[Semi Thesis Review for me] Meltdown: reading Kernel Memory from User Space -(2)

[3. A Toy Example]

Image from this thesis paper.
  • We can leverage a microarchitectural side-channel attack such as Flush+Reload, Prime+Probes, Evict+Reload, Flush+Flush. → Flush+Reload is the most accurate known cache side channel and is simple to implement, they do not consider any other side channel for this example.
Image from this thesis paper.

→ → Even instructions which are never actually executed, change the microarchitectural state of the CPU.

→ → not to read a value but to leak an inaccessible secret.

[4. Building Blocks of the Attack]

Image from this thesis paper.

[4.1 Executing Transient Instructions]

Transient instructions introduce an exploitable side channel if their operation depends on a secret value.

  • attacker targets a secret at a user-inaccessible address.
  • Accessing user-inaccessible pages(Kernel pages) triggers an exception.

prevent exception: 1. exception handling, 2. exception supppression.

1. Exception handling:

  • The CPU executes the transient instruction sequence in the child process before crashing. The parent process can then recover the secret by observing the microarchitectural state, e.g., through a side-channel.
  • Or, install a signal handler that is executed when a certain exception occurs, e.g., a segmentation fault.

2. Exception suppression:

[4.2 Building a Covert Channel]




DGIST, undergraduate student, searchien@dgist.ac.kr

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Why Should You Move From Dropbox to Google Drive?

This is Why You Should Use Snowflake for Security Analytics

Ian Robinson’s Weekly Digest — 16th May 2021

10 Tips for How to Keep Your Personal and Company Data Safe from Breaches

EncroChat Secure chat service. Can your chat be hacked?

Is your Data Science team increasing your cyber exposure?

How To Use ShibaSwap With Trust Wallet

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


DGIST, undergraduate student, searchien@dgist.ac.kr

More from Medium

Things I Haven’t Heard about Israel — Part 1

50+ simple and effective ways to reduce your carbon footprint in 2022

What actions have you taken to reduce your household carbon footprint?| Feature image by Mika Baumeister on Unsplash

10 Major Values of Virtual Assistants

The death of the pro/con list