PWL #41: Spectre and Meltdown

• What we'll do

George Reilly presents Meltdown and Spectre

https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

On January 3rd, we learned about Meltdown and Spectre, serious flaws in computer hardware that lead to side-channel attacks against privileged memory through flaws in speculative execution.

“Meltdown exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords. Out-of-order execution is an indispensable performance feature and present in a wide range of modern processors. The attack is independent of the operating system, and it does not rely on any software vulnerabilities. Meltdown breaks all security assumptions given by address space isolation as well as paravirtualized environments and, thus, every security mechanism building upon this foundation.”

“Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary.”

• Important to know

Big ups to Microsoft for hosting this month!

As a chapter of Papers We Love we abide by and enforce the PWL Code of Conduct (https://github.com/papers-we-love/seattle/blob/master/code-of-conduct.md) at our events. Please give it a read, plan on acting like an adult, and involve one of the organizers if you need help.

Stop slacking and join us in the #seattle channel at https://papersweloveslack.herokuapp.com!