PACMAN: attacking ARM pointer authentication with speculative execution
This paper studies the synergies between memory corruption vulnerabilities and speculative
execution vulnerabilities. We leverage speculative execution attacks to bypass an important …
execution vulnerabilities. We leverage speculative execution attacks to bypass an important …
Timing Side-Channel Attacks and Countermeasures in CPU Microarchitectures
Microarchitectural vulnerabilities, such as Meltdown and Spectre, exploit subtle
microarchitecture state to steal the user's secret data and even compromise the operating …
microarchitecture state to steal the user's secret data and even compromise the operating …
I see dead µops: Leaking secrets via intel/amd micro-op caches
Modern Intel, AMD, and ARM processors translate complex instructions into simpler internal
micro-ops that are then cached in a dedicated on-chip structure called the micro-op cache …
micro-ops that are then cached in a dedicated on-chip structure called the micro-op cache …
Hardware-software contracts for secure speculation
Since the discovery of Spectre, a large number of hardware mechanisms for secure
speculation has been proposed. Intuitively, more defensive mechanisms are less efficient …
speculation has been proposed. Intuitively, more defensive mechanisms are less efficient …
Axiomatic hardware-software contracts for security
We propose leakage containment models (LCMs)---novel axiomatic security contracts which
support formally reasoning about the security guarantees of programs when they run on …
support formally reasoning about the security guarantees of programs when they run on …
Transient-Execution Attacks: A Computer Architect Perspective
L Fiolhais, L Sousa - ACM Computing Surveys, 2023 - dl.acm.org
Computer architects employ a series of performance optimizations at the micro-architecture
level. These optimizations are meant to be invisible to the programmer but they are implicitly …
level. These optimizations are meant to be invisible to the programmer but they are implicitly …
The gates of time: Improving cache attacks with transient execution
D Katzman, W Kosasih, C Chuengsatiansup… - 32nd USENIX Security …, 2023 - usenix.org
For over two decades, cache attacks have been shown to pose a significant risk to the
security of computer systems. In particular, a large number of works show that cache attacks …
security of computer systems. In particular, a large number of works show that cache attacks …
Adversarial prefetch: New cross-core cache side channel attacks
Modern x86 processors have many prefetch instructions that can be used by programmers
to boost performance. However, these instructions may also cause security problems. In …
to boost performance. However, these instructions may also cause security problems. In …
Ultimate {SLH}: Taking Speculative Load Hardening to the Next Level
In this paper we revisit the Spectre v1 vulnerability and software-only countermeasures.
Specifically, we systematically investigate the performance penalty and security properties of …
Specifically, we systematically investigate the performance penalty and security properties of …
Speculative privacy tracking (SPT): Leaking information from speculative execution without compromising privacy
Speculative execution attacks put a dangerous new twist on information leakage through
microarchitectural side channels. Ordinarily, programmers can reason about leakage based …
microarchitectural side channels. Ordinarily, programmers can reason about leakage based …