This week’s powerpoint can be found here.
This week, we took a look at the relatively recent Spectre and Meltdown vulnerabilities, which affects nearly every Intel CPU since 1995 [source], as well as some AMD and ARM processors. Special thanks goes out to Professor Matt Triplett, who prepared the presentation for this meeting and taught us about how these vulnerabilities work.
- Google Project Zero blog post about both Spectre and Meltdown
- Proof of Concept from Project Zero, which shows how they tested out their claims about the vulnerabilities
- 5 minute explanation from Dave Bennett on Youtube
The heart of the Spectre vulnerability is based on the fact that most modern processors use speculative execution to optimize their operations. Speculative execution is when the processor guesses where the program will branch next, and executes those instructions before they are ever called. If it turns out that the guess made by the processor was incorrect, it will just discard the results of the instructions which it prematurely executed. Spectre exploits this optimization method to gain access to memory which it normally would be unable to access, potentially exposing critical information such as passwords. This exploit is not limited to Intel processors, and also affects AMD and ARM processors.
- “Spectre Attacks: Exploiting Speculative Execution” – publication about the Spectre vulnerability
In short, Meltdown works by sneaking around memory access privileges, enabling it to read basically any data on a computer. Meltdown is mainly a concern for Intel processors. If you want to read about the steps of the Meltdown exploit, Wikipedia provides a pretty good overview of the basic steps involved.
- “Meltdown” – Publication explaining the more technical details of the Meltdown vulnerability
- GitHub repo with Meltdown code
- Meltdown in action: reconstructing an image
- Meltdown in action: dumping memory
- SIG Algorithm Challenge
- We voted on the use of our SIG funds, and the majority ruled that we would prefer to use them to fund a challenge where a few members could win a prize rather than funding a SIG party.
- We began talking about how we could implement this SIG challenge, going over whether it would be team or individual based and how we can make it fair.
- Didn’t have time to get into other topics of discussion, such as future topics, meeting date and time, and SIG Applied Alg
“Don’t String Me Along!” – String Algorithms – (Manacher’s, Knuth-Morris-Pratt (KMP), Radix Trees)