Meltdown, Spectre and Connext DDS

Submitted by waffletchnlgy on Fri, 03/02/2018 - 13:41

At the beginning of 2018, the computing world was witness to the publication of the Meltdown and Spectre vulnerabilities which affect a wide range of systems all over the world. Exploits of these vulnerabilities target specific behavior of the hardware (not the OS, nor program code) in order to read privileged information. For detailed information, please refer to https://meltdownattack.com/ website, the Google Project Zero blogpost, or consult the OS and chip vendors information on Meltdown and Spectre.

Meltdown

Meltdown (identified as CVE-2017-5754) highlights a vulnerability in how the processor makes use of speculative execution, out-of-order execution and memory caching. To exploit this vulnerability, an attacker must be able to execute code on the system. In doing so, an attacker may be able to read kernel memory.

It is important to note that exploiting Meltdown is not an attack to other (user-space) programs, such as Connext DDS-based applications. It is an attack on the system itself. Because of this, chip and OS vendors recommend to patch the operating system. For example, the Linux kernel patch implements the so-called KAISER / KPTI (Kernel Page Table Isolation) fix.

The performance impact from applying the patch depends on your application. In our testing, using the RTI Connext DDS Performance Test (PerfTest), we have observed a performance penalty of 2.5% up to 5% in latency and throughput.

Spectre

Spectre refers to two vulnerabilities (identified as CVE-2017-5715 and CVE-2017-5753) in how the processor uses speculative execution, branch prediction and memory caching. When exploiting these vulnerabilities an attacker could read the memory address space of another process and therefore any sensitive information it may hold.

Unlike Meltdown, Spectre also impacts application execution code. Some compiler vendors are updating their compilers to harden software against future exploitation of Spectre, e.g., by employing a technique called retpoline. Contact RTI Support to inquire about platform support for specific compiler and compiler versions.

RTI Community Portal Terms of Use

NOTICE: Any content you submit to the RTI Research Community Portal, including personal information, is not subject to the protections which may be afforded to information collected under other sections of RTI's Web site. You are entirely responsible for all content that you upload, post, e-mail, transmit or otherwise make available via RTI Community Portal. RTI does not control the content posted by visitors to RTI Community Portal and, does not guarantee the accuracy, integrity, or quality of such content. Under no circumstances will RTI be liable in any way for any content not authored by RTI, or any loss or damage of any kind incurred as a result of the use of any content posted, e-mailed, transmitted or otherwise made available via RTI Community Portal. Read the complete Terms prior to use.

Please see RTI's privacy policy and cookie policy if you have questions about any information collected during the sign-up process.

Secondary menu

Navigation

Meltdown, Spectre and Connext DDS

RTI Community Portal Terms of Use

Search

Secondary menu

You are here

Navigation

User login

Meltdown, Spectre and Connext DDS

RTI Community Portal Terms of Use