Keynote Presentation - Spectre Attacks: Exploiting Speculative Execution - and why the heck is the computer speculating anyway?

pdf

ABSTRACT

Meltdown and Spectre made a splash at the turn of the year 2017/18 which means that some research is now almost 4 years old. On the other hand, the vulnerabilities put the roots of our security assessments in the spotlight and instead of building an architecture on presumably solid Silicon we learned that our foundation was built on sand. In the spirit of HoTSoS' mission we will take a step back and embed the seminal Spectre paper in a bigger picture. Starting point is the _Iron Law_ of processor performance and we will see how it facilitates such attacks. Many more exploits became public since the initial disclosure and "side-channel attack" is frequently used as generic label. We will have a closer look at caches and how they evolved to such a critical component in modern computers and became malicious actors' favourite pet.

We will then dive into the intricacies of branch prediction and why Spectre is not simply the result of careless, performance-obsessed computer architects. Instead of yet another explanation of CVE-2017-5753 and CVE-2017-5715 we want to shed some light onto our computer's dark corners.

BIO

Werner HaasWerner Haas is co-founder of Cyberus Technology Ltd. and is currently responsible for its research and development activities. His main focus is the application of virtualization technology and virtual machine introspection (VMI) in order to increase system security. Last year he was selected as CPU architecture expert in Europe's Core Technologies for Future Connectivity Systems and Components (COREnect) project. His experience in both hardware and corresponding software development stems from more than a decade of work in Intel Labs in Germany and the US. His research interest centered around the memory subsystem i.e., caching, protection mechanisms, and implications of emerging technologies which culminated in a board-level presentation on near-memory programming opportunities with Intel Architecture. Since the Meltdown/Spectre disclosure he is regularly explaining and teaching the fundamentals of CPU side channel attacks to the German IT security community.

Tags:
License: CC-2.5
Submitted by Anonymous on