A survey of microarchitectural side-channel vulnerabilities, attacks, and defenses in cryptography
Side-channel attacks have become a severe threat to the confidentiality of computer
applications and systems. One popular type of such attacks is the microarchitectural attack …
applications and systems. One popular type of such attacks is the microarchitectural attack …
Hertzbleed: Turning power {Side-Channel} attacks into remote timing attacks on x86
Power side-channel attacks exploit data-dependent variations in a CPU's power
consumption to leak secrets. In this paper, we show that on modern Intel (and AMD) x86 …
consumption to leak secrets. In this paper, we show that on modern Intel (and AMD) x86 …
Hardware security for Internet of Things identity assurance
With the proliferation of Internet of Things (IoT) devices, there is an increasing need to
prioritize their security, especially in the context of identity and authentication mechanisms …
prioritize their security, especially in the context of identity and authentication mechanisms …
ZombieLoad: Cross-privilege-boundary data sampling
In early 2018, Meltdown first showed how to read arbitrary kernel memory from user space
by exploiting side-effects from transient instructions. While this attack has been mitigated …
by exploiting side-effects from transient instructions. While this attack has been mitigated …
Meltdown: Reading kernel memory from user space
Meltdown: reading kernel memory from user space Page 1 46 COMMUNICATIONS OF THE
ACM | JUNE 2020 | VOL. 63 | NO. 6 contributed articles IMA GE B Y ANDRIJ BOR YS A …
ACM | JUNE 2020 | VOL. 63 | NO. 6 contributed articles IMA GE B Y ANDRIJ BOR YS A …
LVI: Hijacking transient execution through microarchitectural load value injection
The recent Spectre attack first showed how to inject incorrect branch targets into a victim
domain by poisoning microarchitectural branch prediction history. In this paper, we …
domain by poisoning microarchitectural branch prediction history. In this paper, we …
PLATYPUS: Software-based power side-channel attacks on x86
Power side-channel attacks exploit variations in power consumption to extract secrets from a
device, eg, cryptographic keys. Prior attacks typically required physical access to the target …
device, eg, cryptographic keys. Prior attacks typically required physical access to the target …
Netspectre: Read arbitrary memory over network
All Spectre attacks so far required local code execution. We present the first fully remote
Spectre attack. For this purpose, we demonstrate the first access-driven remote Evict+ …
Spectre attack. For this purpose, we demonstrate the first access-driven remote Evict+ …
Branch history injection: On the effectiveness of hardware mitigations against {Cross-Privilege} spectre-v2 attacks
Branch Target Injection (BTI or Spectre v2) is one of the most dangerous transient execution
vulnerabilities, as it allows an attacker to abuse indirect branch mispredictions to leak …
vulnerabilities, as it allows an attacker to abuse indirect branch mispredictions to leak …
{ÆPIC} leak: Architecturally leaking uninitialized data from the microarchitecture
CPU vulnerabilities undermine the security guarantees provided by software-and hardware-
security improvements. While the discovery of transient-execution attacks increased the …
security improvements. While the discovery of transient-execution attacks increased the …