A survey of microarchitectural side-channel vulnerabilities, attacks, and defenses in cryptography
Side-channel attacks have become a severe threat to the confidentiality of computer
applications and systems. One popular type of such attacks is the microarchitectural attack …
applications and systems. One popular type of such attacks is the microarchitectural attack …
ZombieLoad: Cross-privilege-boundary data sampling
In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space
by exploiting side-effects from transient instructions. While this attack has been mitigated …
by exploiting side-effects from transient instructions. While this attack has been mitigated …
LVI: Hijacking transient execution through microarchitectural load value injection
The recent Spectre attack first showed how to inject incorrect branch targets into a victim
domain by poisoning microarchitectural branch prediction history. In this paper, we …
domain by poisoning microarchitectural branch prediction history. In this paper, we …
A systematic evaluation of transient execution attacks and defenses
Research on transient execution attacks including Spectre and Meltdown showed that
exception or branch misprediction events might leave secret-dependent traces in the CPU's …
exception or branch misprediction events might leave secret-dependent traces in the CPU's …
Survey of transient execution attacks and their mitigations
Transient execution attacks, also known as speculative execution attacks, have drawn much
interest in the last few years as they can cause critical data leakage. Since the first …
interest in the last few years as they can cause critical data leakage. Since the first …
Fallout: Leaking data on meltdown-resistant cpus
Meltdown and Spectre enable arbitrary data leakage from memory via various side
channels. Short-term software mitigations for Meltdown are only a temporary solution with a …
channels. Short-term software mitigations for Meltdown are only a temporary solution with a …
TRRespass: Exploiting the many sides of target row refresh
After a plethora of high-profile RowHammer attacks, CPU and DRAM vendors scrambled to
deliver what was meant to be the definitive hardware solution against the RowHammer …
deliver what was meant to be the definitive hardware solution against the RowHammer …
CacheOut: Leaking data on Intel CPUs via cache evictions
Recent transient-execution attacks, such as RIDL, Fallout, and ZombieLoad, demonstrated
that attackers can leak information while it transits through microarchitectural buffers. Named …
that attackers can leak information while it transits through microarchitectural buffers. Named …
Difuzzrtl: Differential fuzz testing to find cpu bugs
Security bugs in CPUs have critical security impacts to all the computation related hardware
and software components as it is the core of the computation. In spite of the fact that …
and software components as it is the core of the computation. In spite of the fact that …
Downfall: Exploiting speculative data gathering
D Moghimi - 32nd USENIX Security Symposium (USENIX Security …, 2023 - usenix.org
We introduce Downfall attacks, new transient execution attacks that undermine the security
of computers running everywhere across the internet. We exploit the gather instruction on …
of computers running everywhere across the internet. We exploit the gather instruction on …