This post presents a very short summary of CLKSCREW, Meltdown and Spectre mitigation strategies, links to each paper and a link to KAISER.
Shared Needs
CLKSCREW, Meltdown and Spectre _all_ rely on counting CPU clocks. CLKSCREW also relies on the ability for one core to modify frequency and voltage that impacts another core (which may be running a trusted OS).
Summary of Mitigations Presented in Each Papers
Meltdown
Apply the KAISER patch to the Linux kernel and patches that accomplish the same thing for Windows and MacOS. This patch removes kernel mappings in userspace process, stopping Meltdown.
Spectre
No good mitigation strategy is listed, apart from disabling speculative execution.
CLKSCREW
Randomize the timing of sensitive code or better: compile code with checksum integrity and execution redundancy.
Papers
Spectre
Meltdown
CLKSCREW
Reference
Images from https://meltdownattack.com/
Kommentare