Augury: Using data memory-dependent prefetchers to leak data at rest
JRS Vicarte, M Flanders, R Paccagnella… - … IEEE Symposium on …, 2022 - ieeexplore.ieee.org
Microarchitectural side-channel attacks are enjoying a time of explosive growth, mostly
fueled by novel transient execution vulnerabilities. These attacks are capable of leaking …
fueled by novel transient execution vulnerabilities. These attacks are capable of leaking …
Axiomatic hardware-software contracts for security
We propose leakage containment models (LCMs)---novel axiomatic security contracts which
support formally reasoning about the security guarantees of programs when they run on …
support formally reasoning about the security guarantees of programs when they run on …
Transient-Execution Attacks: A Computer Architect Perspective
L Fiolhais, L Sousa - ACM Computing Surveys, 2023 - dl.acm.org
Computer architects employ a series of performance optimizations at the micro-architecture
level. These optimizations are meant to be invisible to the programmer but they are implicitly …
level. These optimizations are meant to be invisible to the programmer but they are implicitly …
Hide and Seek with Spectres: Efficient discovery of speculative information leaks with random testing
Attacks like Spectre abuse speculative execution, one of the key performance optimizations
of modern CPUs. Recently, several testing tools have emerged to automatically detect …
of modern CPUs. Recently, several testing tools have emerged to automatically detect …
Testing side-channel security of cryptographic implementations against future microarchitectures
How will future microarchitectures impact the security of existing cryptographic
implementations? As we cannot keep reducing the size of transistors, chip vendors have …
implementations? As we cannot keep reducing the size of transistors, chip vendors have …
Revizor: Testing black-box CPUs against speculation contracts
Speculative vulnerabilities such as Spectre and Meltdown expose speculative execution
state that can be exploited to leak information across security domains via side-channels …
state that can be exploited to leak information across security domains via side-channels …
Serberus: Protecting cryptographic code from spectres at compile-time
We present Serberus, the first comprehensive mitigation for hardening constant-time (CT)
code against Spectre attacks (involving the PHT, BTB, RSB, STL, and/or PSF speculation …
code against Spectre attacks (involving the PHT, BTB, RSB, STL, and/or PSF speculation …
[PDF][PDF] “These results must be false”: A usability evaluation of constant-time analysis tools
Cryptography secures our online interactions, transactions, and trust. To achieve this goal,
not only do the cryptographic primitives and protocols need to be secure in theory, they also …
not only do the cryptographic primitives and protocols need to be secure in theory, they also …
Conjunct: Learning inductive invariants to prove unbounded instruction safety against microarchitectural timing attacks
S Dinesh, M Parthasarathy… - 2024 IEEE Symposium …, 2024 - ieeexplore.ieee.org
The past decade has seen a deluge of microarchitectural side channels stemming from a
variety of hardware structures (the cache, branch predictor, execution ports, the TLB …
variety of hardware structures (the cache, branch predictor, execution ports, the TLB …
All your pc are belong to us: Exploiting non-control-transfer instruction btb updates for dynamic pc extraction
Leaking a program's instruction address (PC) pattern, completely and precisely, has long
been a sought-after capability for microarchitectural side-channel attackers. Case in point …
been a sought-after capability for microarchitectural side-channel attackers. Case in point …