Squip: Exploiting the scheduler queue contention side channel
Modern superscalar CPUs have multiple execution units that independently execute
operations from the instruction stream. Previous work has shown that numerous side …
operations from the instruction stream. Previous work has shown that numerous side …
Showtime: Amplifying arbitrary cpu timing side channels
Microarchitectural attacks typically rely on precise timing sources to uncover short-lived
secret-dependent activity in the processor. In response, many browsers and even CPU …
secret-dependent activity in the processor. In response, many browsers and even CPU …
Hacky racers: Exploiting instruction-level parallelism to generate stealthy fine-grained timers
H Xiao, S Ainsworth - Proceedings of the 28th ACM International …, 2023 - dl.acm.org
Side-channel attacks pose serious threats to many security models, especially sandbox-
based browsers. While transient-execution side channels in out-of-order processors have …
based browsers. While transient-execution side channels in out-of-order processors have …
Doppelganger loads: A safe, complexity-effective optimization for secure speculation schemes
Speculative side-channel attacks have forced computer architects to rethink speculative
execution. Effectively preventing microarchitectural state from leaking sensitive information …
execution. Effectively preventing microarchitectural state from leaking sensitive information …
ReCon: Efficient Detection, Management, and Use of Non-Speculative Information Leakage
P Aimoniotis, AB Kvalsvik, X Chen… - Proceedings of the 56th …, 2023 - dl.acm.org
In a speculative side-channel attack, a secret is improperly accessed and then leaked by
passing it to a transmitter instruction. Several proposed defenses effectively close this …
passing it to a transmitter instruction. Several proposed defenses effectively close this …
Libra: Architectural Support For Principled, Secure And Efficient Balanced Execution On High-End Processors
Control-flow leakage (CFL) attacks enable an attacker to expose control-flow decisions of a
victim program via side-channel observations. Linearization (ie elimination) of secret …
victim program via side-channel observations. Linearization (ie elimination) of secret …
Sok: Analysis of root causes and defense strategies for attacks on microarchitectural optimizations
NR Holtryd, M Manivannan… - 2023 IEEE 8th European …, 2023 - ieeexplore.ieee.org
Microarchitectural optimizations are expected to play a crucial role in ensuring performance
scalability in the post-Moore era. However, recent attacks have demonstrated that these …
scalability in the post-Moore era. However, recent attacks have demonstrated that these …
Data-Out Instruction-In (DOIN!): Leveraging Inclusive Caches to Attack Speculative Delay Schemes
Although the cache has been a known side-channel for years, it has gained renewed
notoriety with the introduction of speculative side-channel attacks such as Spectre, which …
notoriety with the introduction of speculative side-channel attacks such as Spectre, which …
Clueless: A tool characterising values leaking as addresses
X Chen, P Aimoniotis, S Kaxiras - … of the 11th International Workshop on …, 2022 - dl.acm.org
Clueless is a binary instrumentation tool that characterises explicit cache side channel
vulnerabilities of programs. It detects the transformation of data values into addresses by …
vulnerabilities of programs. It detects the transformation of data values into addresses by …
Secure Prefetching for Secure Cache Systems
S Nath, A Navarro-Torres, A Ros… - 2024 57th IEEE/ACM …, 2024 - ieeexplore.ieee.org
Transient execution attacks like Spectre and its vari-ants can cause information leakage
through a cache hierarchy. There are two classes of techniques that mitigate speculative …
through a cache hierarchy. There are two classes of techniques that mitigate speculative …