Trusted execution environments, and particularly the Software Guard eXtensions (SGX)
included in recent Intel x86 processors, gained significant traction in recent years. A long …

In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space
by exploiting side-effects from transient instructions. While this attack has been mitigated …

Modern processors use branch prediction and speculative execution to maximize
performance. For example, if the destination of a branch depends on a memory value that is …

Meltdown: reading kernel memory from user space Page 1 46 COMMUNICATIONS OF THE
ACM | JUNE 2020 | VOL. 63 | NO. 6 contributed articles IMA GE B Y ANDRIJ BOR YS A …

The recent Spectre attack first showed how to inject incorrect branch targets into a victim
domain by poisoning microarchitectural branch prediction history. In this paper, we …

Research on transient execution attacks including Spectre and Meltdown showed that
exception or branch misprediction events might leave secret-dependent traces in the CPU's …

The security of computer systems fundamentally relies on memory isolation, eg, kernel
address ranges are marked as non-accessible and are protected from user access. In this …

The recent Spectre attacks exploit speculative execution, a pervasively used feature of
modern microprocessors, to allow the exfiltration of sensitive data across protection …

Meltdown and Spectre enable arbitrary data leakage from memory via various side
channels. Short-term software mitigations for Meltdown are only a temporary solution with a …

This paper studies the synergies between memory corruption vulnerabilities and speculative
execution vulnerabilities. We leverage speculative execution attacks to bypass an important …