![]() An earlier example of side-channel exploitation based upon memory caches was posted to GitHub in 2016 by one Meltdown-Spectre researcher Daniel Gruss.ĭespite these details, as of this writing no known exploits have yet been seen in the wild. Sample code for two of the three variants was posted by the Graz University (in an appendix of the Spectre paper). Erik Bosman has also tweeted that he has built an exploit, though this code is not yet public. ![]() There is already considerable activity in the security research community on these techniques. ![]() īecause these techniques can be applied (with variation) to most modern operating systems (Windows, Linux, Android, iOS, MacOS, FreeBSD, etc.), you may ask, “How dangerous are these?” “What steps should an organization take?” and “How about individuals?” The following risk analysis is based upon what McAfee currently understands about Meltdown and Spectre. More information about the techniques is available on the site. The retaining of invalid execution data is one of the properties of modern CPUs upon which Meltdown and Spectre depend. The fact that invalid speculations are tossed is a key attribute exploited by Meltdown and Spectre.ĭespite the clearing of invalid speculative execution results without affecting memory or CPU registers, data from the execution may be retained in the processor caches. Invalid speculative executions are thrown away. There is no loss of computing time if the condition arrives at a new value because the processor must in any event wait for the value’s computation. ![]() The conditional value is cached for reuse in case that particular branch is taken again. That guess is typically based upon the last step of the same branch’s previous execution. This speculatively executed branch proceeds by employing a guess of the value of the condition upon which the branch must depend. In essence, when a branch in execution depends upon a runtime condition, modern processors make a “guess” to potentially save time. Branch speculation is built on the Tomasulo algorithm. Speculative execution has been a feature of processors for at least a decade. The current disclosures build upon such side-channel attacks through the innovative use of speculative execution. Meltdown and Spectre are new techniques that build upon previous work, such as “KASLR” and other papers that discuss practical side-channel attacks. For more on McAfee product compatibility, see this business Knowledge Center article and this Consumer Support article. McAfee ATR did not want to add to any confusion until we could provide our customers and the general public solid technical analysis.Ī fully comprehensive writeup comes from Google Project Zero in this informative technical blog, which allowed ATR to validate our conclusions. The speculation has been based upon published changes to the Linux kernel. There has been considerable speculation in the press and on social media about the impact of these two new techniques, including which processors and operating systems are affected. In this article, McAfee ATR offers a simple and concise overview of these issues, to separate fact from fiction, and to provide insight into McAfee’s capabilities and approach to detection and prevention. ![]() The McAfee Advanced Threat Research (ATR) Team has closely followed the attack techniques that have been named Meltdown and Spectre throughout the lead-up to their announcement on January 3. Guest written by: Raj Samani, McAfee’s Chief Scientist Raj Samani, McAfee’s Chief Scientist. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |