Transient Execution Attacks

Abstract

Deep dive into how modern processor optimizations such as branch prediction and out-of-order execution may lead to the leak of secrets through the CPU’s microarchitectural state. Numerous attacks have been proposed, and we will give an overview of these techniques' state of the art.

In the second talk, we will continue our journey into the never-ending story of Transient Execution Attacks to understand how modern processor microcomponents may still lead to arbitrary secret leakage. Meltdown and Spectre were only the beginning. Microarchitectural Data Sampling attacks can leak data across any protection boundary. We will understand why data may be not securely kept in any privilege boundary, and how may be impossible to enforce process, kernel or even virtual machines isolation in an SMT environment.

Date
May 31, 2019 4:00 PM — 6:00 PM
Location
DEFCON Group Meeting
Pietro Borrello
Pietro Borrello
Microarchitecture Security Researcher

Microarchitecture Security Researcher at Apple SEAR.