diff options
-rw-r--r-- | en_GB/Introduction to Information Security/introduction_to_information_security.md | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md index 5df6055..4ae43fe 100644 --- a/en_GB/Introduction to Information Security/introduction_to_information_security.md +++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md @@ -720,3 +720,18 @@ Add *canary* to end of chunk, checksumming the chunks control data, signed with 1. On allocation, add calculate checksum over chunk control data and add canary. 2. On `free`, recalculate checksum. If they mismatch, throw error. + +### Meltdown + +Using CPU cache as side channel. Reading memory line, record time. Fill cache to forcefully remove that line from cache. +Read again, if time is different than expected, line has been used and cached again. + +1. Let the transient instruction load the attacker chosen *memory location* he himself has no access to. +2. Let another transient instruction access a cache line based on the content of that register. +3. Flush+Reload determines which cache line was accessed, which reveals the value stored in the *memory location*. + +#### KAISER + +Mapping of *Kernel Address Space* to address space of every user process is used by meltdown. +*KAISER* separates these. Without valid mapping, Meltdown is not possible. +Introduction of shadow address space synchronized between multiple mappings. |