Meltdown Attack

In the starting of 2018, it was found by the researchers that there are security vulnerabilities namely meltdown and spectre those can be used in wrong manner for the unauthorized access of the system by an intruder (Lipp et al. 2018). It was reported that the research was in progress for more than six months however, the news became public after a certain time span. It is being considered that until now none of the unauthorized user or any intruder had executed the meltdown attack for accessing the data or information from an unauthorized system. Another perspective for this type of threat is that flaws have been identified in the hardware and thus, it can only be mitigated through programming and certain software. For the execution of the spectre attack, high qualifications and knowledge is needed and even of after certain expertise, the individual executed the attack he or she would not be able to drag any information from the system. The patches being introduced to the users are similar to the patching of holes through glue and it might be able to block the lick but the hole is always there. The purpose of this report is to put emphasis on the newly identified flaws in the CPUs those can be utilize by an intruder for accessing the data or information saved in the system of another individual. This report also express about the various updates made available to the users by various operating systems available in the market.

Meltdown can be described as a strong attack that allows the intruder to access the physical memory through the application of unprivileged user program that is a building block as expressed in the following diagram:

Illustration of Attack Procedure: The two blocks explained above gets associated when the meltdown attack starts including the section 1 and 2 as expressed in the figure. The intruder manipulates the CPU for executing a “transient instruction sequence” that is further used for storing inaccessible secret value within the physical memory anywhere as explained in the above figure’s section 1 (Kocher et al. 2018). The transient instruction section installed within the physical memory behaves as convert channel’s transmitter as expressed in the above figure’s section 2. This attack is a sequence of steps that allows the intruder to dump kernel memory in more than one locations. There are three steps involved in the process as firstly, the memory location chose by the intruder, content is driven into the same memory that is not accessible to the intruder, and thus, it is loaded into the register.  Second step is that the intruder execute the transient instruction that allows the intruder to access a cache line that has been based on the register’s secret content (Watson et al. 2018). Third step consist of the method of executing Flush + Reload in manner to identify and recognize the cache line and thus it could be utilized to access the exact memory location. These steps keep executing continuously and thus, allows the intruder to access the data or information saved in the physical memory.

Spectre Attack

Through the continuous repetition of the steps in the meltdown attack as mentioned above, an intruder can easily dump the whole memory through iterating the entire different address. Since, the program terminates due to the exception raised by the kernel address the method expressed in the section 1 can be utilized in manner to suppress or handle the exception (Simakov et al. 2018). Comparing with other major operating systems, meltdown can be stated as an exception as most of the operating systems typically map the entire physical memory. Whereas, meltdown has an advanced capability of reading the completely physical memory of the system being targeted.

A victim is induced in the spectre attack in manner to speculatively execute the activities those would not be occurring at the programming phase and thus the user will be losing highly confidential information through the application of an adversary’s side channel. Most of the instances at the spectre attack; the attack is carried out through setup phase that is a phase that helps the intruder to induce the speculative execution (Perin 2018). For example, the attack execution on the targeted memory will be reading that will result the processor in manner to be evicting from the cache value, which is required for the determination of the address of the branching instruction. This phase can be easily carried out for the extraction of the information from the system through creating a side channel that will allow the access to the memory. This can be executed through performing the evict or flush portion of a evict + reload and flush + reload attack.

Thereafter, next phase is executed that consist of instructions of the processor speculatively execution that can be utilized for the transmission of the personal and sensitive information from the victim to the microarchitectural side channel and thus, the intruder can have the access to the data and information saved in the users system (Chen et al. 2018). This phase can also be executed through requesting the victim by the attacker in manner to perform the action for example (via socket, skycall, file and many more).

The final phase includes the recovery of the sensitive data and information saved in the storage of the user. Kocher et al. (2018, p.5) states that “for Spectre attacks using flush + reload or evict + reload, the recovery process consists of timing how long reads take from memory addresses in the cache lines being monitored. It is assumed in the spectre attack that the user or victim can execute the speculatively executed instructions from the storage that is being used and thus, it could be accessed normally without letting the trigger of exception or page fault (Genkin et al. 2018). An example can be stated as if the prevents in the processor instruction’s speculative execution within the user processes that is being accessed through kernel memory, even then the attack will not stop.

Countermeasures

Since the issue has been rooted with the hardware of the system as stated in the first step that virtual address is used by the intruder for referencing the main memory and thus, loading the data or information into the register from the main memory. Lip et al (2018) states “In parallel to translating a virtual address into a physical address, the CPU also checks the permission bits of the virtual address, i.e., whether this virtual address is user accessible or only accessible by the kernel.” The hardware vendors recommend the hardware based isolation as this isolation can be helpful in securing the memory as it accesses and evaluated the per mission bit of the program. Therefore, for every user process, entire kernel is mapped by the modern operating systems. KAISER is another option for the successful delivery of a system that can be utilized as a countermeasure for mitigating the side-channel attacks that will be helpful in protecting from Meltdown attacks (Reiser et al. 2018). Lipp et al (2018) recommended hardware and Kaiser Patch can be helpful in enhancing the security of the systems and their memory from meltdown attacks.

Hardware: It is important to consider that the software patch will always leave some room for the intruder to enter the system through meltdown attack and thus, access the entire physical memory. Thus, installing software patch only will not be a permanent solution for this attack and some IT researcher including US-CERT recommend to replace the entire chips is the only solution for the prevention of this attack, which is not possible in the real world (Pupillo 2018). Tech manufacturers however have introduced certain patches as described in the following table.

Microsoft Edge and Windows OS (7 / 8 /10)	KB4056892 has been introduced as the patch for such attacks in windows 10 update
iOS, Apple macOS, Safari Browser, and tvOS,	Apple launched  macOS 10.13.2,  iOS 11.2, and tvOS 11.2 as a patch for protecting the system form meltdown attack
Android OS	Android January security patch was made available by the Android that was ensured by Google itself that it is protected from meltdown attacks (Trippel, lustig and Martonosi 2018).
Firefox Web Browser	The patch made available by Firefox “Firefox version 57.0.4” was a certified measure for preventing such attacks and unauthorized access of the physical memory in the hand of an unauthorized user.
Google Chrome Web Browser	“chrome://flags/#enable-site-per-process” was the patch made available by the chrome
Linux Distributions	4.9.74, 4.14.11, 4.4.109, 3.18.91, 3.2.97, and 3.16.52 were the patches provided by the official website of kernel.
Citrix and VMware	Both introduced patches for its Workstation, ESXi, and Fusion products to protect them against the meltdown attacks.

Most realistic solution for these attacks would be to introducing a hard split of kernel space and user space (Vahldiek-Oberwagner et al. 2018). This patch or precaution can be activated optionally through new hard split bit by the modern kernels in the register of the CPU (CR4).

Most of the web browsers are continuously availing the patches with the update that can be helpful in protecting the systems from being breached by any intruder or unauthorized user. These patches will be blocking the program execution by the spectre attack by turning off the existing features who could have easily provided the access for the spectre attack (Fenton and Freedman 2018). Such as, Google Chrome asks their users to keep the option ‘site location’ as this will be limiting the rogue JavaScript program’s ability in manner to stop the access of the sensitive and personal information to an unauthorized user (Cap 2017). Microsoft informed the users that it has been already issued (MSFT, +0.25%) security patch for the edge browser and Internet explorer apps dubbed “KB4056890” in manner to protect the system form the spectre attacks. Similarly, Mozilla had released the update with patches on January 4 in its newest version 57.0.4 that will be blocking all the windows for the intruder to access the private files and information. The patches introduced to the world as stated in the above report had embedded protection coding from both the spectre and meltdown (Maisuradze and Rossow 2018). Those patches are successful I blocking the attackers executing spectre for the collection of personal and sensitive data or information from an unauthorized system. It has the same condition as that of the meltdown prevention section as the hardware fix cannot protect the system completely from these attacks and thus, the systems can be protected from such intrusion by an unwanted or unauthorized individual.

Hardware Patches

For the future CPUs, it can be predicted that there will be changes in the design emphasizing on the modification of the instruction sets and physical CPU. Considering the constant development in the technology, it can be predicted that CPU flaws such as Spectre and Meltdown or flaws that are far more advanced could be found (rose 2017). Future approach can be recommended as the availability of single ensure that can protect the system from both hardware and software flaws and thus, closing all the windows for the intruder to access the memory of the system. Many IT companies are contributing in the development of a program that can be embedded within the CPUs in manner to eliminate the flaws and ensure the security of the data or information stored in the system (Stowell, Meageher and Frazzano 2017). These future predictions are considering the elimination of these flaws as predicted by the Intel, future CPUs will be advanced and more secure than current CPUs through eliminating all the flaws and blocking the entire bypass for the intruder to enter the system. Patches are not a permanent solution for such flaws, as, with the passage of time, new flaws would be introduced to the world those are far much advanced and worse and who can easily access the memory of the different systems without having any authority.

