conference logo

Playlist "Grazer Linuxtage 2019"

A Christmas Carol - The Spectres of the Past, Present, and Future

Claudio Canella, Daniel Gruss, Michael Schwarz and Moritz Lipp

With the beginning of last year, two major security vulnerabilities have been disclosed: Meltdown and Spectre. While mitigations in software and hardware have been rolled out right away, new variants have been continuously released in the following months. With all those confusing names, how can you possibly still have a clear overview of all those vulnerabilities (SpectreV1, SpectreV2, Meltdown, Spectre-NG, SpectreRSB, L1TF, Foreshadow, ...)? With this talk, we present a novel classification that will ease the naming complexity of the current jungle of variants. Along with all different attacks, we will give an overview of all proposed mitigations and show how an attacker still can mount an attack despite the presence of implemented countermeasures. Furthermore, we will present new variants of the Meltdown attack, exploiting different parts of the CPU.

At the beginning of last year, two major security vulnerabilities have been disclosed to the public.
Meltdown and Spectre exploit critical vulnerabilities in modern processors, allowing attackers to read arbitrary data currently processed on the computer without any permissions or privileges.
While mitigations in software and hardware have been proposed and rolled out right away, new variants of Spectre and Meltdown attacks have been published frequently in the following months.

Spectre v1? Spectre v2? Meltdown? Spectre-NG? SpectreRSB? L1TF? Foreshadow? - With all those names and variants, how can you possibly have still a clear overview of those vulnerabilities?
With all those operating systems, compiler, and microcode updates, is my system really protected?

In our talk, we present a novel classification of Spectre and Meltdown attacks and propose a new naming scheme to ease the naming complexity of the current jungle of variants.
Furthermore, we give an overview of all proposed mitigations and show that an attacker can still mount an attack despite the presence of implemented countermeasures.
Finally, we show new variants of the Meltdown attack, exploiting different parts of the CPU.