Gentle overview of the core ideas exploited by the Spectre and Meltdown CPU attacks, including speculative execution, side-channel attacks, and cache memory. Presented by Prof. Ymir Vigfusson at Emory University (ymsir.com).
Пікірлер: 83
@WeightlessFlex Жыл бұрын
I think this is the best KZbin video for this on the site.
@dontanton77756 жыл бұрын
This is the most relaxed and best explanation of the topic I have found on the whole internet. You do not only make good examples, but you also slowly approach the topic with analogies and good visual representation. It is nearly perfect, the only thing worth improving is your microphone. Kudos to this. You should be a teacher.
@wilfhoward26026 жыл бұрын
Why do people have to play music over talking, a most annoying thing to do.
@YmirVigfussonPresents3 жыл бұрын
Will take into account for future videos!
@AzRon9996 жыл бұрын
BY FAR, the best explanation of Spectre I've seen, and I've looked at a few. And very well produced too. Thank you. Please make more videos.
@siddharthtaragi8150 Жыл бұрын
One of the most visually delighing and comprehendible explanations. Please note 14:29 mins is the crux of the explanation where usgae of an instrument, side channnel timing attack , memory leakage and other concepts comverge
@vishalgupta5288 Жыл бұрын
Hands down the best example of spectre and meltdown. Subscribed immediately :)
@andrewo4586 жыл бұрын
Probably the best video I’ve come across that explains how this functions for a non CS individual... thanks!
6 жыл бұрын
Nice but the music is too loud. Thanks anyway.
@achyuthvishwamithra12 күн бұрын
In your example, how can a process controlled by the attacker access the memory allocated to a victim? Each process gets its own virtual address space. However, it does make sense that an attacker process could access kernel memory through speculative execution, bypassing privilege checks, thus melting the boundary between kernel and user process memory, hence the name "meltdown". The example you gave is more representative of the Meltdown vulnerability than Spectre, and a good mitigation for the Meltdown vulnerability would be kernel page table isolation. Spectre is based on the attacker training the CPU's branch predictor to expect certain branches and the cache implementation.
@joyhumin12 жыл бұрын
Recommended by our professor to understand what Spectre and Meltdown attack is. Well explained! Thank you! Subscribed for more content!
@mrsexycasanova896 жыл бұрын
Hands down, best explanation! :-)
@haritadepalli9596 жыл бұрын
The best explanation with good terminology. Presentation can benefit by removing the starting music.
@thepromisedlan2 жыл бұрын
I've watched wayyy too many videos to understand this, this really helped!
@azr_sd5 жыл бұрын
this is the best explanation video of these exploits I have ever seen.Thank you :) and can you make a video on zombieload side channel attack?
@Petelecaster5 жыл бұрын
Best Explanation agreed. Really demonstrates what the code function actually does on machine level.
@azr_sd5 жыл бұрын
@@Petelecaster yeah bro..
@yuryeuceda85906 жыл бұрын
Very well explained Professor. That was great. Both, explanation and attack technique
@thefelix77676 жыл бұрын
This is a great explanation of how it works.
@vultoneo6 жыл бұрын
Nice, first source I found which explained how the data was retrievable from cashe :). I learned something today.
@SameeraSenarathna6 жыл бұрын
Great explanation !!! Thank You.
@bovinebear2979 Жыл бұрын
great explanation
@heroicH1044 жыл бұрын
Detailed and Clear, thanks for your explanation!
@nandadash6 жыл бұрын
Great explanation. Hackers understood the basics of computer architecture very well. I suspect the security patch to this will make system slow down.
