Introduction to computer security and its importance
Computer security is a major concern for every organisation and most importantly to safe guard the data stored on the system from any loss. It is important to secure the information from data loss or inception of viruses or malware in the system. Security completely deals with securing the data stored on the network from any unauthorized loss. Every organisation is dependent on computer for performing certain tasks thus it is important that updated technology is used (Kocher, et. al, 2018). Everyone relies on the data stored on the computer thus it is important to keep the information secure and preventing data from any loss. Keeping the information confidential, integrated and available is the vital part of an organization. Computer security cannot be left unnoticed as there are various threats and viruses appearing at every instant. It is essential to safeguard the information from hackers as they are trying to steal the sensitive data packets stored on the network (Trippel, Lustig and Martonosi, 2018). There are various ways in which person can steal the information or can access the hard drive even if the computer is not open or plugged in. Then the information is misused which leads to loss of confidentiality of the data packets. It may also damage the components of computer, thus for providing complete protection to data it is necessary to protect the computer hardware as well as various components. For protecting system various strategies are available, disk lock is one of them. Disk locks are available in various sizes which provide protection of CPU components. Network security is also important as the flow of data occurs over the network (Watson, et. al, 2018). Network need to be secured as there are various threats on the network that allow third party to read and modify the data silently. Overall computer security deals with securing the system as well as network from all malicious activities. Additionally hardware components, operating system and off shell programs need to be protected. In this report we would be focusing on two major flaws that affect every chip on the computer. Spectre and meltdown are vulnerabilities that contain malicious programs and give access to unauthorized users to access the sensitive data. These flaws lead to leakage of data packets and break all security boundaries that are enforced in the systems hardware to get the access to steal the data (Thurnher, 2018).
Overview of Spectre and Meltdown vulnerabilities
These security bugs are found on the CPU chip. Central processing unit is the brain of the computer and all the functions on the computer are performed due to CPU. These two flaws work on kernel to steal the data of the computer and are very dangerous to be handled. They access any application running on the computer and steal the data from the application; the data could be any sensitive information like credit card information or any confidential information. Thus it is important to fix theses bugs. It is often a misconception that the application running on the system is not linked to each other, user think that operating system and software’s are isolated from each other. But the fact is not true, it was researched that the software’s running on the system leave the footprints on the processor. Thus the modern processors usually store all the recently accessed data (Boothby, 2015). Thus modern processor leaks the information and gives the software access to an unauthorized user. It is important to eliminate the granularity of access from the software by removing the footprints; this will help in securing the system.
Spectre exploits speculative applications and branch predication that leads to loss of data from cache lines of the processor. Spectre doesn’t read memory from kernel or any physical memory but reads the memory from the current process running on the system. Modern processor executes the instructions in a parallel manner but sometimes these instructions are never executed (Etzler, 2014). Snapshots are taken by CPU of these instructions so that if execution is not executed it could be rolled back. Morden processor makes use of branch predication and speculation execution of instruction to improve the performance of the system. Spectre attack includes the victim of a process that will not occur during the execution of correct code. Due to this reason leakage of data take place via side channels. Side channel is the main reason due to which attackers are getting access to read the information in an unauthorized manner by destroying the confidentiality of the system. Increasing the speed of the system is achieved by executing the instruction in a speculative manner by guessing the direction of control flow (Hill and Lynn, 2010). Spectre attack occurs due to outbreak of JavaScript on the system or by attacking the native code.
Spectre vulnerability does not permit an unauthorized user to access the privileged memory location. It allows the execution of the code in the victim procedure and allows reading of the data that is not allowed. Spectre is based on branch predication algorithm and deals with leaking the data packets out of the process without any acknowledgment. Spectre exploration is useful in many ways like it helps the hackers by leaking the private data from the browser and also by leaking the user space modules to promote remote execution of the code (Subashini and Kavitha, 2011).
