meltdown

Moritz Lipp,Michael Schwarz,Daniel Gruss

memory 内存 边信道 内核

• Introduction
• Background
• A Toy Example
• Building Blocks of the Attack
• Meltdown
• Evaluation
• Countermeasures
• Discussion
• Conclusion

In this paper, we presented Meltdown, a novel software based side-channel attack exploiting out-of-order execution on modern processors to read arbitrary kernel- and physical-memory locations from an unprivileged user space program. Without requiring any software vulnerability and independent of the operating system, Meltdown enables an adversary to read sensitive data of other processes or virtual machines in the cloud with up to 503KB/s, affecting millions of devices. We showed that the countermeasure KAISER [8], originally proposed to protect from side-channel attacks against KASLR, inadvertently impedes Meltdown as well. We stress that KAISER needs to be deployed on every operating system as a short-term workaround, until Meltdown is fixed in hardware, to prevent large-scale exploitation of Meltdown.