Scribd Logo
Upload

Welcome to Scribd!

  • Quiz 5 - M&S

    Uploaded by

    Nam Phuong Nguyen
    22 views2 pages
    Spectre and Meltdown are two security flaws that allow malicious actors to bypass system security protections on CPUs and access protected system memory on a wide range of devices, including PCs, servers, smartphones and IoT devices. They stem from performance-enhancing features in processors and can be used to obtain passwords and other sensitive data. While both pose dangers, Meltdown allows access to all data on a computer, while Spectre requires more knowledge but works across more devices. They threaten cloud providers the most due to lack of isolation between virtual servers, put corporate networks at risk of data exposure, and endanger individual users' passwords and personal information on personal devices and browsers.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Spectre and Meltdown are two security flaws that allow malicious actors to bypass system security protections on CPUs and access protected system memory on a wide range of devices, including PCs, servers, smartphones and IoT devices. They stem from performance-enhancing features in processors and can be used to obtain passwords and other sensitive data. While both pose dangers, Meltdown allows access to all data on a computer, while Spectre requires more knowledge but works across more devices. They threaten cloud providers the most due to lack of isolation between virtual servers, put corporate networks at risk of data exposure, and endanger individual users' passwords and personal information on personal devices and browsers.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    22 views2 pages

    Quiz 5 - M&S

    Uploaded by

    Nam Phuong Nguyen
    Spectre and Meltdown are two security flaws that allow malicious actors to bypass system security protections on CPUs and access protected system memory on a wide range of devices, including PCs, servers, smartphones and IoT devices. They stem from performance-enhancing features in processors and can be used to obtain passwords and other sensitive data. While both pose dangers, Meltdown allows access to all data on a computer, while Spectre requires more knowledge but works across more devices. They threaten cloud providers the most due to lack of isolation between virtual servers, put corporate networks at risk of data exposure, and endanger individual users' passwords and personal information on personal devices and browsers.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    Quiz 5

    Name: Nguyễn Lê Nam Phương


    ID: BAFNIU18108

    1. How dangerous are Spectre and Meltdown? Explain your


    answer.
    Spectre and Meltdown are two particularly hazardous security
    flaws that allow malicious actors to bypass system security
    protections in practically any contemporary device with a CPU,
    including not only PCs, servers, and smartphones, but also
    Internet of Things (IoT) devices like routers and smart TVs. The
    flaws stem from features integrated into the chips that aid in
    their speed. It is possible to read protected system memory using
    the duo, obtaining access to passwords and other sensitive data.
    Meltdown bypasses some privilege level checks enforced by
    hardware. An attacker can use Meltdown to acquire access to
    data from all over a computer that the program shouldn’t be able
    to see by abusing a program running on that computer.
    By exploiting the Spectre variants, an attacker can make a
    program reveal some of its own data that should have been kept
    secret. It requires more intimate knowledge of the victim
    program’s inner workings, and doesn’t allow access to other
    programs’ data, but will also work on just about any computer
    chip out there.
    Spectre and Meltdown are so dangerous because they both
    open up possibilities for dangerous attack. For example, Spectre
    might be used by JavaScript code on a website to deceive a web
    browser into disclosing user and password information. Meltdown
    might let attackers to see data belonging to other users and even
    virtual servers running on the same hardware, which may be
    terrible for cloud computing providers.
    The most important concern of Meltdown and Spectre is the
    fact that the flaws are fundamental to the hardware platforms
    running beneath the software we use every day. Even code that is
    formally secure as written turns out to be vulnerable, because the
    assumptions underlying the security processes built into the code
    — indeed, built into all of computer programming — have turned
    out to be false.

    2. Compare the threats of Spectre and Meltdown to cloud


    computing centers, corporate data centers, and individual
    computer and smartphone users.
     Cloud computing centers: Meltdown most seriously affects
    cloud providers, particularly if guests on the platform are not
    fully virtualized. Many hosting and cloud providers lack an
    abstraction layer for virtual memory which means Meltdown
    can circumvent the isolation between guests and thereby
    expose the data of all other guests on the same physical host.

    You might also like