Spectre – Exploitation and prevention
It open the gateway for any dangerous attacks like the JavaScript used for development of website uses Spectre for revealing the sensitive information. Most of the attacks take place at the hardware level which are difficult to be tracked. Patches used by Spectre alleviates the flaws by changing or removing the software code. Caching is the other reason for speculative execution as this process is an underlying feature of hardware which allows attacker to steal the data packets. These feature were basically designed to safeguard the system from these flaws but they make the system slow hence degrades the performance.
Meltdown is one of worst bug found in the CPU chip and is important to be resolved immediately. It permits the attacker to read the kernel as well as physical memory from any user process that is not unauthorized. It uses the concept of executing the instruction in an out of order fashion so that data could be leaked (Mollah, Azad and Vasilakos, 2017). Cache lines are also used for stealing the data. It takes the advantage of the fact that orders are not executed in a particular manner so that information could be easily leaked from the network channels. Meltdown is patched in Windows, Linux, Android and Mac. If the system is not patched properly attacker could read kernel memory from Window. Every system uses paged table for mapping the physical memory and the virtual memory. Modern processor maps kernel address with the user address. This is linked with the micro architectural attack as it focuses on destroying the order in which execution take place so that physical memory could be targeted (Simakov, et. al, 2018). It deals with accessing the kernel memory and reading the data from user space. The access to user space trap the system as the content is leaked through the cache lines. It is basically implemented as the executions of instruction happen in an out of order manner, which in turn increases the utilization factor of the processor. The processor queues all the instructions that are completed in the buffer and retrieve the instructions by reordering it whenever needed.
In a Meltdown process the attacker launch a process by creating a large array in the user space. This array in the user space reads the byte from the CPU memory by clearing all the collection in user space. The first step of Meltdown attack focuses on reading the kernel memory byte wise, but it causes an exception by leaking the content from the side channel before exception handler could do anything. The exception handler looks in the system for the malicious activities because the execution of the instruction is out of order. Once the attacker attacks the side channel it looks in the user space array to read the instructions before anyone else could read it (Sclofsky and Funk, K., 2017)
Meltdown – Exploitation and prevention
Central processing unit takes snapshot of these operations assuming if these instructions are not executed, and then the snapshots could be used. In the next step, Meltdown accesses the secret data by inhabiting the information in an array which is readable in user space memory. It is difficult to read the data in user space memory thus data is flushed back by resetting the snapshots taken by CPU. In the third step exceptions are triggered by exception handler as the instructions are not in a well-defined order (Anand, et.al, 2017). It is not possible to read the secret data from user space array as it get rolled back. The final step involves the iteration of unauthorized process of array elements. All the content of secret data is returned back to cache line. This permits the attack to happen without handling the exception of software.
Meltdown is helpful in several ways like it provides privilege escalation and Para virtualization of the data.
Privilege Escalation- Whenever attacker tries to execute a process on an unpatched system, all the physical memory of the system is destroyed. As the physical memory is dumped attacker uses this memory to identify all the sensitive data.
Para virtualization- Kernel address is targeted by the attacker which is shared between the host and the container of kernel memory (Simonton, 2017). Attacker uses this address to read the data from container which leads to hypervisor escape.
It is very difficult to detect these vulnerabilities because:
- These bugs generally occur at hardware level which are difficult to be detected and patched. Certain software’s are required to deal with the hardware issues. To resolve the origin of these flaws the judgment of modern processor need to be updated.
- These flaws are not visible and enter the system through the side channels. The information is leaked by capturing the physical implementation of the computer.
- It is expensive to remove these vulnerabilities by patches as it degrades the performance of the system.
Spectre and Meltdown have attacked every device like android, Mac or windows PCs thus it is important to protect the devices from these bugs. It is easy to fix the bug in android devices by simply updating the software (Rieck, 2017). These flaws attack windows PCs as they read all the data and information of the running applications. It is very hard to fix these bugs thus various measures taken are:
Installing Antivirus- There are various antiviruses that are not compatible for Spectre and Meltdown. Thus it is important to install an antivirus that is compatible with Spectre and Meltdown (Matsuda, Uemura and Canon 2017).