@kristingudmundsdottir62216 жыл бұрын
So cool the way you present it, even I got the most of it, but holy cow this is scary :)
@PriyankaMondal-tg3fx Жыл бұрын
it rolled back all the registers but did not roll back the cache accesses
@cycv588123 күн бұрын
Great explanation :)
@yossibtk6 жыл бұрын
Great video , I really like how you abstract things and make it simple to understand. I came to this video to understand what a meltdown attack is and you really nailed it. Bravo! [Constructive] Regarding the audio, many times It was a bit hard for me to understand your words, that made me repetitively go back and listen over and over again. I think It's a combination of your non-native accent and the low quality of the sound. I think that either using a higher bit rate for the sound or attaching subtitles (or both) would make it less struggling for me. Could be my ears only , though :)
@YmirVigfussonPresents6 жыл бұрын
Thanks for the feedback! Good point, I've added subtitles now for easier reference. Enjoy!
@mariafailli5558 Жыл бұрын
great video and clear explainatrion. But the person in charge of the music.....smh 😒😭😭
@skyaldrin6 жыл бұрын
Fantastic video, thank you for the explanation :)
@hayderh.9524 жыл бұрын
The Best explanation! Thank you!
@Darlyngtoo6 жыл бұрын
Can anyone explain how accessing Instrument[A[x]] results in the number 4 being "played"? I didn't really understand the syntax of "access Instrument[A[x]]". Thank you so much!
@MichaelScarn3333 жыл бұрын
Great video thank you!
@fernandobernardo63246 жыл бұрын
I have paused, after a few seconds you were telling us about a series of attacks we have seen lately. What attacks? Do you know someone who has been attacked?
@0xc0ffee_4 жыл бұрын
I still don't understand the difference between meltdown and spectre...
@tigran57525 жыл бұрын
I understand this might be just an example, but being regular string password "hunter2" is stored in memory sequentially and when CPU loads first symbol, following (let's say 64) will appear in CPU cache as part of the same cache-line, so why should CPU spend more time on the next symbol reading?
@ymirvigfusson5 жыл бұрын
You are right on both accounts: it's just an example, and indeed memory accesses like that have an interplay with the cache hierarchy and register sizes. It's worth looking at academic papers or implementations of timing attacks, precisely to see how to control for these effects.
@tigran57525 жыл бұрын
@@ymirvigfusson thanks! anyway for simple explanation example is good! Just worth mentioning that things are not that simple :)
@nickvanamburg3 жыл бұрын
What's the music at 0:40?
@dimethanol11816 жыл бұрын
These are security issues and have Not yet been seen and publicly documented outside a lab. Though i still want the cpus designed to prevent this from happening
@ozkaa4 жыл бұрын
that was really well explained, thankyou
@Rakeshguptha286 жыл бұрын
This is good explanation.
@anastasiadunbar52466 жыл бұрын
What is the name of the first track used in this video?
@karanmanral17596 жыл бұрын
Great work.
@findnabeel6 жыл бұрын
Well explained. Thanks
@ramadasmahale91936 жыл бұрын
Can anyone tell me why A[x] doesn't throw an Out of Bounds exception? This attack kind of makes use of a buffer overread... And there are already defences in place for such attacks, right? Then how does A[x](a buffer overread go through)?
@SuperNikio26 жыл бұрын
I THINK it's because the CPU doesn't know it's out of bounds. It need the kernel to tell it that.
@OpenGL4ever5 ай бұрын
The CPU does this speculative. The IF instruction is not yet completed at this point and the CPU is already starting to process the instructions contained in the IF loop speculative in order to be able to provide an answer more quickly if the IF query as to whether the earth is flat is correct. In the normal flow of the program, the question whether the earth is flat is of course answered with no. Which is why the IF loop would not be entered in normal program flow. But since it was already entered in advance and speculatively, an out of bounds error was never thrown here, because that was not the normal program flow, but only a speculative one that was not checked. And since this was done speculatively, the data is now in the cache. It's a quite clever attack.
@narendrajayram13175 жыл бұрын
great explanation...
@amizan86536 жыл бұрын
Damn, that exploit is so clever!
@kalankasiyambalapitiya76156 жыл бұрын
Good explanation !!!!
@kohdynicholson45285 жыл бұрын
21 flat earthers watched this video
@haritadepalli9596 жыл бұрын
Can you please remove the background music, if you want the audience to have a better experience of your lecture?
