From d3e6d4c05f20f6f02546f86c929bcd0fde98f988 Mon Sep 17 00:00:00 2001
From: Leonard Kugis <leonard@kug.is>
Date: Mon, 9 Mar 2020 19:32:17 +0100
Subject: IntroSec

Added Meltdown chapter.
---
 .../introduction_to_information_security.md               | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md
index 5df6055..4ae43fe 100644
--- a/en_GB/Introduction to Information Security/introduction_to_information_security.md	
+++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md	
@@ -720,3 +720,18 @@ Add *canary* to end of chunk, checksumming the chunks control data, signed with
 
 1. On allocation, add calculate checksum over chunk control data and add canary.
 2. On `free`, recalculate checksum. If they mismatch, throw error.
+
+### Meltdown
+
+Using CPU cache as side channel. Reading memory line, record time. Fill cache to forcefully remove that line from cache.
+Read again, if time is different than expected, line has been used and cached again.
+
+1. Let the transient instruction load the attacker chosen *memory location* he himself has no access to.
+2. Let another transient instruction access a cache line based on the content of that register.
+3. Flush+Reload determines which cache line was accessed, which reveals the value stored in the *memory location*.
+
+#### KAISER
+
+Mapping of *Kernel Address Space* to address space of every user process is used by meltdown.
+*KAISER* separates these. Without valid mapping, Meltdown is not possible.
+Introduction of shadow address space synchronized between multiple mappings.
-- 
cgit v1.2.3