Mitigation- Hardware and software of the system need to be updated. As there are flaws which are not present at software level but are present at the CPU chip which is very difficult to be patched. Patching degrades the overall performance of the system thus the complete solution is mitigating the flaws (Matsuda, Uemura and Canon 2017).
Privilege Escalation and Para virtualization using Spectre and Meltdown
Firmware- It protects the system from spectre variants. Thus every system needs to have an updated firmware.
Updating the system-It is important to keep the operating system updated and checking the firmware updated so that PC is protected against these flaws. If the software is not updated some steps need to be taken manually by clicking on the start option then setting tab then update and security option and future clicking on windows update (Matsuda, Uemura and Canon 2017).
Vendor Links- Patches are available on the vendor links, thus patches are downloaded from these links to check the environmental conditions of the system and checking that each patch has been implemented properly.
These bugs occur in all type of operating system, various actions need to be taken to protect the operating system from Meltdown and Spectre:
Android- Some android devices are built in such a way that they fix the bugs by removing it. They can be removed by using antivirus on the system that eliminates the bugs from the system (Heires,2017). Bugs occur from any unknown sources but on Google phones the system is automatically updated before the patch attack. For non- Google device it need to wait till the patch occur.
Mac- This operating system is patched in such a way that it deals with spectre and meltdoen attack. Latest updates are available on App store supposing that these updates removes the flaws from the system It also make sure that performance of system are not affected by the patches.
IOS- Spectre is most commonly found in iPhones or iPad’s, therefore JavaScript used by the browser was patched and triggered to protect the system. Apart from that latest versions are already protected and need not to be patched (Heires,2017).
Linux- It is difficult to protect the system which as Linux operating system as first it is necessary to update the firmware. Apart from that motherboard of the system need to be checked to make sure that there are no bugs (Heires,2017).
Spectre and Meltdown are two bugs which impact the performance of the business. The risk of cyber-attacks has increased due to these bugs as it lets the sensitive data to be exploited by the side channels. It decreases the speed of the processor as the patches on the system degrade the overall performance. Large organisations have a heavy load on the network so poor performance cannot be accumulated. As performance of an organisation is directly related to the operating system and hardware of the system (Peng, Y., Zhao, H., Sun, X. and Sun, C., 2017). Thus to maintain the performance of the system and keep it safeguard from Meltdown and Spectre, certain measures are:
Ways to protect against Spectre and Meltdown
Updating- Devices need to be updated and patches need to be installed to deal with all kind of security bugs. Devices need to be updated on regular basics (Kim, et.al, 2015).
Keeping the information up-to-date- Spectre is dangerous bug as it cannot be resolved using patches whereas meltdown can be resolved by patches. Security team need to take care of new updates to secure the system (Page, Kaur and Waters, 2017).
Analysing- Security of a system is not only the key concern Securing the cloud of a business is also important as most the data is stored on the cloud. Attacker steals the data from any security chain thus analysing the security flaws and fixing it is essential.
Evaluation- The data packets are segregated according to its sensitivity. So that the sensitive data can be stored on the cloud as it reduces the chances of leakage of data.
Keeping the system safe from Meltdown and spectre attack could be done by patching the system. Other than that using the updated windows resolve the issue of patching the system. Patches need to be downloaded from third party users to keep the system secure and updated. Apart from just downloading the patches it is important to keep the backup of the data, if in case data is loss or system crashes data can be restored rom the backup (Dionne and Hassani, 2015).
In case of Spectre where patches don’t work it is important to keep the backup of data by installing the software updates automatically. The only solution for Spectre bug is keeping it updated. Other than that various browsers like Mozilla have provided with the solution for protecting the system from theses bugs. It is recommended that user uses anti malware software by keeping this software updated (Dionne and Hassani, 2015). Spectre uses JavaScript to inject the code on the website to perform malicious activities; the anti-malware installed in the system block the malicious code to attack the system. Various traditional approaches are used to protect the system from unauthorized access. These methods wrap the system by a protective layer that does not allow any know of flaw to penetrate in the system. Operator of the system assures that all the sensitive data is handled properly and no unauthorized users access the data packets (Ma, Wang and Zhao, 2014).
