Week 3 Reading Assignment: Understanding the Mirai Discussion Summary Questions Raised in the Paper: • How could an attacker mine the data available through Spectre attack? • Since the Spectre vulnerability is harder to exploit, it would be interesting to know if this attack has been successfully performed outside of a lab? • Is it possible that Spectre vulnerability is already being taken advantage of, and no one is aware? • What other security problems are embedded in our computers, that we don’t know of? • The released Meltdown and Spectre patches only address issues raised by researches. However, there is a higher probability that one can possibly devise another cache mechanism to trick CPU into reading memory map; as the mechanism is built into the physical memory space. What about those vulnerabilities?

Main Take-Aways: About the Attacks: • Meltdown and Spectre vulnerabilities are among the best discoveries in computer science if not the most important • Both vulnerabilities take advantage of a process called speculative execution, where the processor can execute some code in advance and out of order and cache the output, expecting to use that output for the next step in the process. • Using Kernel Page Table Isolation (KPTI) technique, which stops speculation execution by removing mapping kernel into a program when running user space, is one of the current known mitigation techniques to prevent Meltdown. • Noticeable difference between Meltdown and Spectre is the fact that Spectre does not use privilege escalation, thus making the Spectre vulnerability more sophisticated. • “I do not personally consider this a CPU design flaw like Meltdown per se. I consider this a fundamental revelation about how modern hardware and software work together” • Hardware mitigations are being currently developed, such as Indirect Branch Restricted Speculation, Single Thread Indirect Branch Predictors, and Indirect Branch Predictor Barrier.

More General Take- Aways: • It is good to see all the computer companies come together to address the issue and deployed mitigation. • Security is a broad topic, it is not bound by hardware or software boundaries, security risks can from any part of the entire chain. • The analyses of both vulnerabilities demonstrate the need to design security systems as a whole, and not to consider software or the hardware that it runs on in isolation. • What is most interesting about this discovery is the combination of skill-sets that found the flaw. A search of CVEs for hardware related speculative execution or caching related exploits show only one publicly released before Meltdown and Spectre. At the same time, software based side-channel attacks appear to be extensively researched and tested. • Meanwhile, detailed knowledge of processor architecture is used in performance optimization (such as in games and simulation, where engineers often deliberately exploit obscure cache or branch prediction behavior, and these groups are also often discovered processor bugs in the process. • Historically, hardware R&D has been rather secretive, leading to almost-non-existent hardware security research, but it will be interesting to see if this incident prompts greater scrutiny of hardware components. • Engineers and researchers likely spent years, if not decades, creating and refining processes in order to maximize functionality in a secure environment. • This type of exploit reaffirms the fact that security teams must be maintained both at the front end of the design and manufacturing process, as well as after implementation.

About the Paper – The Good: • The author started with some background that is required to understand the relation between the computer hardware and systems software. • This article did a great job of explaining both of the vulnerabilities, as I had not really understood what they entailed before reading this piece.

About the paper – the Bad: • In some instances the paper speculates about vulnerabilities without basing his view on research. One such instance was on page 11 where he concluded Meltdown was exclusively an Intel bug but actually the exploit affects processors from other vendors too.