For this recitation, you'll be reading Meltdown. Meltdown, along with Spectre, is a security vulnerability that was discovered in 2018 that affects all modern Intel processors.

To help as you read:

• Sections 2 and 3 give a very good overview of the necessary background, and a toy example to help you understand the basic attack. In working through the toy example, you should make sure you understand why the example uses data*4096 rather than, say, just data, or data*2048.
• Sections 4 and 5 extend that toy example, explaining how Meltdown was actually implemented.
• Section 6 evaluates the attack, explaining what systems are vulnerable and how well the attack performs.
• Sections 7 and 8 discuss countermeasures, and some of the consequences of Meltdown.

As you read, think about the following:

• How does Meltdown differ from the other attacks we've seen?
• Think about Meltdown in the context of the guard model. Is there a guard in place here? If so, how is it being subverted?
• The paper (Section 6.4) mentions that ARM and AMD CPUs do not appear susceptible to Meltdown, and posit that it could be that the current implementation of Meltdown is too slow. Why does the speed of the Meltdown code matter here?

Reflection Questions

Below are three questions for you to reflect on as you read the paper. You will post your reflection, or respond to another student's reflection, on your Teaching Team Piazzas. You do not need to email responses to these questions to your TA. As a reminder:

• Each DP team should have one team member post a reflection, and the others respond to someone else’s reflection (you don't have to respond to your DP teammate's reflection). Rotate which member posts each week.
• You only need to post a reflection (or a respond to a reflection) about one of the questions below. If you see all of your fellow students reflecting on the same question, try to pick a different one.

Now, for the questions themselves. There are many possibile answers for each. We're expecting you to thoughtfully consider these questions, not come up with the single "best" answer. Your answers to these questions should be in your own words, not direct quotations from the paper.

1. Footnote 10, along with the end of Section 1, reference responsible disclosure practices. What ethical responsibility do you think researchers in this area of computer security have? How should they disseminate knowledge about new attacks?
2. Meltdown was a big deal when it was discovered. Why do you think that was? Does this change your assumptions about the security of your devices? How big of a concern are attacks such as Meltdown (and Spectre, which is also mentioned in the paper) compared to other security issues?
3. This paper describes the details of one rather specific attack. What higher-level lessons about security did you take away from it?