Specter and Meltdown are the two flaws within the Intel, AMD and ARM processors that have been talked about in recent days and that affect any device that has these processing systems. Both are vulnerabilities that have been detected and that take advantage of a design flaw in processors, allowing access to a restricted area of memory.
But today we come to talk about Specter, most processors, speculative execution that arises from a prediction failure can leave observable side effects that can reveal private information to an attacker. For example, if the pattern of memory accesses made by the aforementioned speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to obtain information about the private data. employing a timed attack.
Rather than a single, easy to fix vulnerability, the Specter document describes an entire class of potential vulnerabilities. All of those vulnerabilities are based on exploiting the side effects of speculative execution, a commonly used technique to combat memory latency and speed up thus the execution on modern microprocessors.
In particular, Specter focuses on jump prediction, a special case of speculative execution. Unlike the Meltdown vulnerability released on the same date, Specter does not rely on a particular memory management feature of a particular processor or how it protects access to that memory, but rather has a more general approach.
Specter is understood to have four essential stages of attack:
▸First things first, this shows that the logic of predicting leaps from current processors can be trained to hit or miss their predictions according to the internal workings of a malicious program.
▸Subsequent differences between cache hits and misses can be reliably measured, such that what should simply be a difference between something working or not becomes a covert channel revealing information about the inner workings of a alien process.
▸The document synthesizes the results obtained with return-oriented programming tricks and other principles using a simple example program and a JavaScript code snippet running in a web browser with process isolation.
▸Finally, the paper concludes by generalizing the attack to any non-functional state of the victimized process, and briefly discusses even non-functional effects that are easily overlooked, such as latency in memory bus arbitration.
Check also:
Most powerful processors we can find
What are the functions of the PC Processor?
[…] Other reads:Malware based on GPU, a possible future problemSpecter – Which problems this vulnerability causes […]