Title:
Breaking and Fixing Speculative Load Hardening
Abstract:
Spectre attack is a powerful transient execution attack, and it breaks traditional security guarantees (e.g. out-of-boundary check). We revisit the spectre-v1 attack and its mitigation, which is called Speculative Load Hardening (SLH). SLH is an LLVM extension, and it prevents the memory loading until the branch before it is resolved. We demonstrate that SLH is not sufficient in preventing spectre-v1 attack and for the first time, we show that variant-timing instructions leak secret even when they are executed speculatively. Further, we extend the SLH to Ultimate SLH (USLH). We analyze the performance cost of USLH and we show that USLH performs better then inserting LFENCE after branches while USLH provides equivalent security guarantee.
Paper: https://eprint.iacr.org/2022/715
Speaker:
Zhiyuan Zhang
Master Student
University of Adelaide
Bio:
He is doing Master of Philosophy in University of Adelaide and he is supervised by Yuval Yarom and Chitchanok Chuengsatiansup. His research interest is in Hardware Security, Computer Architecture and Operating System. He also has interest in Crypto, although he knows very little about it ;)
Tuesday, June 21, 2022
16:00 - 17:00 CEST
Room: Online (Webex) and
ITSC meeting room
1. floor
Building 64