logo

Meltdown: Basics, Details, Consequences

Conference:  BlackHat USA 2018

2018-08-09

Summary

Meltdown is a CPU vulnerability that breaks memory isolation and allows any program to access system memory, including secrets of other programs and the operating system. The talk discusses the basics, details, consequences, and countermeasures of Meltdown.
  • Meltdown breaks memory isolation and allows any program to access system memory
  • The talk discusses the basics of microarchitectural side effects and out-of-order execution on modern processors
  • The talk presents a behind-the-scenes timeline of the research on Meltdown and how it allowed reading arbitrary kernel-memory locations including personal data and passwords
  • The talk shows how Meltdown is mitigated in software using the KAISER defense mechanism
  • The talk discusses the situation around the patches, Meltdown variants, yet undisclosed attacks, and further proposed mitigations
  • The talk concludes with the need to find a trade-off between security and performance for new designs
  • A proof of concept implementation of Meltdown is published on GitHub
The talk presents a live demo of a series of Meltdown attacks, including attacks on a modern smartphone with an ARM processor. The demo shows how to read privileged data or sensitive user input and also shows novel exploits leveraging Meltdown.

Abstract

The security of computer systems fundamentally relies on the principle of confidentiality. Confidentiality is typically provided through memory isolation, e.g., kernel address ranges are marked as non-accessible and are protected from user access.In this talk, we present Meltdown. Meltdown breaks the most fundamental isolation between user applications and the operating system. We show how any program can access system memory, including secrets of other programs and the operating system. To make the attack accessible, we briefly introduce basics on microarchitectural side effects and out-of-order execution on modern processors.With a behind-the-scenes timeline of our research, we show when and how the combination of these components allowed us to read arbitrary kernel-memory locations including personal data and passwords. We will also discuss how different vendors, i.e., Intel, AMD, and ARM, are affected by the issue and how they responded to these issues.In a live demo, we show a series of Meltdown attacks, including attacks on a modern smartphone with an ARM processor. Our demo does not only show how to read privileged data or sensitive user input, but also shows novel exploits leveraging Meltdown. We then show how Meltdown is mitigated in software, using our KAISER defense mechanism, which was implemented under different names in all major operating systems.The last part of our talk will focus on the developments after the disclosure of Meltdown. We will discuss the situation around the patches, Meltdown variants that were presented after the disclosure (e.g. MeltdownPrime), yet undisclosed attacks, including combinations of Meltdown and Spectre and their application in JavaScript, and further proposed mitigations.We conclude with high level perspectives we as a community and industry should draw to be prepared for the next Meltdown.

Materials:

Tags: