aboutsummaryrefslogtreecommitdiff
path: root/en_GB/Introduction to Information Security
diff options
context:
space:
mode:
authorLeonard Kugis <leonard@kug.is>2020-03-09 19:32:17 +0100
committerLeonard Kugis <leonard@kug.is>2020-03-09 19:32:17 +0100
commitd3e6d4c05f20f6f02546f86c929bcd0fde98f988 (patch)
tree4375ceddc8c2ec3149ae35d0ef7f6fff3564011a /en_GB/Introduction to Information Security
parent93bcbc79afb52cfa189ef5ee86804d8bb19fb645 (diff)
IntroSec
Added Meltdown chapter.
Diffstat (limited to 'en_GB/Introduction to Information Security')
-rw-r--r--en_GB/Introduction to Information Security/introduction_to_information_security.md15
1 files changed, 15 insertions, 0 deletions
diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md
index 5df6055..4ae43fe 100644
--- a/en_GB/Introduction to Information Security/introduction_to_information_security.md
+++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md
@@ -720,3 +720,18 @@ Add *canary* to end of chunk, checksumming the chunks control data, signed with
1. On allocation, add calculate checksum over chunk control data and add canary.
2. On `free`, recalculate checksum. If they mismatch, throw error.
+
+### Meltdown
+
+Using CPU cache as side channel. Reading memory line, record time. Fill cache to forcefully remove that line from cache.
+Read again, if time is different than expected, line has been used and cached again.
+
+1. Let the transient instruction load the attacker chosen *memory location* he himself has no access to.
+2. Let another transient instruction access a cache line based on the content of that register.
+3. Flush+Reload determines which cache line was accessed, which reveals the value stored in the *memory location*.
+
+#### KAISER
+
+Mapping of *Kernel Address Space* to address space of every user process is used by meltdown.
+*KAISER* separates these. Without valid mapping, Meltdown is not possible.
+Introduction of shadow address space synchronized between multiple mappings.