Survey of transient execution attacks and their mitigations
Transient execution attacks, also known as speculative execution attacks, have drawn much
interest in the last few years as they can cause critical data leakage. Since the first …
interest in the last few years as they can cause critical data leakage. Since the first …
Speculative taint tracking (stt) a comprehensive protection for speculatively accessed data
Speculative execution attacks present an enormous security threat, capable of reading
arbitrary program data under malicious speculation, and later exfiltrating that data over …
arbitrary program data under malicious speculation, and later exfiltrating that data over …
Cleanupspec: An" undo" approach to safe speculation
G Saileshwar, MK Qureshi - Proceedings of the 52nd Annual IEEE/ACM …, 2019 - dl.acm.org
Speculation-based attacks affect hundreds of millions of computers. These attacks typically
exploit caches to leak information, using speculative instructions to cause changes to the …
exploit caches to leak information, using speculative instructions to cause changes to the …
{DOLMA}: Securing speculation with the principle of transient {Non-Observability}
Modern processors allow attackers to leak data during transient (ie, mis-speculated)
execution through microarchitectural covert timing channels. While initial defenses were …
execution through microarchitectural covert timing channels. While initial defenses were …
Hardware-software contracts for secure speculation
Since the discovery of Spectre, a large number of hardware mechanisms for secure
speculation has been proposed. Intuitively, more defensive mechanisms are less efficient …
speculation has been proposed. Intuitively, more defensive mechanisms are less efficient …
Muontrap: Preventing cross-domain spectre-like attacks by capturing speculative state
S Ainsworth, TM Jones - 2020 ACM/IEEE 47th Annual …, 2020 - ieeexplore.ieee.org
The disclosure of the Spectre speculative-execution attacks in January 2018 has left a
severe vulnerability that systems are still struggling with how to patch. The solutions that …
severe vulnerability that systems are still struggling with how to patch. The solutions that …
Swivel: Hardening {WebAssembly} against spectre
We describe Swivel, a new compiler framework for hardening WebAssembly (Wasm)
against Spectre attacks. Outside the browser, Wasm has become a popular lightweight, in …
against Spectre attacks. Outside the browser, Wasm has become a popular lightweight, in …
Speculative interference attacks: Breaking invisible speculation schemes
Recent security vulnerabilities that target speculative execution (eg, Spectre) present a
significant challenge for processor design. These highly publicized vulnerabilities use …
significant challenge for processor design. These highly publicized vulnerabilities use …
Specshield: Shielding speculative data from microarchitectural covert channels
Hardware security has recently re-surfaced as a first-order concern to the confidentiality
protections of computing systems. Meltdown and Spectre introduced a new class of …
protections of computing systems. Meltdown and Spectre introduced a new class of …
Indirector:{High-Precision} Branch Target Injection Attacks Exploiting the Indirect Branch Predictor
This paper introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging
the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer …
the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer …