As a result, they often execute instructions in parallel or before executing preceding instructions. As its name suggests, this feature allows them to execute instructions in a non-sequential manner, i.e. Out-of-order execution: Modern processors can improve their performance by using a technique called “out-of-order execution”. Furthermore, all major operating systems map the entire physical memory, into the kernel address space (Figure 1: Virtual address space, and physical adress space).įigure 1: Virtual address space, and physical address space (figure from the Meltdown paper) Each virtual address space is divided into the user space, which can be accessed by a normal process, and the kernel space, which should only be accessed by the operating system. Each process is contained within its own virtual address space. Modern processors support virtual address spaces per process. User/kernel address space: A fundamental security principle of modern processors and operating systems is process isolation. It sheds some light on terms mentioned frequently in various articles covering the topic. The following part provides the basics required to understand the main concepts behind the vulnerabilities. To fully understand the vulnerabilities, a strong knowledge of modern processor and operating system architecture is required. All end-users and system operators are advised to follow the guidelines provided by the operating system and software vendors to mitigate these vulnerabilities. Hence, until new hardware can be deployed, operating system and software vendors have been working on software based solutions and workarounds, and many of them have already provided patches. Despite the fact that software solutions might not address these vulnerabilities (or future variations thereof) completely, they are the only way to go for the time being. These vulnerabilities require a solution also at the hardware level, but hardware updates might not be practical measures. Given the fact that the affected processors are ubiquitous, one can easily imagine the far-reaching consequences of these vulnerabilities especially in multi-layered cloud environments. Exploiting these vulnerabilities may permit the attacker to gain access to secret or privileged data processed by a system, such as credentials and secret keys stored on a system’s memory or on multi-tenant environments with shared virtualized infrastructure such as cloud platforms. From a high-level perspective, the vulnerabilities affect the fundamental principles of isolation between user applications and the operating system, and between different applications respectively. These vulnerabilities have been publicly disclosed in early January 2018 and were entitled Meltdown and Spectre. These vulnerabilities affect any computing device that uses these processors such as, personal computers, cloud systems, mobile devices and consequently most of the operating systems available. Security research from the industry and academia alike, have independently reported on a series of critical vulnerabilities found in various types of processors including chips from Intel, AMD, ARM, and ARM based processors used by Apple, Samsung, and Qualcomm.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |