RIDL: Rogue in-flight data load
We present Rogue In-flight Data Load (RIDL), a new class of speculative unprivileged and
constrained attacks to leak arbitrary data across address spaces and privilege boundaries …
constrained attacks to leak arbitrary data across address spaces and privilege boundaries …
Translation leak-aside buffer: Defeating cache side-channel protections with {TLB} attacks
To stop side channel attacks on CPU caches that have allowed attackers to leak secret
information and break basic security mechanisms, the security community has developed a …
information and break basic security mechanisms, the security community has developed a …
ret2spec: Speculative execution using return stack buffers
G Maisuradze, C Rossow - Proceedings of the 2018 ACM SIGSAC …, 2018 - dl.acm.org
Speculative execution is an optimization technique that has been part of CPUs for over a
decade. It predicts the outcome and target of branch instructions to avoid stalling the …
decade. It predicts the outcome and target of branch instructions to avoid stalling the …
[PDF][PDF] ASLR on the Line: Practical Cache Attacks on the MMU.
Address space layout randomization (ASLR) is an important first line of defense against
memory corruption attacks and a building block for many modern countermeasures. Existing …
memory corruption attacks and a building block for many modern countermeasures. Existing …
{Prime+ Abort}: A {Timer-Free}{High-Precision} L3 Cache Attack using Intel {TSX}
Last-Level Cache (LLC) attacks typically exploit timing side channels in hardware, and thus
rely heavily on timers for their operation. Many proposed defenses against such side …
rely heavily on timers for their operation. Many proposed defenses against such side …
{SMASH}: Synchronized many-sided rowhammer attacks from {JavaScript}
Despite their in-DRAM Target Row Refresh (TRR) mitigations, some of the most recent
DDR4 modules are still vulnerable to many-sided Rowhammer bit flips. While these bit flips …
DDR4 modules are still vulnerable to many-sided Rowhammer bit flips. While these bit flips …
Beauty and the burst: Remote identification of encrypted video streams
The MPEG-DASH streaming video standard contains an information leak: even if the stream
is encrypted, the segmentation prescribed by the standard causes content-dependent …
is encrypted, the segmentation prescribed by the standard causes content-dependent …
Website fingerprinting through the cache occupancy channel and its real world practicality
A Shusterman, Z Avraham, E Croitoru… - … on Dependable and …, 2020 - ieeexplore.ieee.org
Website fingerprinting attacks use statistical analysis on network traffic to compromise user
privacy. The classical attack model used to evaluate website fingerprinting attacks assumes …
privacy. The classical attack model used to evaluate website fingerprinting attacks assumes …
Sok: In search of lost time: A review of javascript timers in browsers
JavaScript-based timing attacks have been greatly explored over the last few years. They
rely on subtle timing differences to infer information that should not be available inside of the …
rely on subtle timing differences to infer information that should not be available inside of the …
Grand pwning unit: Accelerating microarchitectural attacks with the GPU
Dark silicon is pushing processor vendors to add more specialized units such as
accelerators to commodity processor chips. Unfortunately this is done without enough care …
accelerators to commodity processor chips. Unfortunately this is done without enough care …