The future designing of the CPU can be done considering the safest programs to protect it against the spectre attack through ensuring that the implemented program is capable of stopping the breach. The CPU in the future will be needing alternative implementations of the security front – of – mind and it can be powered up through computational performance (Graeger and Lindgern 2017). Cepulis has confirmed that processor cores, future Arm architectures and design will be developed concerning these security flaws and will be helpful in addressing all these security flaws. Intel, AMD, and Arm has been already working together in manner to exploit these security flaws and mitigate them to the extent through the implementation of much advanced and secured hardware and software. Currently, the investments are being made on the services and technology and very less attention is being provided to the security however, in future, it is being predicted that the investment on the security will be enhanced with very high proportion (Harris, Hill and Swift 2018). A researcher should always program or develop the technology considering the future flaws and issues that might be raised through the application of the technology. Lastly, it can be stated that with the advancement in technology, security issues will also become more advanced and so, the precautions will be taken for the elimination of these threats.  

Web Browser Patches

Conclusion

Based on the literature presented in the above report it can be concluded that both the identified flaws can be far more than dangerous as these flaws can allow an authorized user to access the entire data and information saved in the system. The various countermeasures of these flaws have also been presented in this report those could be applied to the systems in manner to restrict the unauthorized access to the systems. The future predictions related to these flaws and their measures have been stated in this report. The preventive measures expressed in this report can be helpful in restricting and drawing back the access from being hacked or breached by certain individual. The patches have been made available by every operating system assuming that software patches can eliminate the hardware flaws. However, it can be made clear that installing software patches can only restrict the unauthorized access but it cannot be a permanent solution for this identified flaw. A non-realistic approach has been presented as the debate in this report that states that replacing the chips can be a solution however, in the real life; it seems to be very inappropriate or not possible to replace the entire chips from each system. This report presents a thorough research on the aspects related to the meltdown and spectre. A future prediction states about the point of view and points of consideration for these flaws in future society and technological advancement.

References

Cap, P., 2017. Technological discourse: Threats in the cyberspace. In The Language of Fear (pp. 53-66). Palgrave Macmillan, London.

Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z. and Lai, T.H., 2018. SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution. arXiv preprint arXiv:1802.09085.

Fenton, N. and Freedman, D.D., 2017, October. Fake Democracy, Bad News. Merlin.

Genkin, D., Pachmanov, L., Tromer, E. and Yarom, Y., 2018. Drive-by Key-Extraction Cache Attacks from Portable Code.

Græger, N. and Lindgren, W.Y., 2017. The Duty of Care for Citizens Abroad: Security and Responsibility in the In Amenas and Fukushima Crises.

Haria, S., Hill, M.D. and Swift, M.M., 2018. Devirtualizing Memory in Heterogeneous Systems.

Kocher, P., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T., Schwarz, M. and Yarom, Y., 2018. Spectre Attacks: Exploiting Speculative Execution. arXiv preprint arXiv:1801.01203.

Lipp, M., Schwarz, M., Gruss, D., Prescher, T., Haas, W., Mangard, S., Kocher, P., Genkin, D., Yarom, Y. and Hamburg, M., 2018. Meltdown. arXiv preprint arXiv:1801.01207.

Maisuradze, G. and Rossow, C., 2018. Speculose: Analyzing the Security Implications of Speculative Execution in CPUs. arXiv preprint arXiv:1801.04084.

Perrin, B., 2018. We need more phishing sites on HTTPS!. Signal.

Pupillo, L., 2018. EU Cybersecurity and the Paradox of Progress. CEPS Policy Insights No 2018/06, February 2018.

Reiser, H.P., Taubmann, B., Köstler, J., Rakotondravony, N. and Sentanoe, S., 2018. Cloud computing.

Rose, A., 2017. Economic Resilience in Regional Science: Research Needs and Future Applications. In Regional Research Frontiers-Vol. 1 (pp. 245-264). Springer, Cham.

Simakov, N.A., Innus, M.D., Jones, M.D., White, J.P., Gallo, S.M., DeLeon, R.L. and Furlani, T.R., 2018. Effect of Meltdown and Spectre Patches on the Performance of HPC Applications. arXiv preprint arXiv:1801.04329.

Stowell, D.P., Meagher, E. and Frazzano, R., 2017. Investment Banking in 2008 (B): A Brave New World. Kellogg School of Management Cases, pp.1-17.

Trippel, C., Lustig, D. and Martonosi, M., 2018. MeltdownPrime and SpectrePrime: Automatically-Synthesized Attacks Exploiting Invalidation-Based Coherence Protocols. arXiv preprint arXiv:1802.03802.

Vahldiek-Oberwagner, A., Elnikety, E., Garg, D. and Druschel, P., 2018. ERIM: Secure and Efficient In-process Isolation with Memory Protection Keys. arXiv preprint arXiv:1801.06822.

Watson, R.N., Woodruff, J., Roe, M., Moore, S.W. and Neumann, P.G., 2018. Capability Hardware Enhanced RISC Instructions (CHERI): Notes on the Meltdown and Spectre Attacks (No. UCAM-CL-TR-916). University of Cambridge, Computer Laboratory.