On the Spectre and Meltdown Processor Security Vulnerabilities

This paper first reviews the Spectre and Meltdown processor security vulnerabilities that were revealed during January–October 2018 and that allow the extraction of protected information from billions of processors in large and small systems. It then discusses short-term mitigation actions and speculates on the longer term implications to computer software and hardware. This paper expands from a keynote/panel by the authors at IEEE Hot Chips 2018.

[1]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[2]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[3]  David A. Patterson,et al.  Computer Architecture: A Quantitative Approach , 1969 .

[4]  Frank Piessens,et al.  A Systematic Evaluation of Transient Execution Attacks and Defenses , 2018, USENIX Security Symposium.

[5]  Akhilesh Kumar,et al.  Cascade Lake: Next Generation Intel Xeon Scalable Processor , 2019, IEEE Micro.

[6]  Ruby B. Lee,et al.  Covert and Side Channels Due to Processor Architecture , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[7]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.