IntroSec

Added Meltdown chapter.

1 files changed, 15 insertions, 0 deletions

diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md
index 5df6055..4ae43fe 100644
--- a/en_GB/Introduction to Information Security/introduction_to_information_security.md
+++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md
@@ -720,3 +720,18 @@ Add *canary* to end of chunk, checksumming the chunks control data, signed with
 
 1. On allocation, add calculate checksum over chunk control data and add canary.
 2. On `free`, recalculate checksum. If they mismatch, throw error.
+
+### Meltdown
+
+Using CPU cache as side channel. Reading memory line, record time. Fill cache to forcefully remove that line from cache.
+Read again, if time is different than expected, line has been used and cached again.
+
+1. Let the transient instruction load the attacker chosen *memory location* he himself has no access to.
+2. Let another transient instruction access a cache line based on the content of that register.
+3. Flush+Reload determines which cache line was accessed, which reveals the value stored in the *memory location*.
+
+#### KAISER
+
+Mapping of *Kernel Address Space* to address space of every user process is used by meltdown.
+*KAISER* separates these. Without valid mapping, Meltdown is not possible.
+Introduction of shadow address space synchronized between multiple mappings.