ABSTRACT

In this talk, we will discuss microarchitectural attacks which arise from various processor optimizations. Modern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Microarchitectural side-channel attacks leak secrets from cryptographic computations, from general purpose computations, or from the kernel. This leakage even persists across all common isolation boundaries, such as processes, containers, and virtual machines. Microarchitectural fault attacks exploit the physical imperfections of modern computer systems. Shrinking process technology introduces effects between isolated hardware elements that can be exploited by attackers to take control of the entire system. These attacks are especially interesting in scenarios where the attacker is unprivileged or even sandboxed. We will investigate known and new side channels and show that microarchitectural attacks can be fully automated and run in JavaScript or other constrained environments. By the end of the talk we will have built arbitrary read and write primitives, which allow an attacker on an affected system without any software bugs to read arbitrary data through the Meltdown attack and to perform arbitrary modifications of data through the Rowhammer attack.