Survey of transient execution attacks and their mitigations
Transient execution attacks, also known as speculative execution attacks, have drawn much
interest in the last few years as they can cause critical data leakage. Since the first …
interest in the last few years as they can cause critical data leakage. Since the first …
I see dead µops: Leaking secrets via intel/amd micro-op caches
Modern Intel, AMD, and ARM processors translate complex instructions into simpler internal
micro-ops that are then cached in a dedicated on-chip structure called the micro-op cache …
micro-ops that are then cached in a dedicated on-chip structure called the micro-op cache …
{DOLMA}: Securing speculation with the principle of transient {Non-Observability}
Modern processors allow attackers to leak data during transient (ie, mis-speculated)
execution through microarchitectural covert timing channels. While initial defenses were …
execution through microarchitectural covert timing channels. While initial defenses were …
Half&half: Demystifying intel's directional branch predictors for fast, secure partitioned execution
This paper presents Half&Half, a novel software defense against branch-based side-
channel attacks. Half&Half isolates the effects of different protection domains on the …
channel attacks. Half&Half isolates the effects of different protection domains on the …
Doppelganger loads: A safe, complexity-effective optimization for secure speculation schemes
Speculative side-channel attacks have forced computer architects to rethink speculative
execution. Effectively preventing microarchitectural state from leaking sensitive information …
execution. Effectively preventing microarchitectural state from leaking sensitive information …
DAGguise: mitigating memory timing side channels
This paper studies the mitigation of memory timing side channels, where attackers utilize
contention within DRAM controllers to infer a victim's secrets. Already practical, this class of …
contention within DRAM controllers to infer a victim's secrets. Already practical, this class of …
Sok: Hardware defenses against speculative execution attacks
Speculative execution attacks leverage the speculative and out-of-order execution features
in modern computer processors to access secret data or execute code that should not be …
in modern computer processors to access secret data or execute code that should not be …
Perspective: A principled framework for pliable and secure speculation in operating systems
Transient execution attacks present an unprecedented threat to computing systems.
Protecting the operating system (OS) is exceptionally challenging because a transient …
Protecting the operating system (OS) is exceptionally challenging because a transient …
Pinned loads: taming speculative loads in secure processors
In security frameworks for speculative execution, an instruction is said to reach its Visibility
Point (VP) when it is no longer vulnerable to pipeline squashes. Before a potentially leaky …
Point (VP) when it is no longer vulnerable to pipeline squashes. Before a potentially leaky …
Reorder buffer contention: A forward speculative interference attack for speculation invariant instructions
Speculative side-channel attacks access sensitive data and use transmitters to leak the data
during wrong-path execution. Various defenses have been proposed to prevent such …
during wrong-path execution. Various defenses have been proposed to prevent such …