Reader Explanation: Specter, Meltdown Vulnerabilities, and Speculative Execution

On January 3rd, it went public through the Project Zero (from Google) the set of vulnerabilities known today as Specter and Meltdown. This Google team, since 2010, is responsible for uncovering vulnerabilities not yet exploited in software produced not just by the company, but by any other manufacturer aiming at the security of everyone on the Internet in general.

They have as modus operandi first disclose the vulnerabilities so that it can correct the problem, and only then disclose to the public, thereby preventing such vulnerabilities from being exploited by crackers.

As many still do not quite understand what these vulnerabilities represent and how they work, I was invited by to explain the matter and remedy these doubts once and for all.

The set of vulnerabilities disclosed in the last month represents what is being called speculative execution, which I explain below. But first, let's get a summary of what each vulnerability represents.

O Specter (or “Phantom”) breaks application isolation and allows an attack in which an attacker creates a spectrum and impersonates an application illegally, receiving information that is usually hidden between applications but in that case is totally susceptible to an attack. external.

J o Meltdown (in a literal translation, “Meltdown”) has this name in analogy to the fact that it melts the fundamental divide between user application and operating system, making the target vulnerable and having the memory and information content of the user. operating system exposed to an attack.

Specter and MeltdownThe logos created by the initiative Meltdown Attackwhich discloses information about these vulnerabilities

The combination of these vulnerabilities allows a speculative execution attack. It is a feature that anticipates the user's most usual actions for performance gain, and thus correcting these failures results in the (variable) performance loss of the affected processors.

Speculative execution would basically be as if a person were, for example, every day Starbucks and ordering a cappuccino. The processor learns this, and every time a person enters Starbucks, the chip would recognize the person and start making cappuccino before they even ordered it, thus streamlining the process as a whole.

Now let's imagine that 20% of the time the person doesn't ask for cappuccino. Alright, they throw the cappuccino away and place the other order normally. This operation is obviously not going to be as fast as the usual cappuccino, but having the speculative execution turns out to be worth it the other 80% of the time you have asked for the cappuccino.

And the exploited fault is just that. This speculative execution attack gives the attacker access to the user's usage profile on behavior in 80% of cases. This, of course, is information that helps a malicious man mount an attack and, of course, is a very strong breach of confidentiality.

This is obviously an informal explanation of what such vulnerabilities are all about. All major manufacturers have already released patches of security and Intel intends later this year to launch new chips that are no longer affected by them.