Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Demystifying Meltdown & Spectre

288 vues

Publié le

Originally presented Friday, February 16th, 2018.

As a developer evangelist, you will often be called upon to speak at a variety of events from hackathons to meetups to company all-hands calls to large conferences.

An invaluable skill in the evangelist’s toolbox is the ability to quickly learn a technical topic and then teach/explain it to audiences of varying technical expertise.

Security researchers recently found and disclosed details about a chip flaw present in most modern CPUs.

Explain Meltdown and Spectre: what are they, how are they different, how do they work, and why are they scary?

You can choose any format you’d like: PowerPoint deck, rap lyrics, whiteboard coding, no slides whatsoever, it’s completely up to you.

A stellar presentation will address the widest possible audience: everyone from a non-technical salesperson or your grandmother to a senior engineering director or CTO.

Notes from slides can be found on my website: https://fvcproductions.com.

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Demystifying Meltdown & Spectre

  1. 1. applies to Intel processors takes advantage of privilege escalation flaw that allows memory access from user space private memory available to any user able to execute code on the system
  2. 2. applies to Intel, ARM and AMD processors tricks processors into executing instructions they should not have been able to grants access to sensitive information from cached memory
  3. 3. if (admin) { grantAccess(); } else { doNotGrantAccess(); }
  4. 4. • Impacts mostly Intel CPUs • Attacker can access all physical memory, including kernel memory which results in privilege escalation • Mitigated through patches but this can reduce performance for certain workloads • Impacts Intel, AMD and ARM CPUs • Uses speculative execution to trick other applications into accessing arbitrary locations in memory • Patched with so!ware updates but difficult to remediate and extremely pervasive
  5. 5. • Impact Intel chips • Take advantage of speculative execution • Remedies have bad side effects
  6. 6. Existing Remedies
  7. 7. Manually replace all computer chips by hand Go back in time and not buy this computer Accept my fate
  8. 8. Thank You!
  9. 9. • https://hackernoon.com/tech-evangelists-reveal-the-secrets-to-attracting-great-developers-75398a5be6d8 • https://speakerdeck.com/bestie/meltdown-and-spectre-in-10-mins • https://github.com/IAIK/meltdown • https://www.linkedin.com/pulse/meltdown-spectre-bugs-explained-what-you-can-do-chuck-r-fields/ • https://www.quora.com/How-did-Google-detect-the-vulnerability-in-Intel-chips-and-did-it-receive-anything-in-return-for-telling-Intel- about-what-they-had-found# • https://www.quora.com/Is-speculative-execution-a-fundamentally-flawed-processor-feature • https://www.quora.com/What-do-you-think-of-Linus-Torvalds-reaction-to-Intels-Meltdown-Spectre-fix-as-complete-and-utter-garbage • https://www.theverge.com/2018/1/6/16854668/meltdown-spectre-hack-explained-bank-heist-analogy • http://www.zdnet.com/article/spectre-and-meltdown-linux-creator-linus-torvalds-criticises-intels-garbage-patches/ • https://lkml.org/lkml/2018/1/21/192 • https://meltdownattack.com/ • https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html • https://www.engadget.com/2018/02/15/meltdownprime-spectreprime-research/ • https://www.quora.com/How-do-the-Meltdown-and-Spectre-attacks-work • https://blog.cloudflare.com/meltdown-spectre-non-technical/ • https://www.slideshare.net/Qualys/avoid-meltdown-from-the-spectre?qid=2feb2d24-0ead-48b4- b7f8-8a90c7dc439f&v=&b=&from_search=8