PACMAN: attacking ARM pointer authentication with speculative execution
This paper studies the synergies between memory corruption vulnerabilities and speculative
execution vulnerabilities. We leverage speculative execution attacks to bypass an important …
execution vulnerabilities. We leverage speculative execution attacks to bypass an important …
Timing Side-Channel Attacks and Countermeasures in CPU Microarchitectures
Microarchitectural vulnerabilities, such as Meltdown and Spectre, exploit subtle
microarchitecture state to steal the user's secret data and even compromise the operating …
microarchitecture state to steal the user's secret data and even compromise the operating …
{ÆPIC} leak: Architecturally leaking uninitialized data from the microarchitecture
CPU vulnerabilities undermine the security guarantees provided by software-and hardware-
security improvements. While the discovery of transient-execution attacks increased the …
security improvements. While the discovery of transient-execution attacks increased the …
Prime+ Scope: Overcoming the observer effect for high-precision cache contention attacks
Modern processors expose software to information leakage through shared
microarchitectural state. One of the most severe leakage channels is cache contention …
microarchitectural state. One of the most severe leakage channels is cache contention …
It's all in your head (set): Side-channel attacks on {AR/VR} systems
With the increasing adoption of Augmented Reality/Virtual Reality (AR/VR) systems, security
and privacy concerns attract attention from both academia and industry. This paper …
and privacy concerns attract attention from both academia and industry. This paper …
Augury: Using data memory-dependent prefetchers to leak data at rest
Microarchitectural side-channel attacks are enjoying a time of explosive growth, mostly
fueled by novel transient execution vulnerabilities. These attacks are capable of leaking …
fueled by novel transient execution vulnerabilities. These attacks are capable of leaking …
Cloud computing security: foundations and research directions
Cloud services have revolutionized modern computing. The benefits of outsourcing data and
computation come with security and privacy concerns. This monograph explores the …
computation come with security and privacy concerns. This monograph explores the …
Rage against the machine clear: A systematic analysis of machine clears and their implications for transient execution attacks
Since the discovery of the Spectre and Meltdown vulnerabilities, transient execution attacks
have increasingly gained momentum. However, while the community has investigated …
have increasingly gained momentum. However, while the community has investigated …
" Get in Researchers; We're Measuring Reproducibility": A Reproducibility Study of Machine Learning Papers in Tier 1 Security Conferences
Reproducibility is crucial to the advancement of science; it strengthens confidence in
seemingly contradictory results and expands the boundaries of known discoveries …
seemingly contradictory results and expands the boundaries of known discoveries …
{NVLeak}:{Off-Chip}{Side-Channel} Attacks via {Non-Volatile} Memory Systems
We study microarchitectural side-channel attacks and defenses on non-volatile RAM
(NVRAM) DIMMs. In this study, we first perform reverse-engineering of NVRAMs as …
(NVRAM) DIMMs. In this study, we first perform reverse-engineering of NVRAMs as …