Survey of transient execution attacks and their mitigations
Transient execution attacks, also known as speculative execution attacks, have drawn much
interest in the last few years as they can cause critical data leakage. Since the first …
interest in the last few years as they can cause critical data leakage. Since the first …
Speculative taint tracking (stt) a comprehensive protection for speculatively accessed data
Speculative execution attacks present an enormous security threat, capable of reading
arbitrary program data under malicious speculation, and later exfiltrating that data over …
arbitrary program data under malicious speculation, and later exfiltrating that data over …
NDA: Preventing speculative execution attacks at their source
Speculative execution attacks like Meltdown and Spectre work by accessing secret data in
wrong-path execution. Secrets are then transmitted and recovered by the attacker via a …
wrong-path execution. Secrets are then transmitted and recovered by the attacker via a …
Cleanupspec: An" undo" approach to safe speculation
G Saileshwar, MK Qureshi - Proceedings of the 52nd Annual IEEE/ACM …, 2019 - dl.acm.org
Speculation-based attacks affect hundreds of millions of computers. These attacks typically
exploit caches to leak information, using speculative instructions to cause changes to the …
exploit caches to leak information, using speculative instructions to cause changes to the …
{DOLMA}: Securing speculation with the principle of transient {Non-Observability}
Modern processors allow attackers to leak data during transient (ie, mis-speculated)
execution through microarchitectural covert timing channels. While initial defenses were …
execution through microarchitectural covert timing channels. While initial defenses were …
I see dead µops: Leaking secrets via intel/amd micro-op caches
Modern Intel, AMD, and ARM processors translate complex instructions into simpler internal
micro-ops that are then cached in a dedicated on-chip structure called the micro-op cache …
micro-ops that are then cached in a dedicated on-chip structure called the micro-op cache …
Hardware-software contracts for secure speculation
Since the discovery of Spectre, a large number of hardware mechanisms for secure
speculation has been proposed. Intuitively, more defensive mechanisms are less efficient …
speculation has been proposed. Intuitively, more defensive mechanisms are less efficient …
Muontrap: Preventing cross-domain spectre-like attacks by capturing speculative state
S Ainsworth, TM Jones - 2020 ACM/IEEE 47th Annual …, 2020 - ieeexplore.ieee.org
The disclosure of the Spectre speculative-execution attacks in January 2018 has left a
severe vulnerability that systems are still struggling with how to patch. The solutions that …
severe vulnerability that systems are still struggling with how to patch. The solutions that …
Speculative interference attacks: Breaking invisible speculation schemes
Recent security vulnerabilities that target speculative execution (eg, Spectre) present a
significant challenge for processor design. These highly publicized vulnerabilities use …
significant challenge for processor design. These highly publicized vulnerabilities use …
Transient-Execution Attacks: A Computer Architect Perspective
L Fiolhais, L Sousa - ACM Computing Surveys, 2023 - dl.acm.org
Computer architects employ a series of performance optimizations at the micro-architecture
level. These optimizations are meant to be invisible to the programmer but they are implicitly …
level. These optimizations are meant to be invisible to the programmer but they are implicitly …