This paper introduces novel attack primitives that enable adversaries to leak (read) and
manipulate (write) the path history register (PHR) and the prediction history tables (PHTs) of …

A new class of vulnerabilities related to speculative and out-of-order execution, fault-
injection, and microarchitectural side channels rose to attention in 2018. The techniques …

Control-flow leakage (CFL) attacks enable an attacker to expose control-flow decisions of a
victim program via side-channel observations. Linearization (ie elimination) of secret …

This short paper presents insights from our experience in maintaining SGX-Step, an open-
source attack framework designed to facilitate vulnerability research on Intel Software Guard …

Ensuring data confidentiality in a computing system's memory hierarchy proved to be a
formidable challenge with the large attack surface. Diverse and powerful attacks threaten …

Modern processors integrate carefully designed micro-architectural components within the
front-end to optimize performance. These components include instruction cache, micro …

In recent years, control flow attacks targeting Intel SGX have attracted significant attention
from the security community due to their potent capacity for information leakage. Although …

Many mitigations have been proposed and implemented for many variants of the transient
execution vulnerabilities, and while the Meltdown-type exception-based transient execution …

Micro-architectural side-channel attacks are a critical security threat that arises as a result of
modern processors' pursuit of performance and efficiency. In those attacks, malicious actors …