# Side-Channel Attacks (Spectre/Meltdown) One-sentence definition: Exploiting **microarchitectural** behaviors (caches, speculation) to infer secrets across isolation boundaries. ## Key Facts - Spectre: mistraining branch prediction; Meltdown: privilege check bypass via transient exec. - Mitigations: microcode/OS patches, retpolines, KPTI, constant-time code, partitioning. - Performance trade-offs; risk varies by workload/tenancy. - Strict isolation for multi-tenant/high-trust systems. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose mitigation acknowledging perf vs isolation trade-off. **Mnemonic:** “Speculate less; isolate more.” ## Mini Scenario Q: Shared hosts for untrusted tenants—control? A: Strong tenant isolation, patch/microcode, consider dedicated hosts. ## Revision Checklist - Define side-channel and examples. - Name two mitigations. - Note performance impact consideration. ## Related [[Noninterference and Information Flow]] · [[Virtualization Security (Type 1 vs Type 2)]] · [[Memory Protection (DEP/NX, ASLR, W^X)]] · [[Process Isolation and Privilege Modes]] · [[Tenant Isolation and Cross-Tenant Risks]] · [[Domain 3 - Index]]