6.1800 Spring 2026 Calendar
Objectives + Structure Grading + Policies Participation Staff + Schedule
Communication Assignments Labs
Overview Office Hours Piazza

For this week, you'll be reading Meltdown. Meltdown, along with Spectre, is a security vulnerability that was discovered in 2018 that affected all modern Intel processors at the time.

To help as you read:

  • Sections 2 and 3 give a very good overview of the necessary background, and a toy example to help you understand the basic attack. In working through the toy example—and to help you test whether you understand it—you should make sure you understand why the example uses data*4096 rather than, say, just data, or data*2048.
  • Sections 4 and 5 extend that toy example, explaining how Meltdown was actually implemented.
  • Section 6 evaluates the attack, explaining what systems are vulnerable and how well the attack performs.
    • Another way to test your understanding: Section 6.4 mentions that ARM and AMD CPUs do not appear susceptible to Meltdown, and posit that it could be that the current implementation of Meltdown is too slow. Why does the speed of the Meltdown code matter here?
  • Sections 7 and 8 discuss countermeasures, and some of the consequences of Meltdown.

As you read, think about the following:

  • In your own words, and briefly, explain how the Meltdown attack works.
  • In Listing 1, what value is the attacker ultimately hoping to determine: the value of probe_array[data * 4096], the value of probe_array[data], or the value of data? You only need to give us the answer here, no explanation needed.
  • Listing 2 is the core of meltdown, and essentially translates the toy example in Listing 1 to a real attack. What line of Listing 2 performs the multiplication by 4096? What part of that line actually encodes the number "4096"?
  • Why is the Meltdown attack possible? Why doesn't Intel simply disable out-of-order execution on its processors?)
  • This paper describes the details of one rather specific attack. What higher-level lessons about security did you take away from it?

Submit your answers to these questions on Canvas by 12:00pm on Friday 5/1. You should be writing a few sentences in response to each question (so we don't need you to write an essay for each one, but we're also expecting more than one-word answers). Your responses should be in your own words, not direct quotations from the paper.