Hardware Flashcards
(14 cards)
What are the basic hardware protections for security?
Protected OS and memory protection are essential. Write protection ensures integrity and availability; read protection supports confidentiality.
What is the Rowhammer attack?
Repeatedly accessing adjacent memory rows can cause bit flips in DRAM, violating memory isolation. This has been used to escape sandboxes like Google’s NaCl.
What is the Spectre vulnerability?
Spectre abuses speculative execution to access restricted memory by manipulating branch predictors and measuring cache timing side effects.
What is Meltdown and how does it differ from Spectre?
Meltdown exploits out-of-order execution to read kernel memory from user space, while Spectre abuses speculative execution and timing side channels.
What makes speculative execution attacks dangerous in browsers?
JavaScript can indirectly trigger speculation and use large arrays or timers (e.g., via web workers) to leak memory content through side channels.
What is Retbleed?
A variant of Spectre that targets return instructions in CPUs. Mitigations exist but add significant performance overhead (up to 39%).
What is Pointer Authentication and what weakness was discovered?
Introduced by ARM, it adds cryptographic signatures to pointers. PACMAN showed speculative execution could guess these codes and bypass protections.
Why is hardware hard to turn off completely?
Modern devices retain functionality like transit card support even when ‘off’. Malware can persist or be injected during these low-power states.
What is the Pantsdown vulnerability?
A flaw in BMC hardware allowed unauthorized memory access and firmware reflashing. Fixes require patching both host and BMC firmware.
What are Hardware Security Modules (HSMs)?
Dedicated secure devices used to generate, store, and protect cryptographic keys. Used in passports, games, banking, and smart meters.
What is a Trusted Platform Module (TPM)?
A secure chip that stores keys, ensures platform integrity, and supports remote attestation. TPM 2.0 is required for Windows 11.
What is a Secure Enclave (e.g., Intel SGX, ARM TrustZone)?
A trusted execution environment within the processor that isolates sensitive data and code, resistant to external attacks but not speculative or voltage-based attacks.
What are common MFA hardware factors?
They include something you know (password), something you have (token), and something you are (biometrics), but biometrics and SIM-based methods have notable weaknesses.
What are USB or app-based hardware authenticators?
These are physical tokens or mobile apps like Microsoft Authenticator that provide second-factor authentication. They’re secure but depend on implementation quality.
