五、Meltdown and Spectre
Meltdown 和 Spectre為2018年初爆發的重大資安漏洞,兩者皆利用了現代處理器的特性(如 out-of-order execution、speculative execution、branch prediction)搭配旁通道攻擊(side-channel attacks),存取任意的記憶體位置。
下列程式碼為 Meltdown 論文中之範例。當攻擊者在受害者電腦執行以下程式,即便攻擊者無權限直接存取受害者電腦中 data的值,仍可間接得知data的值。
raise_exception();
// the line below is never reached
access (probe_array [data * 4096]);
請回答下列題組問題:
(三)請提出兩種防範或緩解 Meltdown 漏洞的方法,並討論其可行性。
(二)請說明上方Meltdown 範例程式的運作原理。
(一)請說明何謂旁通道攻擊(side-channel attacks)。
50. Ubiquitin is a: (A) component of the electron transport system. (B) protease. (C) protein kinase. (D) protein phosphorylase. (E) protein that tags another protein for proteolysis.
49. The force that drives an ion through a membrane channel depends upon: (A) the charge on the membrane. (B) the difference in electrical potential across the membrane. (C) the size of the channel. (D) the size of the ion. (E) the size of the membrane.
48. Hormone-activated phospholipase C can convert phosphatidylinositol 4,5-bisphosphate to: (A) diacylglycerol + inositol triphosphate. (B) diacylglycerol + inositol + phosphate. (C) glycerol + inositol + phosphate. (D) glycerol + phosphoserine. (E) phosphatidyl glycerol + inositol + phosphate.
This is a large modal.