Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick

Size: px

Start display at page:

Download "Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment. Orin Jeff Melnick"

Lynn Malone
5 years ago
Views:

1 Spectre, Meltdown, and the Impact of Security Vulnerabilities on your IT Environment Orin Jeff Melnick

2 In this session Vulnerability types Spectre Meltdown Spectre Vs Meltdown Impact on IT Operations

3 Types of vulnerabilities Application vulnerabilities Application can be exploited Fixed by vendor update OS vulnerabilities OS & applications can be exploited Fixed by vendor update Hardware vulnerabilities May require OS fix May require firmware update to hardware May be unfixable

4 Spectre: What is it? Given the name because The root cause is speculative execution Isn t easy to fix Will haunt the industry for some time

5 Spectre: What is it? Class of vulnerabilities that impacts Intel, AMD, ARMbased and IBM processors CVE (Bounds check bypass, Spectre V1) CVE (Branch target injection, Spectre V2) Spectre NG CVE (Rogue system register read) CVE (Speculative store bypass) CVE (Lazy FP state restore)

6 Spectre: How it works Vulnerabilities are based on exploiting side effects of speculative execution Common method of hiding memory latency to speed up execution in modern processors Related to branch prediction, a special case of speculative execution

7 Spectre: How it works Tricks an application into accessing arbitrary locations in the program s memory space Allows attacker to read content of accessed memory and perhaps access sensitive data Does not rely on a specific feature of a specific processor s memory management and protection system

8 Spectre Exploits Just-In-Time engines used for JavaScript can be vulnerable Allows a website to read data stored in the browser s memory for another website, or the contents of the browser memory Remotely exploitable through unpatched browsers Local malicious code can also exploit Spectre vulnerabilities

9 Meltdown: What is it? CVE Rogue Data Cache Load Hardware vulnerability impacting Intel x86, IBM POWER processors and some (not all) ARM processors Does not impact AMD processors Allows rogue process to read all memory regardless of whether process is authorized to do so

10 Meltdown: How it works Exploits race condition in modern CPUs that occurs between memory access and privilege checking during processing of instructions Allows process to bypass privilege checks that isolate data belonging to the OS or other processes running on the host

11 Meltdown: How it works Unauthorized process can read data from any address mapped to the current process s memory space Most OS map RAM, kernel processes and other running processes to the address space of every process Means that memory from almost everywhere can be read by a rogue process exploiting meltdown

12 Spectre Vs Meltdown Attackers can use Spectre to manipulate processes into revealing data Attackers can use Meltdown to read privileged memory which the process itself may not normally be able to access

13 Impact on IT Ops: Mitigation No single patch for Spectre, it is a class of attack Mitigations for Spectre and Meltdown have performance impacts Spectre: 2-14% Meltdown: 5-30%

14 Impact on IT Ops: Spectre Mitigation Windows Recompile with new compiler, harden browser to prevent JavaScript exploit New CPU instructions that remove branch speculation assigned through firmware update , , CPU firmware update Latest versions of browsers are hardened Chrome, Edge, Firefox

15 Impact on IT Ops: Meltdown Mitigation Mitigate by isolating kernel and user mode page tables Requires update to OS kernel code Patches on Windows OS incompatible with 3 rd party AV software that uses unsupported kernel calls OS won t update unless 3 rd party AV sets special registry key indicating that update will not break system Does not require CPU firmware update

16 Spectre & Meltdown: The Future CPUs being redesigned so that these exploits are mitigated Speculation that these CPUs will not perform as well as vulnerable CPUs because of the mitigations Existing systems and hardware vulnerable unless patched

17 Netwrix Auditor A visibility platform for user behavior analysis and risk mitigation that enables control over changes, configurations, and access in hybrid IT environments. It provides security intelligence to identify security holes, detect anomalies in user behavior and investigate threat patterns in time to prevent real damage.

18 Netwrix solutions Data Access Governance Privileged User Activity Tracking Alerts on Suspicious Activity Using Behavior Anomaly Discovery User Activity Video Recording Restore of Deleted Active Directory Objects

19 Product Demonstration

20 Thank You for Attending Brought to you by Sponsor Logo

Meltdown and Spectre - understanding and mitigating the threats (Part Deux)

Meltdown and Spectre - understanding and mitigating the threats (Part Deux) Gratuitous vulnerability logos Jake Williams @MalwareJake SANS / Rendition Infosec sans.org / rsec.us @SANSInstitute / @RenditionSec