Meltdown-Spectre/Meltdownについて、ここに記述してください。
<<TableOfContents()>>

https://meltdownattack.com/meltdown.pdf

== Address Space ==

{{attachment:Screenshot from 2018-01-14 14-40-12.png}}

the entire physical memory is
typically mapped in the kernel.

On Linux and OS X, this is done via a direct-physical map,
i.e., the entire physi-cal memory is directly mapped to a pre-defined virtual
address (cf. Figure 2).

Instead of a direct-physical map, Windows maintains
a multiple so-calledpaged pools,
non-paged pools, and the system cache.   
These pools are virtual memory regions in the kernel address space mapping physical pages
to virtual addresses which are either required to remain
in the memory (non-paged pool) or can be removed from
the memory because a copy is already stored on the disk (paged pool).
 
The system cache further contains mappings of all file-backed pages.
Combined, these memory pools will typically map a large fraction of the physical
memory into the kernel address space of every process.

== cache attacks ==
{{{
Flush+Reload attacks work on
a single cache line granularity. These attacks exploit the
shared, inclusive last-level cache. An attacker frequently
flushes a targeted memory location using the
clflush
instruction.  By measuring the time it takes to reload the
data,  the  attacker  determines  whether  data  was  loaded
into the cache by another process in the meantime.  The
Flush+Reload attack has been used for attacks on various
computations, e.g., cryptographic algorithms [35, 16, 1],
web server function calls [37],  user input [11, 23, 31],
and kernel addressing information [9].
}}}

== uilding Blocks of the Attack ==