In this talk, we will provide an overview of the past issues that we have seen in the area of microarchitectural attacks and defenses and contextualize them. With the industry perspective and the academic perspective, we will revisit the development before the discovery of Meltdown and Spectre. We will then discuss transient-execution attacks and mitigations from both perspectives.
In the main part of the talk, we will discuss more recent developments in software-based attacks on processors. We will discuss logic issues like CacheWarp and Reptar as well as new data inference sources. In particular, we will focus on how side-channel and fault attacks from the physical domain are spilling into the software world as more software interfaces to the hardware are introduced and their precision is gradually increasing. We will discuss exploitation techniques common to attacks on processors and how they evolved over time.
Finally, we will discuss how the current issues could be mitigated in the future.
In the third part of the talk, we focus more on future attacks and defenses. Particularly interesting is that users interact with an increasing amount and variety of computation hardware such as GPUs and NPUs. Analyzing these systems early in the process is crucial to avoid running into the same pitfalls again.
Daniel Gruss (@lavados) is a Professor at Graz University of Technology. He has been teaching undergraduate courses since 2010. Daniel's research focuses on side channels and transient execution attacks. He implemented the first remote fault attack running in a website, known as Rowhammer.js. His research team was one of the teams that found the Meltdown and Spectre bugs published in early 2018. In 2023, he received an ERC Starting Grant to research the sustainability of security. He frequently speaks at top international venues.
Terry Sweeney is a Los Angeles-based writer and editor who's covered business technology for three decades. He's written about cyber security for more than 15 years and was one of the founding editors of Dark Reading. Sweeney has covered enterprise networking extensively, as well as its supporting technologies like storage, wireless, cloud-based apps and the emerging Internet of Things. He's been a contributing editor to The Washington Post, Crain’s New York Business, Red Herring, Information Week, Network World, SearchAWS.com, and Stadium Tech Report.