Branch Target Injection (BTI or Spectre v2) is one of the most dangerous transient execution
vulnerabilities, as it allows an attacker to abuse indirect branch mispredictions to leak …

We describe Swivel, a new compiler framework for hardening WebAssembly (Wasm)
against Spectre attacks. Outside the browser, Wasm has become a popular lightweight, in …

Spectre vulnerabilities violate our fundamental assumptions about architectural abstractions,
allowing attackers to steal sensitive data despite previously state-of-the-art …

In this paper we revisit the Spectre v1 vulnerability and software-only countermeasures.
Specifically, we systematically investigate the performance penalty and security properties of …

BunnyHop: Exploiting the Instruction Prefetcher Page 1 This paper is included in the
Proceedings of the 32nd USENIX Security Symposium. August 9–11, 2023 • Anaheim, CA …

For over two decades, cache attacks have been shown to pose a significant risk to the
security of computer systems. In particular, a large number of works show that cache attacks …

This paper introduces novel high-precision Branch Target Injection (BTI) attacks, leveraging
the intricate structures of the Indirect Branch Predictor (IBP) and the Branch Target Buffer …

To protect against transient control-flow hijacks, software relies on a secure state of
microarchitectural buffers that are involved in branching decisions. To achieve this secure …

This paper presents Half&Half, a novel software defense against branch-based side-
channel attacks. Half&Half isolates the effects of different protection domains on the …

Modern processors employ different speculation mechanisms to speculate over different
kinds of instructions. Attackers can exploit these mechanisms simultaneously in order to …