Modern computers are equiped with features such as out-of-order execution and branch prediction, which are used to reduce CPU idle time and improve performance. Meltdown and Spectre are two cyber attacks that exploit microarchitectural side-effects which appear as a result of such optimization techniques being used. An attacker can read private data of the vicim at arbitrary locations in memory, without exploiting any software bug. Intel, AMD and ARM were forced to redesign their CPUs in order to mitigate the risks posed by Meltdown and Spectre. Despite deployed mitigations, in the second half of 2022, most computers in the world are vulnerable to variations of Spectre attacks, billions of users being at risk. This class of attacks remains a subject of great interest for researchers in the field of security. In this work, the technicalities and implications of both attacks will be covered. In the end, the results of my own experiements will be presented, as a proof of concept for a Spectre attack. This implementation is different from the one in the research paper spectre2019 and allows an attacker to read the whole address space of another process.
Checkout the actual paper here
