Protecting Your Charon Instance from Vulnerabilities to Meltdown and Spectre

If you’ve heard about Meltdown and Spectre, the security issues that allow cybercriminals access to your digital information, you may be concerned about the vulnerability of your Charon instances and whether the currently available patches are necessary. We want to help our customers be sure they are protected. The following information addresses the cybersecurity concerns related to Meltdown and Spectre.

Is my Charon instance vulnerable to attacks from inside the Guest Operating System (VMS, Tru64, Solaris, MPE-iX)?

No. Charon products do not emulate out-of-order execution, speculative execution and cache. The binary code is translated dynamically into a subset of x86 instructions which do not allow Meltdown or Spectre attacks. Nobody with access to the Guest OS can compromise the system on the Charon virtual system level or at the hosting system level.

Is my Charon instance vulnerable to attacks from inside the Host Operating System (Linux, Windows)?

The hosting system that runs the Charon software stack (including the emulator, guest OS, and guest applications) can be affected by Meltdown and Spectre. However, as long as the hosting system (Linux or Windows) is protected, Charon users can rest assured knowing their Charon system is secure. This means that someone who has access only to the Charon virtual system cannot compromise the system on a virtual level, or at the host level, because the host is protected.

Do I need to get a patch?

We don’t recommend that customers patch their host systems at the moment. The patches, either from Intel or OS vendors, are not stable. Further, they generate visible performance degradation, and the Charon software stack may be affected. Furthermore, when only the virtual system is accessible from the network, there is no need to patch the host. We recommend waiting for the stable patch releases and applying them to the test systems first to determine the performance impact.

If you have additional questions, please contact Stromasys Support.