cache even if the process never receives permission to access it. The process isn’t allowed to see them until it passes the privilege check, and if it doesn’t pass the check, the data is discarded. In theory this is still secure, because the results of that speculative execution are also protected at the hardware level. So - and this is the key to the vulnerability we’re discussing - while the CPU is waiting to find out if the process is allowed to access that data, thanks to speculative execution, it starts working with that data even before it receives permission to do so. In order to access data, a process needs to undergo a privilege check, which determines whether or not it’s allowed to see that data.īut a privilege check can take a (relatively) long time. This allows a program to keep some of its data private from some of its users, and allows the operating system to prevent one program from seeing data belonging to another. In essence, no process on a computer should be able to access data unless it has permission to do so. Protected memory is one of the foundational concepts underlying computer security. Or, in another variation, if a chip learns that a program makes use of the same function frequently, it might use idle time to compute that function even when it hasn’t been asked to, just so it has what it thinks the answer will be on hand. Once it knows whether A is true or false, it already has a head start on what comes after, which speeds up processing overall. For instance, if the program says, “If A is true, compute function X if A is false, compute function Y”, the chip can start computing both functions X and Y in parallel, before it even knows whether A is true or false. If the chip knows that a program involves multiple logical branches, it will start working out the math for all of those branches before the program even has to decide between them. Speculative execution essentially involves a chip attempting to predict the future in order to work faster. Technically, there are three variations on the vulnerability, each given its own CVE number two of those variants are grouped together as Spectre and the third is dubbed Meltdown.Īll of the variants of this underlying vulnerability involve a malicious program gaining access to data that it shouldn’t have the right to see, and do so by exploiting two important techniques used to speed up computer chips, called speculative execution and caching. ![]() Security researchers discovered the flaws late in 2017 and publicized them in early 2018. Spectre and Meltdown are the names given to different variants of the same fundamental underlying vulnerability that affects nearly every computer chip manufactured in the last 20 years and could, if exploited, allow attackers to get access to data previously considered completely protected. There is as of yet no evidence that these flaws have been exploited in the wild, but such exploits would be difficult to detect, and the flaws are so fundamental and widespread that security researchers are calling them catastrophic. The flaws arise from features built into chips that help them run faster, and while software patches are available, they may have impacts on system performance. In the first days of 2018, published research revealed that nearly every computer chip manufactured in the last 20 years contains fundamental security flaws, with specific variations on those flaws being dubbed Spectre and Meltdown. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |