A survey of microarchitectural side-channel vulnerabilities, attacks, and defenses in cryptography
Side-channel attacks have become a severe threat to the confidentiality of computer
applications and systems. One popular type of such attacks is the microarchitectural attack …
applications and systems. One popular type of such attacks is the microarchitectural attack …
Survey of microarchitectural side and covert channels, attacks, and defenses
J Szefer - Journal of Hardware and Systems Security, 2019 - Springer
Over the last two decades, side and covert channel research has shown a variety of ways of
exfiltrating information for a computer system. Processor microarchitectural timing-based …
exfiltrating information for a computer system. Processor microarchitectural timing-based …
Spectre attacks: Exploiting speculative execution
Modern processors use branch prediction and speculative execution to maximize
performance. For example, if the destination of a branch depends on a memory value that is …
performance. For example, if the destination of a branch depends on a memory value that is …
Translation leak-aside buffer: Defeating cache side-channel protections with {TLB} attacks
To stop side channel attacks on CPU caches that have allowed attackers to leak secret
information and break basic security mechanisms, the security community has developed a …
information and break basic security mechanisms, the security community has developed a …
Branchscope: A new side-channel attack on directional branch predictor
We present BranchScope-a new side-channel attack where the attacker infers the direction
of an arbitrary conditional branch instruction in a victim program by manipulating the shared …
of an arbitrary conditional branch instruction in a victim program by manipulating the shared …
A survey of microarchitectural timing attacks and countermeasures on contemporary hardware
Microarchitectural timing channels expose hidden hardware states though timing. We survey
recent attacks that exploit microarchitectural features in shared hardware, especially as they …
recent attacks that exploit microarchitectural features in shared hardware, especially as they …
Speculative taint tracking (stt) a comprehensive protection for speculatively accessed data
Speculative execution attacks present an enormous security threat, capable of reading
arbitrary program data under malicious speculation, and later exfiltrating that data over …
arbitrary program data under malicious speculation, and later exfiltrating that data over …
Lord of the ring (s): Side channel attacks on the {CPU}{On-Chip} ring interconnect are practical
We introduce the first microarchitectural side channel attacks that leverage contention on the
CPU ring interconnect. There are two challenges that make it uniquely difficult to exploit this …
CPU ring interconnect. There are two challenges that make it uniquely difficult to exploit this …
CacheBleed: a timing attack on OpenSSL constant-time RSA
The scatter–gather technique is a commonly implemented approach to prevent cache-based
timing attacks. In this paper, we show that scatter–gather is not constant time. We implement …
timing attacks. In this paper, we show that scatter–gather is not constant time. We implement …
Jump over ASLR: Attacking branch predictors to bypass ASLR
D Evtyushkin, D Ponomarev… - 2016 49th Annual …, 2016 - ieeexplore.ieee.org
Address Space Layout Randomization (ASLR) is a widely-used technique that protects
systems against a range of attacks. ASLR works by randomizing the offset of key program …
systems against a range of attacks. ASLR works by randomizing the offset of key program …