Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Computer Architecture > Lecture 8 - Hardware Security > Flashcards

Lecture 8 - Hardware Security Flashcards

(7 cards)

Start Studying
1
Q

Introduction

A
  • In early 2018, two significant hardware security bugs, Meltdown and Spectre, were reported.
  • These bugs affect almost all modern CPUs and are considered a major hardware security issue.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Meltdown (Overview)

A
  • Meltdown breaks down the barrier between kernel space and user space in memory.
  • It allows arbitrary memory locations to be read from user space, making passwords, encryption keys, and DRM systems vulnerable.
  • It exploits out-of-order execution behavior in modern processors.
  • Meltdown leverages cache side-channel attacks, specifically Flush+Reload, to determine the values in instructions after an exception.
  • The attack involves loading the content of an inaccessible memory location into a register, accessing a cache line based on the secret content, and using Flush+Reload to determine the accessed cache line.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Meltdown (Mechanics)

A
  • Out-of-order execution: Instructions are processed but not committed by the Reorder Buffer (ROB) if a branch is incorrectly predicted.
  • These uncommitted instructions can have microarchitectural effects, such as filling and emptying cache lines.
  • Flush+Reload is used to determine if the cache was loaded, revealing values in instructions after an exception.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Steps of Meltdown Attack

A
  1. Load the content of an inaccessible memory location into a register.
  2. A transient instruction accesses a cache line based on the secret content of the register.
  3. The attacker uses Flush+Reload to determine the accessed cache line and hence the secret.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Spectre

A
  • Similar to Meltdown but does not deal with the boundary between protected and non-protected memory.
  • It has no good mitigation.
  • It involves three stages: Setup, Speculative Execution, and Read.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Stages of Spectre Attack

A
  1. Setup: Prime the branch predictor to mispredict.
  2. Speculative Execution: Execute transient instructions speculatively.
  3. Read: Read the results using a side-channel attack.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Spectre Mechanics

A
  • The attacker controls conditional branch misprediction.
  • The branch predictor is trained to expect a branch to be not taken.
  • Speculative execution occurs, and pointer calculation and access happen.
  • The cache is still affected even when the processor state is unwound.
  • Flush+Reload is used to measure the location in array2 that was loaded into the cache.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Computer Architecture (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions