From d3e6d4c05f20f6f02546f86c929bcd0fde98f988 Mon Sep 17 00:00:00 2001 From: Leonard Kugis Date: Mon, 9 Mar 2020 19:32:17 +0100 Subject: IntroSec Added Meltdown chapter. --- .../introduction_to_information_security.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'en_GB/Introduction to Information Security') diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md index 5df6055..4ae43fe 100644 --- a/en_GB/Introduction to Information Security/introduction_to_information_security.md +++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md @@ -720,3 +720,18 @@ Add *canary* to end of chunk, checksumming the chunks control data, signed with 1. On allocation, add calculate checksum over chunk control data and add canary. 2. On `free`, recalculate checksum. If they mismatch, throw error. + +### Meltdown + +Using CPU cache as side channel. Reading memory line, record time. Fill cache to forcefully remove that line from cache. +Read again, if time is different than expected, line has been used and cached again. + +1. Let the transient instruction load the attacker chosen *memory location* he himself has no access to. +2. Let another transient instruction access a cache line based on the content of that register. +3. Flush+Reload determines which cache line was accessed, which reveals the value stored in the *memory location*. + +#### KAISER + +Mapping of *Kernel Address Space* to address space of every user process is used by meltdown. +*KAISER* separates these. Without valid mapping, Meltdown is not possible. +Introduction of shadow address space synchronized between multiple mappings. -- cgit v1.2.1