Explore the intricacies of the Meltdown vulnerability in this 47-minute Black Hat conference talk. Delve into the fundamentals of virtual memory, memory isolation, and CPU architecture. Understand how Meltdown breaks the critical barrier between user applications and operating systems, allowing unauthorized access to system memory. Learn about side-channel attacks, CPU caches, and memory access latency. Examine the details of exception handling and various Meltdown attack techniques. Discover practical attack scenarios, including locating victim processes and dumping memory content. Investigate the impact on different systems, including mobile devices. Clarify misconceptions about Meltdown's relationship to Spectre and speculative execution. Finally, explore mitigation strategies such as Kernel Page-table Isolation and KVA Shadow, and consider the broader implications of this vulnerability for system security.
Overview
Syllabus
Intro
Virtual Memory
Memory Isolation
Page Table Entry
Direct-physical map
Loading an address
Side-channel Attacks
CPU Cache
Memory Access Latency
Architecture and Microarchitecture
In-Order Execution
Out-of-Order Execution
Building the Code
Details: Exception Handling
Meltdown with Fault Suppression
Meltdown with Fault Prevention
Uncached memory
Uncachable memory
Practical attacks
Locating the victim process
Dumping memory content
Affected by Meltdown
Samsung Galaxy S7
Variant 3a
Is Meltdown (or Spectre) a side-channel attack?
Is Meltdown a variant of Spectre? Is it speculative execution?
Meltdown Mitigation
Kernel Page-table Isolation
Apple
KVA Shadow
Implementing
Total Meltdown
A unique chance
Taught by
Black Hat