@Ankhelinos6 жыл бұрын
Glorious!
@unbl3ss3d6 жыл бұрын
Excellent
@hemzatalha30086 ай бұрын
Bro ! We listen to you or to your music!!!
@TheUnorthodoxGears6 жыл бұрын
Nice but the music is tilting me! 😂
@MagDrag1235 жыл бұрын
Luck there are subtitles.
@indo30526 жыл бұрын
This is high tech Israel having control of CPU’s
@floriansteiner56666 жыл бұрын
it is really hard to understand you. The soundquality is to poor to volume up your 8bit music in the way you do, sorry.
@floriansteiner56666 жыл бұрын
OH I'm sorry again ;) I should have stayed patient during the introduction...
@RollerDead6 жыл бұрын
wow okay. very informative
@anandabiswas27016 жыл бұрын
Great explanation, music was annoying though.
@YEC9995 жыл бұрын
The only thing that surprises me ist that the engineers at Intel thought for 25 years that this was secure. Really, really Idiotic.
@yagzyalcntas5534 жыл бұрын
30 flat earthers disliked
@刘新-s3n5 жыл бұрын
great!
@administrator74006 жыл бұрын
Professor. I have been spending an entire week trying to rid myself of this very attack you are describing. It has infected everything survived hard drive wipes affected windows and Ubuntu. And I think I am in over my head. I would be willing to compensate you for your time should you be able to chat with me for a few minutes I am in need of someone who has experience with this. It's driving me insane.
@Anonymous-ed4id8 ай бұрын
Eventually... I understood it the 5th time watching it😂
@mrigankachakravarty41824 жыл бұрын
gee oo dee... GOD
@INSTAKILLA6 жыл бұрын
The music you put on this video makes me want to vomit and gave me a headache. I still left a like for the content of the video itself.
@LocGaming7316 жыл бұрын
If this is u thank u
@ru11223 жыл бұрын
Watch 1.25 speed then this looks in8 😎
@pedrexsevenz18566 жыл бұрын
the world really is flat or planeard
@ShopperPlug3 жыл бұрын
cache memory explanation is horrendously terrible... you should always show the cpu when talking about cache memory. the only reason why its called cache memory is because of latency, the cache memory block is literally inside the cpu and close by to the ALU, this makes it ridiculously fast for the cpu to load cache memory compared to ram memory. after ur cache explanation i had to force myself to watch another person describing about the spectre attack... and no it's not slow like a turtle, this is gunna make people dumb and think computers are slow. its just "slighty" slow compared to cache memory, not a full blown one second, minute or hour. We are talking about "slow" in the sub milli/micro/nano seconds, not a legit turtle speed..
@YmirVigfussonPresents3 жыл бұрын
Thanks for your comment -- I'll respond since I believe it is misleading. I am speaking of _relative_ speeds, which is an intuitive way of explaining time scales (or any scale) beyond what we experience normally as humans. Also, while the built-in cache memories are on the CPU, they are not inside the CPU _core_ that's doing the executions. And finally, at a relative level, an average instruction of a CPU core operating at only 1GHz is around 1ns, whereas accessing L3 on-chip is 20ns, or 20x slower. DRAM, at 80-100 ns is thus 80-100x slower than the execution of a single instruction (even those involving registers which are effectively the fastest form of memory in a modern computer). Thus I argue that the analogy is not actually misleading --- in fact, I wish more people deployed them to better understand the very basics of why poorly architected software perpetually winds up being slow!
@ShopperPlug3 жыл бұрын
@@YmirVigfussonPresents I clearly know the difference between the terms of cpu core and cpu. All of the most best explanations in books, articles and KZbin related to cpu always shows the cache memory inside the cpu (not cpu core). This is the main reason why cpu core has fast access to cache memory as compared to external memory such ram. Many people does not know this and it brings confusion, stating that the cache memory is located inside the cpu (not cpu core) will make things much more sense.