The gates of time: Improving cache attacks with transient execution
D Katzman, W Kosasih, C Chuengsatiansup… - 32nd USENIX Security …, 2023 - usenix.org
For over two decades, cache attacks have been shown to pose a significant risk to the
security of computer systems. In particular, a large number of works show that cache attacks …
security of computer systems. In particular, a large number of works show that cache attacks …
Ileakage: Browser-based timerless speculative execution attacks on apple devices
Over the past few years, the high-end CPU market is undergoing a transformational change.
Moving away from using x86 as the sole architecture for high performance devices, we have …
Moving away from using x86 as the sole architecture for high performance devices, we have …
Ultimate {SLH}: Taking Speculative Load Hardening to the Next Level
In this paper we revisit the Spectre v1 vulnerability and software-only countermeasures.
Specifically, we systematically investigate the performance penalty and security properties of …
Specifically, we systematically investigate the performance penalty and security properties of …
Sok: Can we really detect cache side-channel attacks by monitoring performance counters?
W Kosasih, Y Feng, C Chuengsatiansup… - Proceedings of the 19th …, 2024 - dl.acm.org
Sharing microarchitectural components between co-resident programs leads to potential
information leaks, with devastating implications on security. Over the last decade, multiple …
information leaks, with devastating implications on security. Over the last decade, multiple …
Showtime: Amplifying arbitrary cpu timing side channels
Microarchitectural attacks typically rely on precise timing sources to uncover short-lived
secret-dependent activity in the processor. In response, many browsers and even CPU …
secret-dependent activity in the processor. In response, many browsers and even CPU …
Robust and scalable process isolation against spectre in the cloud
In the quest for efficiency and performance, edge-computing providers replace process
isolation with sandboxes, to support a high number of tenants per machine. While secure …
isolation with sandboxes, to support a high number of tenants per machine. While secure …
Checking Passwords on Leaky Computers: A Side Channel Analysis of Chrome's Password Leak Detect Protocol
The scale and frequency of password database compromises has led to widespread and
persistent credential stuffing attacks, in which attackers attempt to use credentials leaked …
persistent credential stuffing attacks, in which attackers attempt to use credentials leaked …
Hacky racers: Exploiting instruction-level parallelism to generate stealthy fine-grained timers
H Xiao, S Ainsworth - Proceedings of the 28th ACM International …, 2023 - dl.acm.org
Side-channel attacks pose serious threats to many security models, especially sandbox-
based browsers. While transient-execution side channels in out-of-order processors have …
based browsers. While transient-execution side channels in out-of-order processors have …
Practical timing side-channel attacks on memory compression
Compression algorithms have side channels due to their data-dependent operations. So far,
only the compression-ratio side channel was exploited, eg, the compressed data size. In this …
only the compression-ratio side channel was exploited, eg, the compressed data size. In this …
The Double Edged Sword: Identifying Authentication Pages and their Fingerprinting Behavior
Browser fingerprinting is often associated with cross-site user tracking, a practice that many
browsers (eg, Safari, Brave, Edge, Firefox, and Chrome) want to block. However, less is …
browsers (eg, Safari, Brave, Edge, Firefox, and Chrome) want to block. However, less is …