m
Our Mission Statement
This is Photoshop's version of Loremer Ipsn gravida nibh vel velit auctoregorie sam alquet.Aenean sollicitudin, lorem quis bibendum auci elit consequat ipsutis sem nibh id elit.
Follow Us
Top
Meltdown and Spectre and VoltDB - VoltDB
12228
post-template-default,single,single-post,postid-12228,single-format-standard,cookies-not-set,mkd-core-1.0,highrise-ver-1.0,,mkd-smooth-page-transitions,mkd-ajax,mkd-grid-1300,mkd-blog-installed,mkd-header-standard,mkd-sticky-header-on-scroll-up,mkd-default-mobile-header,mkd-sticky-up-mobile-header,mkd-dropdown-slide-from-bottom,mkd-dark-header,mkd-header-style-on-scroll,mkd-full-width-wide-menu,mkd-header-standard-in-grid-shadow-disable,mkd-search-dropdown,mkd-side-menu-slide-from-right,wpb-js-composer js-comp-ver-5.4.7,vc_responsive
VoltDB / Announcements  / Meltdown and Spectre and VoltDB

Blog

Meltdown and Spectre and VoltDB

The internet is ablaze with articles and talk about hardware security flaws found recently in most modern processors, including chips from Intel and AMD – that is, in the processors used by everyone who runs software to provide a service. In other words, all of VoltDB’s customers. We are actively working on tests of our own and will share more information as we learn about these vulnerabilities and the effects of patching them on VoltDB software.

Background

The vulnerabilities are known as Meltdown and Spectre. In the National Vulnerability Database, they are covered by 3 CVEs:

All Operating System providers are providing patches and many hardware vendors are also providing firmware patches. You should consult your OS provider and hardware vendor for solutions. As of today, not all distributions have released patches. To find out the current status, check with your Operating System provider:

Can this be exploited using VoltDB?

These vulnerabilities can only be exploited by running code on the server under attack. This can be achieved with shell access to the machine from an unprivileged user, or by providing malicious code to a process running on that server.

Any potential attack through a secured VoltDB would require a user with ADMIN (the highest) security permissions to upload Java Stored Procedures or Java User-Defined Functions with malicious code. For more information see instructions for Hardening VoltDB Security and the Security chapter in Using VoltDB.

What is the impact of the security patches on VoltDB?

Many of the security patches come with warnings of possible performance impact. VoltDB is in the process of running tests to determine the scope of the impact on a few VoltDB performance workloads and will update the blog once we have more information. As always, the tests we run may not be indicative of your workload on your actual hardware and virtualization layer, so you should run your own tests to characterize any changes to performance that may affect your customers.