In this talk, we will provide an overview of the past issues that we have seen in the area of microarchitectural attacks and defenses and contextualize them. With the industry perspective and the academic perspective, we will revisit the development before the discovery of Meltdown and Spectre. We will then discuss transient-execution attacks and mitigations from both perspectives.
In the main part of the talk, we will discuss more recent developments in software-based attacks on processors. We will discuss logic issues like CacheWarp and Reptar as well as new data inference sources. In particular, we will focus on how side-channel and fault attacks from the physical domain are spilling into the software world as more software interfaces to the hardware are introduced and their precision is gradually increasing. We will discuss exploitation techniques common to attacks on processors and how they evolved over time.
Finally, we will discuss how the current issues could be mitigated in the future.
In the third part of the talk, we focus more on future attacks and defenses. Particularly interesting is that users interact with an increasing amount and variety of computation hardware such as GPUs and NPUs. Analyzing these systems early in the process is crucial to avoid running into the same pitfalls again.