Researchers at Dartmouth College have devised a fix for Spectre, a critical vulnerability in modern processors discovered earlier this year. This vulnerability has 3 different version called ’variants’. The fix devised by Dartmouth researchers uses ELFbac policy techniques to protect the system against ‘variant 1’ form of Spectre.
Spectre and its companion vulnerability, Meltdown poses a threat to the information contained in your PC, smart phones, network, servers, security appliances and some IoT (Internet of Things) devices. The fact that the computer memory holds the less important and secret data alongside within the same program led the cyber miscreants exploit this tendency of the software to steal private and sensitive user data. Though the approach is useful to optimize system performance, however it inadvertently facilities data compromise as all the data is available in the same program including corrupted third party libraries.
Hence, anything that uses CPU (Central Processing unit) to function was at risk until Dartmouth College researchers devised a fix to cope up with the Spectre Variant 1 vulnerability.
The solution developed at Dartmouth works for Linux Operating system and is implemented at software level. Thus CPU and RAM vendors need not alter their products. The fix makes use of ELFbac to securely partition the address space of a program. This ensures that sensitive information and less important data are isolated from each other. The approach ensures secure processing of the data and denies access to Spectre.
ELFbac software was pioneered at Dartmouth’s TrustLabs in 2012 to combat large scale cyber attacks that compromised sensitive information. The effort to use the software against Spectre Variant 1 was devised after the discovery of Spectre in the beginning of this year.
Without the fix implementataion, systems do not distinguish between categories of information. This allows Spectre Variant 1 (CVE-2017-5753) to trick software and access the secret data.
Besides devising mitigation solutions, Red Hat researchers recently released a scanning tool to detect malicious code that makes the system susceptible to Spectre v1 attacks in software programs. The tool is meant for Linux system.
RowHammer is a cyber attack that exploits a bug in Dynamic random access memory (DRAM) to allow cyber miscreants to escape system security and gain access to the system. The vulnerability in the DRAM module is DRAM cells contained in rows are compactly arranged to increase density.
Repeated activation of memory rows, can cause memory cells to leak their charges to adjacent cells, resulting in ransom bit flips that can alter the memory contents.
Systems and Network Security group at VU Amsterdam recently announced a software level fix to this flaw in DRAM. A new comprehensive software protection technique called ZebRAM was devised against RowHammer attacks. The technique is under development stage and details about it are not yet revealed.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.