Explaining Meltdown and Spectre
Explaining Meltdown and SpectreHave you noticed your computer running slower than usual over the past two months, particularly after Windows updates? A big reason for that performance loss are the patches intended to guard against two separate but related hardware security vulnerabilities. Known as “Meltdown” and “Spectre,” they were found in June 2017 and publicly revealed in early January 2018. These vulnerabilities affect nearly all computer processors made in the last two decades.
Background Information
The central processing unit, also known as CPU or processor, executes the instructions of the operating system and all computer programs. These instructions are stored in a protected area of the computer’s random access memory (RAM). However, reading these instructions from the RAM actually takes a long time from the CPU’s perspective because processors function much faster than RAM. Modern CPUs use several techniques to get around this limitation, thus boosting performance.
One is to have their own onboard memory, called the CPU cache, that is much faster to access than the RAM. After the CPU reads instructions from the RAM, they are saved in the CPU cache temporarily.
The second technique is called speculative execution, which is when the CPU predicts which direction the program is going in and runs those instructions while it waits on a longer task like reading from RAM.
The Attacks
Meltdown works by first telling the CPU to read sections of the RAM that are normally inaccessible. The CPU will send out a privilege check to see whether the attacking program is allowed to access that data. However, due to speculative execution, the CPU will then load any valid data into the CPU cache while waiting for the privilege check to finish. Once the check finishes, the CPU will deny the request and move on, but leave the data in the cache.
The attacker will repeat this process several times for different sections of RAM, and then they will go over the same sections a second time. When the CPU goes through these the second time, it will read the values in the CPU cache much faster, because they were just saved there for future use.
Therefore, the attacker can repeat this method and read the entire protected RAM area, known as kernel memory. Spectre works almost the same way, but only reads the memory used by a single application.
Mitigation
Microsoft, Intel, and AMD have been deploying updates over the past two months to protect users against these attacks. Internet browsers were particularly affected by Spectre, so Google Chrome and Mozilla Firefox have been rolling out updates as well.
These updates prevent attacks such as this, but in doing so degrade the performance of CPUs, especially older models.
More information about Meltdown and Spectre can be found at this website by Graz University of Technology, which helped discover both vulnerabilities: https://meltdownattack.com/
(Image Source: iCLIPART)