Journal ArticleDOI
A survey of microarchitectural timing attacks and countermeasures on contemporary hardware
Reads0
Chats0
TLDR
This work surveys recent attacks that exploit microarchitectural features in shared hardware, especially as they are relevant for cloud computing, and classify types of attacks according to a taxonomy of the shared resources leveraged for such attacks.Abstract:
Microarchitectural timing channels expose hidden hardware states though timing. We survey recent attacks that exploit microarchitectural features in shared hardware, especially as they are relevant for cloud computing. We classify types of attacks according to a taxonomy of the shared resources leveraged for such attacks. Moreover, we take a detailed look at attacks used against shared caches. We survey existing countermeasures. We finally discuss trends in attacks, challenges to combating them, and future directions, especially with respect to hardware support.read more
Citations
More filters
Proceedings ArticleDOI
Spectre Attacks: Exploiting Speculative Execution
Paul C. Kocher,Jann Horn,Anders Fogh,Daniel Genkin,Daniel Gruss,Werner Haas,Mike Hamburg,Moritz Lipp,Stefan Mangard,Thomas Prescher,Michael Schwarz,Yuval Yarom +11 more
TL;DR: Spectre as mentioned in this paper is a side channel attack that can leak the victim's confidential information via side channel to the adversary. And it can read arbitrary memory from a victim's process.
Proceedings Article
Foreshadow: extracting the keys to the intel SGX kingdom with transient out-of-order execution
Jo Van Bulck,Marina Minkin,Ofir Weisse,Daniel Genkin,Baris Kasikci,Frank Piessens,Mark Silberstein,Thomas F. Wenisch,Yuval Yarom,Raoul Strackx +9 more
TL;DR: This work presents Foreshadow, a practical software-only microarchitectural attack that decisively dismantles the security objectives of current SGX implementations and develops a novel exploitation methodology to reliably leak plaintext enclave secrets from the CPU cache.
Journal ArticleDOI
Meltdown: reading kernel memory from user space
Moritz Lipp,Michael Schwarz,Daniel Gruss,Thomas Prescher,Werner Haas,Jann Horn,Stefan Mangard,Paul C. Kocher,Daniel Genkin,Yuval Yarom,Mike Hamburg,Raoul Strackx +11 more
TL;DR: Meltdown as mentioned in this paper exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations including personal data and passwords, and it does not rely on any software vulnerabilities.
Proceedings ArticleDOI
Keystone: an open framework for architecting trusted execution environments
TL;DR: Keystone is presented---the first open-source framework for building customized TEEs, which builds reusable TEE core primitives from these abstractions while allowing platform-specific modifications and flexible feature choices.
Book ChapterDOI
CacheZoom: How SGX Amplifies the Power of Cache Attacks
TL;DR: CacheZoom as discussed by the authors is able to track all memory accesses of SGX enclaves with high spatial and temporal precision, and it can recover AES keys from T-table based implementations with as few as ten measurements.
References
More filters
Journal ArticleDOI
A public key cryptosystem and a signature scheme based on discrete logarithms
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Book ChapterDOI
Differential Power Analysis
TL;DR: In this paper, the authors examine specific methods for analyzing power consumption measurements to find secret keys from tamper resistant devices. And they also discuss approaches for building cryptosystems that can operate securely in existing hardware that leaks information.
Proceedings ArticleDOI
LLVM: a compilation framework for lifelong program analysis & transformation
Chris Lattner,Vikram Adve +1 more
TL;DR: The design of the LLVM representation and compiler framework is evaluated in three ways: the size and effectiveness of the representation, including the type information it provides; compiler performance for several interprocedural problems; and illustrative examples of the benefits LLVM provides for several challenging compiler problems.
Journal ArticleDOI
Modular multiplication without trial division
TL;DR: A method for multiplying two integers modulo N while avoiding division by N, a representation of residue classes so as to speed modular multiplication without affecting the modular addition and subtraction algorithms.
Proceedings ArticleDOI
Security Policies and Security Models
Joseph A. Goguen,José Meseguer +1 more
TL;DR: The reader is familiar with the ubiquity of information in the modern world and is sympathetic with the need for restricting rights to read, add, modify, or delete information in specific contexts.