How Meldown and Spectre affect the modern processors?


Meltdown and Spectre

Security remains a major concern for organizations. The recent vulnerabilities Meltdown and Spectre have put organizations at considerable risk. Meltdown and Spectre leak the confidential information stored on your devices. Modern processors and cloud are vulnerable to Meltdown and Spectre, which forces system architects to redesign the processors. Though these vulnerabilities have some common characteristics, they are distinct. Meltdown breaks the isolation between the user memory & kernel and allows to read the unprivileged data stored in the cache. On the contrary, Spectre breaks the isolation between the processes. It is essential to know how these vulnerabilities exploit your processors. Let’s see.

Demystifying the security breaches

Modern processors are designed to provide quick outputs using a technique, Speculative Execution. It stores all of your operational instructions (Inputs) in the cache memory to provide quick access. But these data are not secure, and hackers can easily steal these data.

Cache: The cache memory stores the copy of your instructions (inputs) to provide quick access to data. The instructions are the operations performed earlier.

For example, you visit a website for the first time. It takes time to load the logo, images on the page, etc. The next time you are visiting the same website, but it loads within seconds.  What happens is the browser cache stores the copy of the website logo and the images on the local computer and fetches the data quickly.

Speculative Execution: The name suggests that the results executed based on the guesswork.

For example, a user has visited a website which has multiple language options. But he customizes it with his preferred language, English. The user revisits the same website after a few days. Now the website displays in the English language, which means the website understands the preference of the user and displays according to it. This mechanism of providing faster results based on the user activities is Speculative Execution.

Side channel attack: It is more like a trial and error. The hackers will look for the secret value stored in the cache memory. It might be your password or other business-critical data.

Imagine, the password is HELLO.

The hacker types A, the system looks for the value in the cache. If not so, then it will check with the main memory which takes a lot of time.
The hacker types B, the system will undergo the same process and reject the value if it is not available in the cache.
Eventually the hacker types H, the value stored in the cache. Therefore, it takes minimum time.

The hacker will note the time difference. It becomes clear the value H is in the cache. This mechanism of stealing data is Side Channel Attack.

Building a robust defense

Stay safer by practicing the following methods
  • ·        Make sure your patches are up-to-date
  • ·        Turn on the chrome site isolation to protect your browser
  • ·        Install UEFI (Unified Extensible Firmware Interface) and BIOS (Basic Input/Output System) update manually from your PC manufacturer's website
  • ·        Use Microsoft’s Powershell script to check your system is protected or not

To know more about Microsoft Powershell Script, check this site: http://ow.ly/JhIc30iUuDq



Saravana kumar.  S
Assistant Program Manager - IMS
Fourth Dimension Technologies


CONVERSATION

14 comments:

  1. Thanks for sharing this post. I am very interested in patches. I would like to share my opinion on patches. Custom Embroidered Patches
    Producers of customized patches can create them in nearly any dimension, form or shade. Even irregular shapes moderately than the standard triangle, sq.

    ReplyDelete
  2. It is really a helpful blog to find some different source to add my knowledge. we provide cloud server hosting online at affordable prices. for more info visit our website.

    ReplyDelete
  3. The information in the post you posted here is useful because it contains some of the best information available. Thanks for sharing it. Keep up the good work microsoft 365 houston tx.

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. I'm facing a similar problem you mention in your blog on my Buy PhD Dissertation online platform for a students, would you please suggest how do I get rid of this virus and secure my data?

    ReplyDelete
  6. After a long time, I read a very beautiful and very important article that I enjoyed reading. I have found that this article has many important points. Thanks for share professional IT Support Company in Houston.

    ReplyDelete
  7. After a long time, I saw the most significant difference between "MELTDOWN AND SPECTRE" Modern processors I searched on This Differentiate More. But I have an online class in the morning, so if anyone can Take My Online Class for me, I searched on this topic to gain more knowledge and implement this.

    ReplyDelete
  8. Finance offers one of the highest-paying jobs in the world. It is also the reason why more and more students choose finance as their career option. The courses are so created that finance assignments typically do the assessments of students grasping the knowledge. To make it tough, the assignments are to be submitted in a timely manner. This makes the job tougher. Taking Finance Assignment Help will help you to overcome this problem.

    ReplyDelete
  9. This is an informative post and I find this information exciting and unique. I appreciate your efforts and impressed with your writing style. Yes, I know about this side channel attack in which a hacker try to steal your secrets data like passwords and other sensitive information.
    PhD Dissertation Writing Services

    ReplyDelete
  10. It is more like a trial and error. The hackers will look for the secret value stored in the cache memory so please use this assignment writing service uk.

    ReplyDelete
  11. HELLO, I REALLY LIKE TO VISIT THIS KIND OF POST, EVEN THOUGH THAT THIS IS MY FIRST TIME HERE BUT I REALLY LOVE IT!
    THANKS
    고스톱

    ReplyDelete
  12. FROM THE TONS OF POST THAT I READ, THIS SO NICE AND VERY DIFFERENT FROM OTHERS! SO USEFULL AND VERY NICE INFORMATION!
    THANKS FOR THIS TODAY! 스포츠토토

    ReplyDelete
  13. GOOD DAY EVERYONE, THANKS FOR THIS BEAUTIFUL ARTICLE AND SO MUCH REALLY GREAT INFO ABOUT THIS.
    성인웹툰

    ReplyDelete
  14. I REALLY JUST WANT TO READ THIS KIND OF POST BECAUSE THIS KIND POST IS VERY HELPFUL TO EVERYONE JUST LIKE ME.
    토토사이트

    ReplyDelete

Back
to top