Meltdown and spectre explained -- for normal people
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
README.assets
assets Add security goals Jan 17, 2017
docs Prepare for 1E3 Jul 20, 2018
slides
.gitignore Add meltdown Jan 23, 2018
LICENSE.md
Neuhalfen_Meltdown_Spectre_for_normal_people.pdf Prepare for 1E3 Jul 20, 2018
README.md Update README.md Sep 12, 2018

README.md

Say Thanks!

Meltdown and Spectre .. for normal people

Meltdown and Spectre are security flaws that gained widespread media coverage in the first days of 2018. Most coverages of these flaws fall either into the category "Intel caused a terrible security bug, all hope is lost!" (AKA we are going to die!) or "By priming the BPU of the CPU a malicious process can read out of bounds memory via speculative code execution" (AKA white noise to most people). With these slides I fill the hole between we are going to die! and white noise.

Contrary to other security bugs these flaws are

  • hardware, not software based
  • the direct consequence of years of performance improvements
  • extremely widespread because they affect (nearly all) computer systems, including mobile phones

How these slides are different

This is for "normal people". With these slides I fill the hole between we are going to die! and white noise. You, the reader, will understand what went wrong, how it went wrong, and why this is bad. I will try to minimise the computer specialists words to an absolute minimum. Promised!

Where?

Preview

Here are some slides from the presentation (keynote, PDF, html).

First slide

Attack vector

Threat-o-meter

Threat-o-meter 2

Threat-o-meter 3

How processors work 1

How processors work 2

How processors work 3

Meltdown 1

Meltdown 2

Spectre 1

Spectre 2

Spectre 3

Conclusion 1

Conclusion 2