These are security bug that permits untrusted users to access the data without any permission. These flaws degrade the performance of an organisation as all the sensitive data like banking details or passwords are leaked. These affect the modern processors, computers, smartphones or tablets. As in today’s era everyone believes that there data is secured on the network and the confidentiality is maintained. But Spectre and Meltdown destroys the confidentiality of the network by allowing them to steal the information from the network by side channels or breaking the security barriers (Jolfaei, Wu, and Muthukkumarasamy, 2014). The flaws will increase in future thus it is important to improve the methods to in which operating system handles the flaws. These vulnerabilities have attacked the cloud system also.
Seeing from the core perceptive of security, these flaws affect the principal of isolation between the applications layer and operating system. By exploiting their isolation it allow the attacker to access the data stored on the system secretly. All the data stored on the cloud can be stolen due to these bugs. It affects the ubiquities of the processor and even the cloud environment. To control these flaws several problems are resolved especially at the hardware level. Computers need to be designed in a way that measures hardware updates automatically so that it doesn’t affect the software solutions of the system (Jolfaei, Wu, and Muthukkumarasamy, 2014). To fix these bugs permanently in futures, hardware’s are deployed in such a way that it deals with these flaws by not allowing them to penetrate in the system. Until the new hardware is deployed, temporary software based solutions are used for providing patches.
Conclusion
Meltdown breaks the most important isolation among user application and the operating system. It permits a code to access the memory and all the secret data of other programs. Thus it can be concluded that a computer has a susceptible computer and runs on an unpatched operating system it is not considered harmless to work. Whereas, Spectre breaks the isolation between different applications but allow an attacker to trick error free programs. Spectre is tougher to exploit than Meltdown but they are harder to mitigate. Solution for this problem is reliable and can be solved by method of Desktop channel. With the help of Desktop central one can protect the network against Meltdown and Spectre and defend the system from existing and future vulnerabilities. It patches Windows, Linux or Mac. system automatically for no future damage. Thus it is important to fix these bugs to maintain confidentiality of the data stored on the system.
References
Anand, K., Crampon, M., Meester, R., Rozner, J. and Chase, J., PREVOTY Inc, 2017. Systems and methods for sql type evaluation to detect evaluation flaws. U.S. Patent Application 15/268,503.
Boothby, B., 2015. Autonomous Attack—Opportunity or Spectre?. In Yearbook of International Humanitarian Law 2013(pp. 71-88). TMC Asser Press, The Hague.
Dionne, G. and Hassani, S.S., 2015. Endogenous hidden markov regimes in operational loss data: Application to the recent financial crisis. Cahier de recherche/Working Paper, 15, p.16.
Etzler, M., 2014. Ghostbuster: Cotton Mather’s Invocation of the History of the Specter in the Justification of the Salem Witch Trials. Preface: Mission of the JGMF About the Authors Ross Enochs. The Fetter, the Ring and the Oath: Binding Symbolism in Viking Mythology, p.42.
Han, Y., Chan, J., Alpcan, T. and Leckie, C., 2017. Using virtual machine allocation policies to defend against co-resident attacks in cloud computing. IEEE Transactions on Dependable and Secure Computing, 14(1), pp.95-108.
Heires, K., 2017. FLAWS IN THE DATA. Risk Management, 64(3), p.38.
Hill, D.W. and Lynn, J.T., Motorola Solutions Inc, 2010. Adaptive system and method for responding to computer network security attacks. U.S. Patent 6,088,804.
Jolfaei, A., Wu, X.W. and Muthukkumarasamy, V., 2014. Comments on the security of “Diffusion–substitution based gray image encryption” scheme. Digital signal processing, 32, pp.34-36.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
