![]() ![]() Spectre takes advantage of superscalar processors by manipulating their speculative branch predictions (guesses). Most modern CPUs are superscalar, such as the ones in modern desktops, laptops, and mobile devices. CPUs with this design are called superscalar processors. If the guess is correct, a major speedup is achieved. The paradigm, out-of-order execution, uses speculative execution to "guess" what operation should happen next, and do some of that work ahead of time. Spectre is similar to Meltdown, but instead of attacking proprietary behavior of a chip, it targets previously-unknown weakness of a fundamental CPU design paradigm. The video below, created by researchers who discovered it, shows a proof-of-concept Meltdown attack in action. It's called "Meltdown" because the informational barrier that protects privileged data is effectively dissolved by the attack. You cannot see the thing, but if you can see its shape and movement in the curtain, you can make an educated guess about what it is. The effect is similar to seeing someone moving something behind a curtain. This information improves the chance, or in some cases guarantees, that subsequent attacks will succeed. An attacker can monitor the processor's performance in a side-channel and discern important details about the data. Although privileged data is not delivered to the unprivileged user, the CPU operates differently based upon the specific data that was fetched. When Intel CPUs are asked to prefetch data, they read the data before checking the privileges of the user. Meltdown is a vulnerability specific to Intel CPUs. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |